PHPackages webiik/oauth2client - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. webiik/oauth2client ActiveLibrary[Authentication & Authorization](/categories/authentication) webiik/oauth2client =================== The OAuth2Client allows you to connect to any OAuth2 server. 1.1(6y ago)03MITPHPPHP >=7.2 Since Feb 28Pushed 6y ago1 watchersCompare [ Source](https://github.com/webiik/oauth2-client)[ Packagist](https://packagist.org/packages/webiik/oauth2client)[ Docs](https://www.webiik.com)[ RSS](/packages/webiik-oauth2client/feed)WikiDiscussions master Synced 2mo ago READMEChangelogDependencies (1)Versions (3)Used By (0) [![](https://camo.githubusercontent.com/a397347ee4fb199934fee6354504f4702b89f5c22f0ce0ba94c5ff691cde545c/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f6c2f77656269696b2f77656269696b2e737667)](https://camo.githubusercontent.com/a397347ee4fb199934fee6354504f4702b89f5c22f0ce0ba94c5ff691cde545c/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f6c2f77656269696b2f77656269696b2e737667)[![](https://camo.githubusercontent.com/9063c8611554aba946080355a077ff49c13af18ec286c9e8cd99c8aea668207c/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f646570656e64656e636965732d322d627269676874677265656e2e737667)](https://camo.githubusercontent.com/9063c8611554aba946080355a077ff49c13af18ec286c9e8cd99c8aea668207c/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f646570656e64656e636965732d322d627269676874677265656e2e737667) OAuth2Client ============ [](#oauth2client) The OAuth2Client allows you to connect to any OAuth2 server. Just follow the procedure described in the example below. Installation ------------ [](#installation) ``` composer require webiik/oauth2client ``` Example ------- [](#example) ``` // Facebook Example // Prepare dependencies $chc = new \Webiik\CurlHttpClient\CurlHttpClient(); // Instantiate OAuth2 client $oAuth2Client = new \Webiik\OAuth2Client\OAuth2Client($chc); // Your callback URL after authorization // OAuth2 server redirects users to this URL, after user verification $oAuth2Client->setRedirectUri('https://127.0.0.1/webiik/'); // API endpoints $oAuth2Client->setAuthorizeUrl('https://www.facebook.com/v3.3/dialog/oauth'); $oAuth2Client->setAccessTokenUrl('https://graph.facebook.com/v3.3/oauth/access_token'); $oAuth2Client->setValidateTokenUrl('https://graph.facebook.com/debug_token'); // API credentials (create yours at https://developers.facebook.com/apps/) $oAuth2Client->setClientId('your-client-id'); $oAuth2Client->setClientSecret('your-client-sectret'); // Make API calls... // Define scope $scope = [ 'email', ]; if (!isset($_GET['code'])) { // 1. Prepare Facebook user login link with specified scope and grand type echo 'Authorize with Facebook'; } if (isset($_GET['code'])) { // 2. Verify code to obtain user access_token $user = $oAuth2Client->getAccessTokenByCode(); // 3. Verify clientId and clientSecret to obtain app access_token $app = $oAuth2Client->getAccessTokenByCredentials(); } if (isset($user, $user['access_token']) && isset($app, $app['access_token'])) { // 4. User and app access_tokens are valid, user and app are authorized by Facebook // Access protected resources... // Get user id $tokenInfo = $oAuth2Client->getTokenInfo($user['access_token'], $app['access_token'], true); if (!isset($tokenInfo['data'], $tokenInfo['data']['user_id'])) { // Err: Can't obtain user id print_r($tokenInfo); exit; } // Get additional user info $fields = [ 'name', 'first_name', 'middle_name', 'last_name', 'email', ]; $reg = $chc->prepareRequest('https://graph.facebook.com/v3.3/' . $tokenInfo['data']['user_id'] . '/?access_token=' . $user['access_token'] . '&fields=' . implode(',', $fields)); $res = $chc->send($reg); if ($res->isOk()) { header('Content-Type: application/json'); echo $res->body(); } } ``` Configuration ------------- [](#configuration) Before you can connect to any OAuth2 server, you have to properly configure access credentials and endpoints. ### setClientId [](#setclientid) ``` setClientId(string $id): void ``` **setClientId()** sets client id. ``` $oAuth2Client->setClientId('your-client-id'); ``` ### setClientSecret [](#setclientsecret) ``` setClientSecret(string $secret): void ``` **setClientSecret()** sets client secret. ``` $oAuth2Client->setClientSecret('your-client-sectret'); ``` ### setRedirectUri [](#setredirecturi) ``` setRedirectUri(string $url): void ``` **setRedirectUri()** sets redirect URI to redirect a user after authorization by OAuth2 server. ``` $oAuth2Client->setRedirectUri('https://127.0.0.1/webiik/'); ``` ### setAuthorizeUrl [](#setauthorizeurl) ``` setAuthorizeUrl(string $url): void ``` **setAuthorizeUrl()** sets URL to authorize a user by OAuth2 server. ``` $oAuth2Client->setAuthorizeUrl('https://www.facebook.com/v3.2/dialog/oauth'); ``` ### setAccessTokenUrl [](#setaccesstokenurl) ``` setAccessTokenUrl(string $url): void ``` **setAccessTokenUrl()** sets URL to obtain a access token. ``` $oAuth2Client->setAccessTokenUrl('https://graph.facebook.com/v3.2/oauth/access_token'); ``` ### setValidateTokenUrl [](#setvalidatetokenurl) ``` setValidateTokenUrl(string $url): void ``` **setValidateTokenUrl()** sets URL to validate a access token. This endpoint is not official part of OAuth2 specifications, however Google, Facebook etc. provide it. ``` $oAuth2Client->setValidateTokenUrl('https://graph.facebook.com/debug_token'); ``` Login ----- [](#login) ### getAuthorizeUrl [](#getauthorizeurl) ``` getAuthorizeUrl(array $scope = [], string $responseType = 'code', string $state = ''): string ``` **getAuthorizeUrl()** prepares a correct link to a URL set by [setAuthorizeUrl()](#setauthorizeurl). **Parameters** - **scope** defines access scope of your app. Learn access scopes of individual OAuth2 servers. - **responseType** possible response types are code, token, id\_token... - **state** read about [state parameter](https://auth0.com/docs/protocols/oauth2/oauth-state). ``` $link = $oAuth2Client->getAuthorizeUrl(['email']) ``` Authorization ------------- [](#authorization) OAuth2Client allows you to get access token by all grant types provided by OAuth2 protocol. Read more about [grant types](https://auth0.com/docs/protocols/oauth2#authorization-grant-types). ### getAccessTokenByCode [](#getaccesstokenbycode) ``` getAccessTokenByCode() ``` **getAccessTokenByCode()** makes HTTP POST request to a URL set by [setAccessTokenUrl()](#setaccesstokenurl). Returns an array with token(s) on success and a string with cURL error message on error. This grant type is usually used by apps for authenticating users. ``` $user = $oAuth2Client->getAccessTokenByCode(); ``` ### getAccessTokenByPassword [](#getaccesstokenbypassword) ``` getAccessTokenByPassword(string $username, string $password, array $scope = []) ``` **getAccessTokenByPassword()** makes HTTP POST request to a URL set by [setAccessTokenUrl()](#setaccesstokenurl). Returns an array with token(s) on success and a string with cURL error message on error. This grant type is usually used by trusted apps for authenticating users. ``` $user = $oAuth2Client->getAccessTokenByCode(); ``` ### getAccessTokenByCredentials [](#getaccesstokenbycredentials) ``` getAccessTokenByCredentials() ``` **getAccessTokenByCredentials()** makes HTTP POST request to a URL set by [setAccessTokenUrl()](#setaccesstokenurl). Returns an array with token(s) on success and a string with cURL error message on error. This grant type is usually used for server-to-server communication. ``` $app = $oAuth2Client->getAccessTokenByCredentials(); ``` ### getAccessTokenByRefreshToken [](#getaccesstokenbyrefreshtoken) ``` getAccessTokenByRefreshToken(string $refreshToken) ``` **getAccessTokenByRefreshToken()** makes HTTP POST request to a URL set by [setAccessTokenUrl()](#setaccesstokenurl). Returns an array with token(s) on success and a string with cURL error message on error. Usually you can get **$refreshToken** by setting scope **offline\_access** when calling [getAuthorizeUrl()](#getauthorizeurl). Read more about refresh\_token. It's used to obtain a renewed access token. ``` $token = $oAuth2Client->getAccessTokenByRefreshToken($refreshToken); ``` ### getAccessTokenBy [](#getaccesstokenby) ``` getAccessTokenBy(array $params) ``` **getAccessTokenBy()** makes HTTP POST request to a URL set by [setAccessTokenUrl()](#setaccesstokenurl). Returns an array with token(s) on success and a string with cURL error message on error. This method allows you to get access token by custom parameters. ``` // Get access token by code $user = $oAuth2Client->getAccessTokenBy([ 'redirect_uri' => 'https://127.0.0.1/webiik/', 'grant_type' => 'authorization_code', 'code' => $_GET['code'], ]); ``` ### getTokenInfo [](#gettokeninfo) ``` getTokenInfo(string $inputToken, string $accessToken, bool $useGet = false) ``` **getTokenInfo()** makes HTTP POST request to a URL set by [setValidateTokenUrl()](#setvalidatetokenurl). Returns an array with token(s) on success and a string with cURL error message on error. This is not official part of OAuth2 specifications, however Google, Facebook etc. provide it. ``` $token = $oAuth2Client->getTokenInfo($inputToken, $accessToken); ``` Resources --------- [](#resources) - [Webiik framework](https://github.com/webiik/webiik) - [Report issue](https://github.com/webiik/components/issues) ### Health Score 24 — LowBetter than 32% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity3 Limited adoption so far Community7 Small or concentrated contributor base Maturity56 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~160 days Total 2 Last Release 2472d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/1226362d003d186b45e7dfa44489c36af37196c6a1b476206700eaf4e9c96a5a?d=identicon)[Jiri Mihal](/maintainers/Jiri%20Mihal) --- Top Contributors [![Jiri-Mihal](https://avatars.githubusercontent.com/u/10408123?v=4)](https://github.com/Jiri-Mihal "Jiri-Mihal (251 commits)") --- Tags clientoauthoauth2 ### Embed Badge ![Health badge](/badges/webiik-oauth2client/health.svg) ``` [![Health](https://phpackages.com/badges/webiik-oauth2client/health.svg)](https://phpackages.com/packages/webiik-oauth2client) ``` ### Alternatives [mollie/oauth2-mollie-php Mollie Provider for OAuth 2.0 Client 251.7M1](/packages/mollie-oauth2-mollie-php)[omines/oauth2-gitlab GitLab OAuth 2.0 Client Provider for The PHP League OAuth2-Client 36721.5k13](/packages/omines-oauth2-gitlab) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)