PHPackages xpaw/steam-openid - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. xpaw/steam-openid ActiveLibrary[Authentication & Authorization](/categories/authentication) xpaw/steam-openid ================= A correct and simple implementation of OpenID authentication for Steam v4.0.0(3mo ago)5322.3k↓37.2%2MITPHPPHP >=8.3CI passing Since Jan 28Pushed 1mo ago5 watchersCompare [ Source](https://github.com/xPaw/SteamOpenID.php)[ Packagist](https://packagist.org/packages/xpaw/steam-openid)[ Docs](https://github.com/xPaw/SteamOpenID.php)[ GitHub Sponsors](https://github.com/sponsors/xPaw)[ RSS](/packages/xpaw-steam-openid/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (6)Dependencies (1)Versions (7)Used By (0) Steam OpenID Authentication for PHP [![Packagist](https://camo.githubusercontent.com/4b40ba870a4d0882ce2ab4129eff81843f2b150dd52a270058bc44c6c46169aa/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f787061772f737465616d2d6f70656e69642e737667)](https://packagist.org/packages/xpaw/steam-openid) [![codecov](https://camo.githubusercontent.com/7c7ef779b4758849ec74a667f5251e2862130819c3f45f93645b8b22aca509f7/68747470733a2f2f636f6465636f762e696f2f67682f785061772f537465616d4f70656e49442e7068702f67726170682f62616467652e7376673f746f6b656e3d544138747a3762704879)](https://codecov.io/gh/xPaw/SteamOpenID.php) ================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================= [](#steam-openid-authentication-for-php--) A very minimalistic OpenID implementation that hardcodes it for Steam only, as using a generic OpenID library may do unnecessary steps of “discovering” OpenID servers, which will end up leaking your origin server address, and worse, leave your website open to vulnerabilities of claiming wrong Steam profiles if the implementation is bugged. The described problems are not theoretical, LightOpenID [has been proven](https://twitter.com/thexpaw/status/1088207320977412097)to have implementation problems, and even if you use `validate` and use regex on the final `identity` it can be spoofed and a third-party server can be used to pass the validation. This library aims to avoid these problems by implementing the bare minimum functionality required for validating Steam OpenID requests against the hardcoded Steam server. This library only implements validation, you will need to implement Steam WebAPI calls yourself to fetch user profile information. Before using this library, [please read Valve's terms here](https://steamcommunity.com/dev). Installation ------------ [](#installation) `composer require xpaw/steam-openid` See [Example.php](Example.php) file for example usage. ### Basic usage [](#basic-usage) ``` use xPaw\Steam\SteamOpenID; $SteamOpenID = new SteamOpenID( $ReturnToUrl ); if( $SteamOpenID->ShouldValidate() ) { try { $CommunityID = $SteamOpenID->Validate(); echo 'Logged in as ' . $SteamID; } catch( Exception $e ) { echo 'Login failed'; } } else { header( 'Location: ' . $SteamOpenID->GetAuthUrl() ); } ``` If you want to parse SteamIDs, take a look at [SteamID.php](https://github.com/xPaw/SteamID.php). ### Advanced usage [](#advanced-usage) #### Passing GET parameters manually [](#passing-get-parameters-manually) If you need to pass request parameters manually instead of using `$_GET`, you can provide them in the constructor: ``` $params = [ 'openid_mode' => $_GET['openid_mode'] ?? null, // etc... ]; $SteamOpenID = new SteamOpenID( $ReturnToUrl, $params ); ``` #### Custom HTTP client [](#custom-http-client) If you need to customize the HTTP request to Steam (e.g., using a different HTTP client, adding proxies, or custom timeouts), you can override the `SendSteamRequest` method: ``` class CustomSteamOpenID extends SteamOpenID { public function SendSteamRequest( array $Arguments ) : array { // Use your preferred HTTP client here $httpClient = new YourHttpClient(); $response = $httpClient->post( self::SERVER, [ 'form_params' => $Arguments, 'timeout' => 10, 'headers' => [ 'User-Agent' => 'Your Custom User Agent' ] ] ); // array(http code as int, response as string) return [ $response->getStatusCode(), $response->getBody() ]; } } $SteamOpenID = new CustomSteamOpenID( $ReturnToUrl ); ``` ### Health Score 57 — FairBetter than 98% of packages Maintenance85 Actively maintained with recent releases Popularity39 Limited adoption so far Community13 Small or concentrated contributor base Maturity72 Established project with proven stability Bus Factor1 Top contributor holds 92.2% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~365 days Recently: every ~395 days Total 6 Last Release 109d ago Major Versions v1.0.0 → v2.0.02021-10-02 v2.0.0 → v3.0.02024-11-02 v3.1.1 → v4.0.02026-01-29 PHP version history (3 changes)v1.0.0PHP >=7.2 v3.0.0PHP >=8.2 v4.0.0PHP >=8.3 ### Community Maintainers ![](https://www.gravatar.com/avatar/7e0942af20ff43fb658f834cff0348fe0b2c5d153b7fa9bef0938591edba13fe?d=identicon)[xPaw](/maintainers/xPaw) --- Top Contributors [![xPaw](https://avatars.githubusercontent.com/u/613331?v=4)](https://github.com/xPaw "xPaw (47 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (4 commits)") --- Tags authenticationopenidphpsteamOpenIdsteamvalvesteamcommunity ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/xpaw-steam-openid/health.svg) ``` [![Health](https://phpackages.com/badges/xpaw-steam-openid/health.svg)](https://phpackages.com/packages/xpaw-steam-openid) ``` ### Alternatives [hybridauth/hybridauth PHP Social Authentication Library 3.4k8.5M94](/packages/hybridauth-hybridauth)[auth0/auth0-php PHP SDK for Auth0 Authentication and Management APIs. 40820.2M68](/packages/auth0-auth0-php)[opauth/opauth Multi-provider authentication framework for PHP 1.6k783.4k58](/packages/opauth-opauth)[auth0/login Auth0 Laravel SDK. Straight-forward and tested methods for implementing authentication, and accessing Auth0's Management API endpoints. 2745.0M3](/packages/auth0-login)[socialiteproviders/steam Steam OpenID Provider for Laravel Socialite 21536.2k2](/packages/socialiteproviders-steam)[auth0/symfony Symfony SDK for Auth0 Authentication and Management APIs. 128738.1k](/packages/auth0-symfony) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)