PHPackages                             yaknet/y-auth - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. yaknet/y-auth

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

yaknet/y-auth
=============

Official PHP SDK for YakNet Kimlik Doğrulama Platformu (SSO / OAuth2) integration, extending league/oauth2-client.

v1.0.1(4d ago)01MITPHP ^8.2

Since Jul 7Compare

[ Source](https://github.com/y-packages/Y-Auth)[ Packagist](https://packagist.org/packages/yaknet/y-auth)[ RSS](/packages/yaknet-y-auth/feed)WikiDiscussions Synced today

READMEChangelogDependencies (3)Versions (3)Used By (0)

YakNet Auth Client SDK (`yaknet/y-auth`)
========================================

[](#yaknet-auth-client-sdk-yaknety-auth)

Official PHP integration SDK for the **YakNet Identity Verification Platform** (`auth.yakhub.com.tr`). This library is built on top of the robust and secure `league/oauth2-client` standard.

---

Installation
------------

[](#installation)

You can install this package using Composer:

```
composer require yaknet/y-auth
```

---

Basic Usage
-----------

[](#basic-usage)

### 1. Initialize the Provider

[](#1-initialize-the-provider)

Create an instance of the provider with your client credentials registered in the YakNet Geliştirici Portalı:

```
use YakNet\YAuth\Provider\YakNetProvider;

$provider = new YakNetProvider([
    'clientId'     => 'your-client-id',
    'clientSecret' => 'your-client-secret',
    'redirectUri'  => 'https://your-app.com/callback',
    // Optional: Defaults to https://auth.yakhub.com.tr
    'baseUrl'      => 'https://auth.yakhub.com.tr'
]);
```

### 2. Redirect to Authorization URL

[](#2-redirect-to-authorization-url)

Redirect the user to the provider's authorization endpoint. We generate and store a secure state parameter to prevent CSRF attacks:

```
session_start();

// Get the authorization URL
$authorizationUrl = $provider->getAuthorizationUrl();

// Save the state to the session
$_SESSION['oauth2state'] = $provider->getState();

// Redirect the user
header('Location: ' . $authorizationUrl);
exit;
```

### 3. Handle the Callback &amp; Get Access Token

[](#3-handle-the-callback--get-access-token)

In your callback page (`redirectUri`), verify the state parameter and request the access token using the code parameter:

```
session_start();

$state = $_GET['state'] ?? null;
$code = $_GET['code'] ?? null;

// Validate state
if (empty($state) || empty($_SESSION['oauth2state']) || $state !== $_SESSION['oauth2state']) {
    unset($_SESSION['oauth2state']);
    exit('Geçersiz state parametresi (CSRF koruması tetiklendi).');
}

// Clear state from session
unset($_SESSION['oauth2state']);

try {
    // Exchange Authorization Code for Access Token
    $token = $provider->getAccessToken('authorization_code', [
        'code' => $code
    ]);

    // Token details
    $accessToken = $token->getToken();
    $refreshToken = $token->getRefreshToken();
    $expires = $token->getExpires();

    // Store tokens in your database or session
    $_SESSION['access_token'] = $accessToken;
    $_SESSION['refresh_token'] = $refreshToken;

    // Optional: Retrieve the authenticated user's profile
    $user = $provider->getResourceOwner($token);

    // Profile Details
    $userId = $user->getId();
    $name = $user->getName();
    $email = $user->getEmail();
    $rawProfile = $user->toArray();

    echo "Başarıyla Giriş Yapıldı! Hoş geldiniz, " . htmlspecialchars($name);

} catch (Exception $e) {
    exit('Giriş Hatası: ' . $e->getMessage());
}
```

### 4. Refreshing an Expired Access Token

[](#4-refreshing-an-expired-access-token)

If your access token expires, you can use the stored refresh token to request a new access token:

```
use League\OAuth2\Client\Grant\RefreshToken;

try {
    $newToken = $provider->getAccessToken(new RefreshToken(), [
        'refresh_token' => $_SESSION['refresh_token']
    ]);

    $_SESSION['access_token'] = $newToken->getToken();
    $_SESSION['refresh_token'] = $newToken->getRefreshToken();
} catch (Exception $e) {
    // Handle refresh token failure (e.g., redirect to login)
}
```

---

Testing
-------

[](#testing)

Run unit tests via PHPUnit:

```
vendor/bin/phpunit
```

Run static code analysis via PHPStan:

```
vendor/bin/phpstan analyse
```

---

License
-------

[](#license)

This project is developed by **YakNet Bilişim** and licensed under the **MIT License**.

###  Health Score

40

—

FairBetter than 86% of packages

Maintenance99

Actively maintained with recent releases

Popularity2

Limited adoption so far

Community2

Small or concentrated contributor base

Maturity47

Maturing project, gaining track record

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~0 days

Total

2

Last Release

4d ago

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/236650944?v=4)[yakistir98](/maintainers/yakistir98)[@yakistir98](https://github.com/yakistir98)

###  Code Quality

TestsPHPUnit

Static AnalysisPHPStan

Type Coverage Yes

### Embed Badge

![Health badge](/badges/yaknet-y-auth/health.svg)

```
[![Health](https://phpackages.com/badges/yaknet-y-auth/health.svg)](https://phpackages.com/packages/yaknet-y-auth)
```

###  Alternatives

[tempest/framework

The PHP framework that gets out of your way.

2.2k34.4k15](/packages/tempest-framework)[thenetworg/oauth2-azure

Azure Active Directory OAuth 2.0 Client Provider for The PHP League OAuth2-Client

25310.7M84](/packages/thenetworg-oauth2-azure)[league/oauth2-google

Google OAuth 2.0 Client Provider for The PHP League OAuth2-Client

42223.4M180](/packages/league-oauth2-google)[stevenmaguire/oauth2-keycloak

Keycloak OAuth 2.0 Client Provider for The PHP League OAuth2-Client

2306.4M45](/packages/stevenmaguire-oauth2-keycloak)[civicrm/civicrm-core

Open source constituent relationship management for non-profits, NGOs and advocacy organizations.

751291.4k44](/packages/civicrm-civicrm-core)[patrickbussmann/oauth2-apple

Sign in with Apple OAuth 2.0 Client Provider for The PHP League OAuth2-Client

1152.8M12](/packages/patrickbussmann-oauth2-apple)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
