Skip to content

Latest commit

 

History

History
78 lines (59 loc) · 2.79 KB

README.md

File metadata and controls

78 lines (59 loc) · 2.79 KB

This is a very simple to use OAuth 2.0 client. It has minimal dependencies.

NOTE: if you are not bound to PHP 5.4, you are probably better off using the OAuth 2.0 client of the League of Extraordinary Packages! It can be found here.

Features

  • Simplicity
  • Works with PHP >= 5.4
  • Minimal dependencies;
  • Supports OAuth refresh tokens.
  • Easy integration with your own application and/or framework;
  • Does not enforce a framework on you;
  • Only "authorization code" profile support, will not implement anything else;
  • Only conforming OAuth 2.0 servers will work, this library will not get out of its way to deal with services that violate the OAuth 2.0 RFC;
  • There will be no toggles to shoot yourself in the foot;
  • Uses paragonie/constant_time_encoding for constant time encoding;
  • Uses paragonie/random_compat polyfill for CSPRNG;
  • Uses symfony/polyfill-php56 polyfill for hash_equals;
  • Uses psr/log to provide an interface to log HTTP requests between OAuth client and server; usually very hard to debug "in the field";

You MUST configure PHP in such a way that it enforces secure cookies! See this resource for more information.

Use

Currently php-oauth2-client is not hosted on Packagist. It may be added in the future. In your composer.json:

"repositories": [
    {
        "type": "vcs",
        "url": "https://git.tuxed.net/fkooman/php-oauth2-client"
    },
    ...
],

"require": {
    "fkooman/oauth2-client": "^7",
    ...
},

You can also download the signed source code archive here.

API

The API is very simple to use. See the example/ folder for a working example!

Security

As always, make sure you understand what you are doing! Some resources:

Contact

You can contact me with any questions or issues regarding this project. Drop me a line at [email protected].

If you want to (responsibly) disclose a security issue you can also use the PGP key with key ID 9C5EDD645A571EB2 and fingerprint 6237 BAF1 418A 907D AA98 EAA7 9C5E DD64 5A57 1EB2.

License

MIT.