EvaOAuth provides a standard interface for OAuth1.0(a) / OAuth2.0 client authorization, it is easy to integrate with any PHP project by very few lines code.

Related tags

Authentication and Authorization EvaOAuth
Overview

EvaOAuth

Latest Stable Version License Build Status Coverage Status Scrutinizer Code Quality

EvaOAuth provides a standard interface for OAuth1.0 / OAuth2.0 client authorization, it is easy to integrate with any PHP project by very few lines code.

中文文档

Features

  • Standard interface, same code for both OAuth1.0 and OAuth2.0 different workflow, receiving token and user info as same format either.
  • Fully tested
  • Easy to debug, enable debug mode will record every request and response, help you find out problems quickly.
  • Out-of-the-box, already supported most popular websites including Facebook. Twitter, etc.
  • Scalable, integrate a new oauth website just need 3 lines code.

Quick Start

EvaOAuth can be found on Packagist. The recommended way to install this is through composer.

Edit your composer.json and add:

{
    "require": {
        "evaengine/eva-oauth": "~1.0"
    }
}

And install dependencies:

curl -sS https://getcomposer.org/installer | php
php composer.phar install

Let's start a example of Facebook Login, if you have already have a Facebook developer account and created an app, prepare a request.php as below:

$service = new Eva\EvaOAuth\Service('Facebook', [
    'key' => 'You Facebook App ID',
    'secret' => 'You Facebook App Secret',
    'callback' => 'http://localhost/EvaOAuth/example/access.php'
]);
$service->requestAuthorize();

Run request.php in browser, will be redirected to Facebook authorization page. After user confirm authorization, prepare the access.php for callback:

$token = $service->getAccessToken();

Once access token received, we could use access token to visit any protected resources.

$httpClient = new Eva\EvaOAuth\AuthorizedHttpClient($token);
$response = $httpClient->get('https://graph.facebook.com/me');

That's it, more usages please check examples and wiki.

Providers

EvaOAuth supports most popular OAuth services as below:

  • OAuth2.0
    • Douban
    • Facebook
    • Tencent
    • Weibo
  • OAuth1.0
    • Twitter

Creating a custom provider require only few lines code, for OAuth2 sites:

namespace YourNamespace;

class Foursquare extends \Eva\EvaOAuth\OAuth2\Providers\AbstractProvider
{
    protected $authorizeUrl = 'https://foursquare.com/oauth2/authorize';
    protected $accessTokenUrl = 'https://foursquare.com/oauth2/access_token';
}

Then register to service and create instance:

use Eva\EvaOAuth\Service;
Service::registerProvider('foursquare', 'YourNamespace\Foursquare');
$service = new Service('foursquare', [
    'key' => 'Foursquare App ID',
    'secret' => 'Foursquare App Secret',
    'callback' => 'http://somecallback/'
]);

Storage

In OAuth1.0 workflow, we need to store request token somewhere, and use request token exchange for access token.

EvaOAuth use Doctrine\Cache as storage layer. If no configuration, default storage layer use file system to save data, default path is EvaOAuth/tmp.

Feel free to change file storage path before Service start:

Service::setStorage(new Doctrine\Common\Cache\FilesystemCache('/tmp'));

Or use other storage such as Memcache:

$storage = new \Doctrine\Common\Cache\MemcacheCache();
$storage->setMemcache(new \Memcache());
Service::setStorage($storage);

Events Support

EvaOAuth defined some events for easier injection which are:

  • BeforeGetRequestToken: Triggered before get request token.
  • BeforeAuthorize: Triggered before redirect to authorize page.
  • BeforeGetAccessToken: Triggered before get access token.

For example, if we want to send an additional header before get access token:

$service->getEmitter()->on('beforeGetAccessToken', function(\Eva\EvaOAuth\Events\BeforeGetAccessToken $event) {
    $event->getRequest()->addHeader('foo', 'bar');
});

Implementation Specification

EvaOAuth based on amazing http client library Guzzle, use fully OOP to describe OAuth specification.

Refer wiki for details:

Debug and Logging

Enable debug mode will log all requests & responses.

$service->debug('/tmp/access.log');

Make sure PHP script have permission to write log path.

API References

Run phpdoc will generate API references under docs/.

Join My Telegram Group

You might also like...
Auth is a module for the Yii PHP framework that provides a web user interface for Yii's built-in authorization manager

Auth is a module for the Yii PHP framework that provides a web user interface for Yii's built-in authorization manager (CAuthManager). You can read more about Yii's authorization manager in the framework documentation under Authentication and Authorization.

Christoffer Niska 134 Oct 22, 2022
This library extends the 'League OAuth2 Client' library to provide OpenID Connect Discovery support for supporting providers that expose a .well-known configuration endpoint.

OpenID Connect Discovery support for League - OAuth 2.0 Client This library extends the League OAuth2 Client library to provide OpenID Connect Discove

null 3 Jan 8, 2022
Symfony bundle which provides OAuth 2.0 authorization/resource server capabilities

Symfony bundle which provides OAuth 2.0 authorization/resource server capabilities. The authorization and resource server actors are implemented using the thephpleague/oauth2-server library.

Trikoder 253 Dec 21, 2022
Easy, native Laravel user authorization.

An easy, native role / permission management system for Laravel. Index Installation Migration Customization Model Customization Usage Checking Permiss

DirectoryTree 5 Dec 14, 2022
GUI manager for RBAC (Role Base Access Control) Yii2. Easy to manage authorization of user

RBAC Manager for Yii 2 GUI manager for RBAC (Role Base Access Control) Yii2. Easy to manage authorization of user 😄 . Documentation Important: If you

MDMunir Software 1.2k Jan 7, 2023
documentation for the oauth2-server-php library

OAuth2 Server PHP Documentation This repository hosts the documentation for the oauth2-server-php library. All submissions are welcome! To submit a ch

Brent Shaffer 227 Nov 24, 2022
An authorization library that supports access control models like ACL, RBAC, ABAC in PHP .
An authorization library that supports access control models like ACL, RBAC, ABAC in PHP .

PHP-Casbin Documentation | Tutorials | Extensions Breaking News: Laravel-authz is now available, an authorization library for the Laravel framework. P

PHP-Casbin 1.1k Dec 14, 2022
Authentication, authorization and access control for PHP
Authentication, authorization and access control for PHP

Jasny Auth Authentication, authorization and access control for PHP. Features Multiple authorization strategies, like groups (for acl) and levels. Aut

Arnold Daniels 105 Dec 12, 2022
:octocat: Socialite is an OAuth2 Authentication tool. It is inspired by laravel/socialite, you can easily use it without Laravel.

Socialite Socialite is an OAuth2 Authentication tool. It is inspired by laravel/socialite, You can easily use it in any PHP project. 中文文档 This tool no

安正超 1.2k Dec 22, 2022
Comments
  • Google 登录报错

    Google 登录报错 

    ( ! ) Fatal error: Call to a member function connect() on a non-object in /projects/xxx/vendor/zendframework/zend-http/Zend/Http/Client.php on line 1358
Call Stack
#   Time    Memory  Function    Location
1   0.0017  265640  {main}( )   ../index.php:0
5   1.3771  4061352 EvaOAuth\Adapter\OAuth2\Google->accessTokenToArray( )   ../login.php:62
6   1.3771  4062672 EvaOAuth\Adapter\OAuth2\Google->getRemoteUserId( )  ../Google.php:39
7   1.3800  4138208 EvaOAuth\Service\Client->send( )    ../Google.php:48
8   1.3843  4206672 Zend\Http\Client->send( )   ../Client.php:203
9   1.3873  4217848 Zend\Http\Client->doRequest( )  ../Client.php:878
    opened by zerosyn 4
  • 微信登录问题

    微信登录问题

    你好 我在使用微信登录的时候遇到了问题

    https://open.weixin.qq.com/connect/qrconnect?appid=APPID&redirect_uri=REDIRECT_URI&response_type=code&scope=SCOPE&state=STATE#wechat_redirect

    微信登录中 client_id 变成了 appid 有没有办法在外层调用的时候控制authorizeUrl最终拼接成上面那种形式

    opened by juckknife 1
  • 关于OAuth1.0的signature生成的问题

    关于OAuth1.0的signature生成的问题

    经过我这边查阅twitter的API文档,发现了在EvaOAuth里面生成oauth_signature时参数顺序有误,并且url参数有误,另外在生成签名之前需要把所有请求的参数(如:在获取用户信息时用到的user_id参数或screen_name参数)都进行加密,最后生成的oauth_signature才是正确的

    修改的文件为:EvaOAuth/vendor/evaengine/eva-oauth/src/EvaOAuth/AuthorizedHttpClient.php

    修改前的代码片段是: $httpMethod = strtoupper($request->getMethod()); $url = Url::fromString($request->getUrl()); $parameters = [ 'oauth_consumer_key' => $token->getConsumerKey(), 'oauth_signature_method' => SignatureInterface::METHOD_HMAC_SHA1, 'oauth_timestamp' => (string)time(), 'oauth_nonce' => strtolower(Text::generateRandomString(32)), 'oauth_token' => $token->getTokenValue(), 'oauth_version' => '1.0', ];

    $signature = (string)new $signatureClass( $token->getConsumerSecret(), Text::buildBaseString($httpMethod, $url, $parameters), $token->getTokenSecret() );

    修改后的代码片段是: $httpMethod = strtoupper($request->getMethod()); $urlData = Url::fromString($request->getUrl()); $url = $urlData->getScheme() . '://' . $urlData->getHost() . $urlData->getPath(); $parameters = [ 'oauth_consumer_key' => $token->getConsumerKey(), 'oauth_signature_method' => SignatureInterface::METHOD_HMAC_SHA1, 'oauth_timestamp' => (string)time(), 'oauth_nonce' => strtolower(Text::generateRandomString(32)), 'oauth_token' => $token->getTokenValue(), 'oauth_version' => '1.0', ]; $query = $request->getQuery(); if ($query) { parse_str((string) $query, $extra);//url参数转数组 foreach ($extra as $key => $value) { $parameters[$key] = $value; } } $body = $request->getBody(); if($body){ parse_str((string) $body, $extra);//url参数转数组 foreach ($extra as $key => $value) { if(strpos($key, 'form-data') > 0){ continue; } $parameters[$key] = $value; } } $signature = (string)new $signatureClass( Text::buildBaseString($httpMethod, $url, $parameters), $token->getConsumerSecret(), $token->getTokenSecret() );

    opened by lfcheng92 0
Owner
AlloVince
AlloVince
GitHub
PHPoAuthLib provides oAuth support in PHP 7.2+ and is very easy to integrate with any project which requires an oAuth client.

PHPoAuthLib NOTE: I'm looking for someone who could help to maintain this package alongside me, just because I don't have a ton of time to devote to i

David Desberg 1.1k Dec 27, 2022
Integrate reCAPTCHA using async HTTP/2, making your app fast with a few lines

Integrate reCAPTCHA using async HTTP/2, making your app fast with a few lines

Laragear 14 Dec 6, 2022
OAuth client integration for Symfony. Supports both OAuth1.0a and OAuth2.

HWIOAuthBundle The HWIOAuthBundle adds support for authenticating users via OAuth1.0a or OAuth2 in Symfony. Note: this bundle adds easy way to impleme

Hardware Info 2.2k Dec 30, 2022
A package that allows secure communication between two or more projects, focused mainly for use in microservices architectures, adding the Oauth2 authorization standard in addition to security at the network level by IP addresses and whitelists, which may already be owned.

OAuth2 between Laravel projects A package that allows secure communication between two or more projects, focused mainly for use in microservices archi

DiiMO 6 Aug 30, 2022
:atom: Social (OAuth1\OAuth2\OpenID\OpenIDConnect) sign with PHP :shipit:

SocialConnect Auth Getting Started :: Documentation :: Demo Open source social sign on PHP. Connect your application(s) with social network(s). Code e

SocialConnect 518 Dec 28, 2022
:atom: Social (OAuth1\OAuth2\OpenID\OpenIDConnect) sign with PHP :shipit:

SocialConnect Auth Getting Started :: Documentation :: Demo Open source social sign on PHP. Connect your application(s) with social network(s). Code e

SocialConnect 458 Apr 1, 2021
Social (OAuth1\OAuth2\OpenID\OpenIDConnect) sign with PHP

Open source social sign on PHP. Connect your application(s) with social network(s).

SocialConnect 517 Dec 11, 2022
StartZ oauth2-etsy compatible League of PHP OAuth2

Etsy Provider for OAuth 2.0 Client This package provides Etsy OAuth 2.0 support for the PHP League's OAuth 2.0 Client. Requirements The following vers

StartZ 2 Nov 10, 2022
Discord-oauth2 - At the end of oAuth2, which I have been researching and reading for a long time,

Discord-oauth2 - At the end of oAuth2, which I have been researching and reading for a long time, I finally found the way to connect with discord and get information, that's how I did it. If I'm wrong, feel free to email me so I can correct it.

Uğur Mercan 2 Jan 1, 2022
This is a basic Oauth2 authorization/authentication server implemented using Mezzio.

Mezzio-OAuth2-Authorization-Authentication-Server This is a basic OAuth2 authorization/authentication server implemented using Mezzio. I have found so

null 1 Nov 15, 2022