Multi-provider authentication framework for PHP

Overview

Opauth

Opauth is a multi-provider authentication framework for PHP, inspired by OmniAuth for Ruby.

Opauth enables PHP applications to do user authentication with ease.

Try out Opauth for yourself at http://opauth.org

Build Status

What is Opauth?

Opauth provides a standardized method for PHP applications to interface with authentication providers.

Opauth as a framework provides a set of API that allows developers to create strategies that work in a predictable manner across PHP frameworks and applications.

Opauth works well with other PHP applications & frameworks. It is currently supported on:

If your PHP framework of choice is not yet listed, you can still use Opauth like you would a normal PHP component (class).

Quick start

Guide on how to run the bundled example.

  1. Set DocumentRoot of your web server to example/. (Opauth can be instantiated in your own PHP app, but we will leave that out of this quick start guide)

  2. Configure Opauth.

    First, make a copy of opauth config's file by copying or renaming opauth.conf.php.default to opauth.conf.php.

    Open up opauth.conf.php and make the necessary changes.

  3. Install some Opauth strategies. Place the strategy files in lib/Opauth/Strategy/.

    For this example, we recommend that you start with Opauth-Facebook:

    i. Download the strategy files and place them at lib/Opauth/Strategy/Facebook/.

    ii. Follow the steps at Opauth-Facebook's README to set up your Faceobok app.

    iii. Add the following at opauth.conf.php under Strategy as such:

<?php
'Strategy' => array(
    // Define strategies here.

    'Facebook' => array(
        'app_id' => 'YOUR APP ID',
        'app_secret' => 'YOUR APP SECRET'
    ),
);

Finally, send user to http://localhost/facebook to authenticate.

Check out the wiki for more in-depth details, especially on how to use Opauth with your own PHP application.

Available strategies

A strategy is a set of instructions that interfaces with respective authentication providers and relays it back to Opauth.

Provider-specific:

Strategy Maintained by
Bitbucket   Bitbucket fancyguy
Disqus   Disqus rasa
Do   Do arbales
Facebook   Facebook uzyn
Flickr   Flickr pocket7878
Foursquare   Foursquare pocket7878
GitHub   GitHub uzyn
Google   Google uzyn
Instagram   Instagram muhdazrain
LinkedIn   LinkedIn uzyn
Live Connect   (Windows) Live uzyn
mixi   mixi ritou
OpenID   OpenID uzyn
PayPal   PayPal 24hours
Sina Weibo   Sina Weibo (新浪微博) dgrabla
Twitter   Twitter uzyn
Vimeo   Vimeo LubosRemplik
VK   VKontakte dgrabla
   Yahoo! Japan (YConnect) ritou
   LINE Yuzuru Suzuki

Generic strategy: OAuth

See wiki's list of strategies for an updated list of Opauth strategies or to make requests. Refer also to strategy contribution guide if you would like to contribute a strategy.

Requirements

PHP 5 (>= 5.2) with allow_url_fopen enabled

Contribute

Opauth needs your contributions, especially the following:

  • More strategies Refer to wiki for contribution guide and inform us when your work is ready.

  • Plugins for more PHP frameworks and CMSes eg. Symfony, Laravel, WordPress, Drupal, etc.

  • Guides & tutorials On how to implement Opauth on CakePHP app, etc.

Issues & questions

Used Opauth in your project? Let us know!

Changelog

####v0.4.5 (25 Feb 2018)

  • Fixed a Security Incident for unsafe serialize/unserialize. (thanks @YuzuruS #124)

####v0.4.4 (10 May 2013)

  • Added HTTP User-Agent header. (thanks @rkaldung #41)

####v0.4.3 (10 January 2013)

  • Fixed a serverPost() bug where user-supplied options were not applied correctly. (thanks @ritou #26)

####v0.4.2 (28 August 2012)

  • Fix session to check for session_id() instead of $_SESSION (thanks @sirikkoster #20)

####v0.4.1 (22 July 2012)

  • Not starting session if session is already started. (thanks @Claymm)
  • Fixed incorrect error message. (thanks @Claymm)
  • Removed @ for file_get_contents. (thanks @Takehiro-Adachi)

####v0.4.0 (10 June 2012)

  • mapProfile() and clientGet() for OpauthStrategy class.

####v0.3.0 (30 May 2012)

  • Some unit testing
  • More consistent naming of Strategy's internal properties
  • Smarter loading of strategy, able to make a few guesses on where the class file might be at.

####v0.2.0 (23 May 2012)

  • Opauth is now Composer compatible and listed on Packagist
    • Opauth now supports autoloaders
    • If a strategy is not autoloaded, Opauth falls back and searches for it at strategy_dir defined in config.
  • Class name for strategy Foo should now be FooStrategy instead of Foo.
    • This is to reduce the likelihood of class name collision due to Opauth not requiring the use of namespace.
    • v0.1.0-type class name, ie. Foo, still works, but is now deprecated.

####v0.1.0 (22 May 2012)

  • Initial release

License

The MIT License Copyright © 2012-2013 U-Zyn Chua (http://uzyn.com)

Consultation

U-Zyn Chua is a Principal Consultant at Zynesis Consulting.

Comments
  • Wrong dependency handling (tmhOAuth)

    Wrong dependency handling (tmhOAuth)

    The different strategies ship with tmhOAuth by @themattharris which is a composer installable library as well.

    • This dependency should be required in your composer.json, NOT shipped with your code
    • You're hard-coding this dependency in a constructor instead of injecting it
    • Your code is using an outdated version of that dependency
    • You're overriding the secure defaults of that dependency, eg. curl_ssl_verifypeer, which should NEVER be 'false'
    improvement discussion 
    opened by markushausammann 19
  • Allow manually running strategy

    Allow manually running strategy

    $opauth = new Opauth($config, false);
    $opauth->runStrategy($strategy); // index
    
    $opauth = new Opauth($config, false);
    $opauth->runStrategy($strategy, $action);
    
    opened by olamedia 12
  • Fresh install, EC2, Ubuntu LAMP , Google, Twitter Strategies not working

    Fresh install, EC2, Ubuntu LAMP , Google, Twitter Strategies not working

    Hi All -

    I just did a fresh out of the box install on a LAMP server. I'm unable to get Google and Twitter working. I get an error on the callback.php page:

    Notice: Undefined index: opauth in /var/www/opauth/callback.php on line 50
    Warning: array_key_exists() expects parameter 2 to be array, null given in /var/www/opauth/callback.php on line 67
    Invalid auth response: Missing key auth response components.
    

    I'm having a hard time tracking down the error. So far I have tried/tested everything on nginx/php also, and am getting the same results. I was able to get Facebook to work (pretty simple & out of the box).

    Has anyone else seen problems like this? I setup a completely new EC2 server, just to verify my other configuration was doing the same thing. So I'm able to reproduce the problem on 2 servers. Pretty minimal configs...nothing at all special.

    Any ideas on what I can troubleshoot next?

    question 
    opened by tvpmb 9
  • $_POST with 301 Moved Permanently?

    $_POST with 301 Moved Permanently?

    Hello, I'm trying to setup the library on Laravel4.

    Why is it that it POST to the right callback url with 301 on it, and then redirects back to the callback url using this time a GET request.

    I feel everything are setup just fine.

    Let me know if you have some insights to where should I look next.

    Thanks much.

    opened by oozman 7
  • Symfony integration

    Symfony integration

    As symfony has it's own session management and uses the HttpFoundation component to send the response (and the headers). We can't just exit in the middle of the request.

    This PR makes this possible assigning to response object to symfony_response in the config. This will be adjusted by Opauth and the controller can return this.

    This will make this package usable for all frameworks using the HttpFoundation component

    If you have any remarks/notes to my changes, let me know.

    opened by NoUseFreak 7
  • localhost/facebook not found

    localhost/facebook not found

    I am very new to this and when I followed the instructions and clicked on facebook link in example, I am getting the "localhost/facebook" not found error.

    I have the app id and secret installed properly and have downloaded the facebook strategy to lib/Opauth/Strategy/Facebook folder.

    Am I missing something?

    question 
    opened by sguddati 6
  • Pluggable HTTP Transport

    Pluggable HTTP Transport

    It would be swell if, instead of relying on allow_url_fopen, or any particular underlying HTTP transport, if a pluggable system could be added instead. One with adapters for Guzzle, Zend_Http, and others.

    This way, the consumer could use their preferred library for handling HTTP transport instead of requiring you to define one specifically.

    Inversion of control, FTW!

    opened by skyzyx 6
  • Enable to overwrite HTTP Header for serverPost

    Enable to overwrite HTTP Header for serverPost

    Hi U-Zyn,

    I created new strategy for Yahoo! JAPAN OAuth 2.0 implementation,
    and it needs to set additional HTTP Authorizaton Header for Access Token Request.

    Authorization: Basic (Base64 encoded Client Credentials)
    

    I call serverPost method using options parameter in strategy file.
    YahoojpStrategy.php

    $options = array(
        'http' => array(
            'header' => "Content-type: application/x-www-form-urlencoded\r\n".
                        "Authorization: Basic ".base64_encode($this->strategy['client_id'] . ':' . $this->strategy['client_secret'])
        )
    );
    

    However, OpauthStrategy seems to overwrite the $options['http'] with default value by array_merge.
    Current OpauthStrategy.php

    $stream = array_merge($options, $stream);
    

    I changed this logic. If $options has 'http' array, it overwrites default stream with optional value.

    Thanks. Ryo.

    opened by ritou 5
  • Use cURL in OpauthStrategy::httpRequest() when allow_url_fopen = Off

    Use cURL in OpauthStrategy::httpRequest() when allow_url_fopen = Off

    I ran into this problem and it took a lot of time to find the problem. Maybe you could throw an error if allow_url_fopen = Off or you can use cURL in that case.

    Here is my dirty quick fix: if (ini_get('allow_url_fopen')) { $content = file_get_contents($url, false, $context); } else { $ch = curl_init(); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_URL, $url); $content = curl_exec($ch); curl_close($ch); }

    improvement 
    opened by wimhendrikx 5
  • Support cURL if it's enabled

    Support cURL if it's enabled

    I know that there's a reluctance for cURL support as it will make it a direct dependency and the idea is to avoid that.

    However, this has been added in a way that simply makes it an enhancement if it's available, rather than a hard dependency.

    This adds some flexibility to the library and adds some support for a pretty common php module that I think would be worthwhile

    cc @willmorgan

    opened by dhensby 4
  • Issue with facebook

    Issue with facebook

    Hi

    I have this error after connect with facebook.


    Note: Application should set callback URL to application-side for further specific authentication process. Authentication error: Opauth returns error auth response.

    Array ( [error] => Array ( [provider] => Facebook [code] => access_token_error [message] => Failed when attempting to obtain access token [raw] => )

    [timestamp] => 2014-04-03T02:10:22-07:00
    

    )

    Warning: array_key_exists() expects parameter 2 to be array, null given in /var/home/www/demo/app/controllers/socialauth.php on line 42 Invalid auth response: Missing key auth response components.


    Any suggestion?

    Thanks!!

    opened by kamov 4
  • Opauth is not currently actively maintained. Seeking maintainers.

    Opauth is not currently actively maintained. Seeking maintainers.

    I am hardly even developing in PHP now these days so it's getting difficult for me to maintain a PHP project.

    Opauth has been unmaintained for awhile now.

    The other core members, @ceeram and @t1mmen, are not keen to take the lead in Opauth. Would anyone be interested in taking the lead in Opauth?

    opened by uzyn 14
  • GitLab Strategy

    GitLab Strategy

    I created gitlab strategy and it could be added to this opauth repo here's new strategy https://github.com/ppatrik/opauth-gitlab Tested with GitLab CE 8.7.0

    opened by ppatrik 0
  • What bit of user data is common between Twitter and Facebook/Google/github... ?

    What bit of user data is common between Twitter and Facebook/Google/github... ?

    opauth is an incredibly useful tool _ thank you so much for putting this up.

    Question: i'm using the user email address as a way to detect which user logged in, which is fine for Facebook, Google and Github; providing the user used the same email address on any of these providers, he is recognized.

    But Twitter does not return the user email address, which is ennoying because I don't see any way I could match a user that would have register using his facebook account, and who tries to log in via his twitter account. I've looked in the Twitter raw response and I don't see any field that could be used to reliably identify a user who would have previously logged in via Facebook/G+ or Github.

    As far as i know, the only unique identifier Twitter uses is the "nickname", which does not exist in the other providers response.

    What would be a good work around?

    opened by pixeline 1
Releases(1.0.0-alpha.1)
  • 1.0.0-alpha.1(Apr 7, 2014)

    Opauth 1.0.0-alpha.1

    Today we are really excited to announce the first release of Opauth 1.0.

    Opauth 1.0 brings about a series of changes and improvements. Some of them includes:

    • Cleaner code base and API
    • PSR-1, PSR-2 and PSR-4 compliance.
    • Extensible components
    • More streamlined callbacks
    • With the use of namespace, Opauth is dropping support for PHP 5.2 for version 1.0 and only supports PHP >= 5.3.
    • Tighter integration with Composer.

    and many more.

    To bring about these changes, Opauth 1.0.x is not backward-compatible with 0.4.x.. Please refer to the migration guide on how to get your application and strategies to work with Opauth 1.0.

    You can find more documentations for 1.0 at http://docs.opauth.org/

    Preview release

    Note that this is still an alpha release with a semi-consistent Opauth 1.0.x API. The purpose of this release is for you to evaluate and let us know what you think.

    It is also for authors of Opauth strategies and/or related plugins to update their code to support the new Opauth 1.0.x.

    Contribute

    This release is made largely possible by @ceeram. Big thanks to you, @ceeram, for great work on 1.0. With this Opauth welcomes @ceeram to the core team and with this addition, Opauth is no longer a personal project of @uzyn alone but an organization.

    Of course, thanks to each and everyone of you who have evaluated and used Opauth in your projects, written guides and tutorials for Opauth, contributed code and docs to Opauth, written plugins and strategies for Opauth.

    There are still some work to be done before 1.0 hits stable. You can see the tasks here: https://github.com/opauth/opauth/issues/81

    If you want to get involved, please follow our new Twitter @opauth and join us at #opauth at Freenode.

    Source code(tar.gz)
    Source code(zip)
Owner
Opauth – PHP Auth Framework
Opauth – PHP Auth Framework
Single file PHP that can serve as a JWT based authentication provider to the PHP-CRUD-API project

Single file PHP that can serve as a JWT based authentication provider to the PHP-CRUD-API project

Maurits van der Schee 163 Dec 2, 2022
Multi-factor Authentication using a Public PGP key for web based applications

PGPmfa() a PHP Class for PGP Multi-factor Authentication using a Public PGP key for web based applications Multi-factor Authentication with PGP Second

null 2 Nov 27, 2022
phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service (CAS) server.

phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service (CAS) server.

Apereo Foundation 778 Nov 16, 2022
Rinvex Authy is a simple wrapper for @Authy TOTP API, the best rated Two-Factor Authentication service for consumers, simplest 2fa Rest API for developers and a strong authentication platform for the enterprise.

Rinvex Authy Rinvex Authy is a simple wrapper for Authy TOTP API, the best rated Two-Factor Authentication service for consumers, simplest 2fa Rest AP

Rinvex 34 Feb 14, 2022
It's a Laravel 8 authentication markdown that will help you to understand and grasp all the underlying functionality for Session and API Authentication

About Auth Starter It's a Laravel 8 authentication markdown that will help you to understand and grasp all the underlying functionality for Session an

Sami Alateya 10 Aug 3, 2022
OAuth 1/2 Provider implementations for chillerlan/php-oauth-core. PHP 7.4+

chillerlan/php-oauth-providers Documentation See the wiki for advanced documentation. Requirements PHP 7.4+ a PSR-18 compatible HTTP client library of

chillerlan 4 Dec 2, 2022
This is the Yandex provider from the PHP Geocoder.

Yandex Geocoder provider This is the Yandex provider from the PHP Geocoder. This is a READ ONLY repository. See the main repo for information and docu

Geocoder 5 Jan 7, 2022
OAuth Service Provider for Laravel 4

OAuth wrapper for Laravel 4 oauth-4-laravel is a simple laravel 4 service provider (wrapper) for Lusitanian/PHPoAuthLib which provides oAuth support i

Dariusz Prząda 693 Sep 5, 2022
OAuth Service Provider for Laravel 5

OAuth wrapper for Laravel 5 oauth-5-laravel is a simple laravel 5 service provider (wrapper) for Lusitanian/PHPoAuthLib which provides oAuth support i

null 2 Sep 19, 2018
Buddy Provider for the OAuth 2.0 Client

Buddy Provider for OAuth 2.0 Client This package provides Buddy OAuth 2.0 support for the PHP League's OAuth 2.0 Client. Installation To install, use

Buddy 0 Jan 19, 2021
Authentication REST-API built with Lumen PHP Framework

Authentication REST-API built with Lumen PHP Framework Laravel Lumen is a stunningly fast PHP micro-framework for building web applications with expre

Hüseyin Yağlı 1 Oct 12, 2021
A framework agnostic authentication & authorization system.

Sentinel Sentinel is a PHP 7.3+ framework agnostic fully-featured authentication & authorization system. It also provides additional features such as

Cartalyst 1.4k Nov 18, 2022
Simple user-authentication solution, embedded into a small framework.

HUGE Just a simple user authentication solution inside a super-simple framework skeleton that works out-of-the-box (and comes with an auto-installer),

Chris 2.1k Nov 22, 2022
Slim Auth is an authorization and authentication library for the Slim Framework.

Slim Auth is an authorization and authentication library for the Slim Framework. Authentication is provided by the Zend Framework Zend\Authentication component, and authorization by the Zend Framework Zend\Permissions\Acl component.

Jeremy Kendall 247 Mar 7, 2022
Multi Auth and admin auth in Laravel Project

Laravel Multi Auth For Complete Documentation, visit Here This package is just create admin side (multi auth), which is totaly isolated from your norm

Bitfumes 430 Nov 8, 2022
Multi captcha package for CodeIgniter 4.x

Multi captcha package for CodeIgniter 4.x. Support Arcaptcha(a free and professional Iranian product),Bibot(a free Iranian product),Recaptcha(an googel product) and hCaptcha.

Pooya Parsa Dadashi 14 Nov 9, 2022
Multi captcha package for CodeIgniter 4.x, supports 4 captcha services

Multi captcha package for CodeIgniter 4.x. Support Arcaptcha(a free and professional Iranian product),Bibot(a free Iranian product),Recaptcha(an googel product) and hCaptcha.Comes with rate limiting support.

Pooya Parsa Dadashi 13 Apr 13, 2022
php database agnostic authentication library for php developers

Whoo Whoo is a database agnostic authentication library to manage authentication operation easily. Whoo provides you a layer to access and manage user

Yunus Emre Bulut 9 Jan 15, 2022
PHP library for Two Factor Authentication (TFA / 2FA)

PHP library for Two Factor Authentication PHP library for two-factor (or multi-factor) authentication using TOTP and QR-codes. Inspired by, based on b

Rob Janssen 894 Dec 1, 2022