Multi-provider authentication framework for PHP



Opauth is a multi-provider authentication framework for PHP, inspired by OmniAuth for Ruby.

Opauth enables PHP applications to do user authentication with ease.

Try out Opauth for yourself at

Build Status

What is Opauth?

Opauth provides a standardized method for PHP applications to interface with authentication providers.

Opauth as a framework provides a set of API that allows developers to create strategies that work in a predictable manner across PHP frameworks and applications.

Opauth works well with other PHP applications & frameworks. It is currently supported on:

If your PHP framework of choice is not yet listed, you can still use Opauth like you would a normal PHP component (class).

Quick start

Guide on how to run the bundled example.

  1. Set DocumentRoot of your web server to example/. (Opauth can be instantiated in your own PHP app, but we will leave that out of this quick start guide)

  2. Configure Opauth.

    First, make a copy of opauth config's file by copying or renaming opauth.conf.php.default to opauth.conf.php.

    Open up opauth.conf.php and make the necessary changes.

  3. Install some Opauth strategies. Place the strategy files in lib/Opauth/Strategy/.

    For this example, we recommend that you start with Opauth-Facebook:

    i. Download the strategy files and place them at lib/Opauth/Strategy/Facebook/.

    ii. Follow the steps at Opauth-Facebook's README to set up your Faceobok app.

    iii. Add the following at opauth.conf.php under Strategy as such:

'Strategy' => array(
    // Define strategies here.

    'Facebook' => array(
        'app_id' => 'YOUR APP ID',
        'app_secret' => 'YOUR APP SECRET'

Finally, send user to http://localhost/facebook to authenticate.

Check out the wiki for more in-depth details, especially on how to use Opauth with your own PHP application.

Available strategies

A strategy is a set of instructions that interfaces with respective authentication providers and relays it back to Opauth.


Strategy Maintained by
Bitbucket   Bitbucket fancyguy
Disqus   Disqus rasa
Do   Do arbales
Facebook   Facebook uzyn
Flickr   Flickr pocket7878
Foursquare   Foursquare pocket7878
GitHub   GitHub uzyn
Google   Google uzyn
Instagram   Instagram muhdazrain
LinkedIn   LinkedIn uzyn
Live Connect   (Windows) Live uzyn
mixi   mixi ritou
OpenID   OpenID uzyn
PayPal   PayPal 24hours
Sina Weibo   Sina Weibo (新浪微博) dgrabla
Twitter   Twitter uzyn
Vimeo   Vimeo LubosRemplik
VK   VKontakte dgrabla
   Yahoo! Japan (YConnect) ritou
   LINE Yuzuru Suzuki

Generic strategy: OAuth

See wiki's list of strategies for an updated list of Opauth strategies or to make requests. Refer also to strategy contribution guide if you would like to contribute a strategy.


PHP 5 (>= 5.2) with allow_url_fopen enabled


Opauth needs your contributions, especially the following:

  • More strategies Refer to wiki for contribution guide and inform us when your work is ready.

  • Plugins for more PHP frameworks and CMSes eg. Symfony, Laravel, WordPress, Drupal, etc.

  • Guides & tutorials On how to implement Opauth on CakePHP app, etc.

Issues & questions

Used Opauth in your project? Let us know!


####v0.4.5 (25 Feb 2018)

  • Fixed a Security Incident for unsafe serialize/unserialize. (thanks @YuzuruS #124)

####v0.4.4 (10 May 2013)

  • Added HTTP User-Agent header. (thanks @rkaldung #41)

####v0.4.3 (10 January 2013)

  • Fixed a serverPost() bug where user-supplied options were not applied correctly. (thanks @ritou #26)

####v0.4.2 (28 August 2012)

  • Fix session to check for session_id() instead of $_SESSION (thanks @sirikkoster #20)

####v0.4.1 (22 July 2012)

  • Not starting session if session is already started. (thanks @Claymm)
  • Fixed incorrect error message. (thanks @Claymm)
  • Removed @ for file_get_contents. (thanks @Takehiro-Adachi)

####v0.4.0 (10 June 2012)

  • mapProfile() and clientGet() for OpauthStrategy class.

####v0.3.0 (30 May 2012)

  • Some unit testing
  • More consistent naming of Strategy's internal properties
  • Smarter loading of strategy, able to make a few guesses on where the class file might be at.

####v0.2.0 (23 May 2012)

  • Opauth is now Composer compatible and listed on Packagist
    • Opauth now supports autoloaders
    • If a strategy is not autoloaded, Opauth falls back and searches for it at strategy_dir defined in config.
  • Class name for strategy Foo should now be FooStrategy instead of Foo.
    • This is to reduce the likelihood of class name collision due to Opauth not requiring the use of namespace.
    • v0.1.0-type class name, ie. Foo, still works, but is now deprecated.

####v0.1.0 (22 May 2012)

  • Initial release


The MIT License Copyright © 2012-2013 U-Zyn Chua (


U-Zyn Chua is a Principal Consultant at Zynesis Consulting.

  • Wrong dependency handling (tmhOAuth)

    Wrong dependency handling (tmhOAuth)

    The different strategies ship with tmhOAuth by @themattharris which is a composer installable library as well.

    • This dependency should be required in your composer.json, NOT shipped with your code
    • You're hard-coding this dependency in a constructor instead of injecting it
    • Your code is using an outdated version of that dependency
    • You're overriding the secure defaults of that dependency, eg. curl_ssl_verifypeer, which should NEVER be 'false'
    improvement discussion 
    opened by markushausammann 19
  • Allow manually running strategy

    Allow manually running strategy

    $opauth = new Opauth($config, false);
    $opauth->runStrategy($strategy); // index
    $opauth = new Opauth($config, false);
    $opauth->runStrategy($strategy, $action);
    opened by olamedia 12
  • Symfony2 support?

    Symfony2 support?

    Hey guys!

    When do you think you'll fully support Symfony2 framework? :)

    Best wishes.

    question wontfix 
    opened by clemblanco 12
  • Fresh install, EC2, Ubuntu LAMP , Google, Twitter Strategies not working

    Fresh install, EC2, Ubuntu LAMP , Google, Twitter Strategies not working

    Hi All -

    I just did a fresh out of the box install on a LAMP server. I'm unable to get Google and Twitter working. I get an error on the callback.php page:

    Notice: Undefined index: opauth in /var/www/opauth/callback.php on line 50
    Warning: array_key_exists() expects parameter 2 to be array, null given in /var/www/opauth/callback.php on line 67
    Invalid auth response: Missing key auth response components.

    I'm having a hard time tracking down the error. So far I have tried/tested everything on nginx/php also, and am getting the same results. I was able to get Facebook to work (pretty simple & out of the box).

    Has anyone else seen problems like this? I setup a completely new EC2 server, just to verify my other configuration was doing the same thing. So I'm able to reproduce the problem on 2 servers. Pretty minimal configs...nothing at all special.

    Any ideas on what I can troubleshoot next?

    opened by tvpmb 9
  • $_POST with 301 Moved Permanently?

    $_POST with 301 Moved Permanently?

    Hello, I'm trying to setup the library on Laravel4.

    Why is it that it POST to the right callback url with 301 on it, and then redirects back to the callback url using this time a GET request.

    I feel everything are setup just fine.

    Let me know if you have some insights to where should I look next.

    Thanks much.

    opened by oozman 7
  • Symfony integration

    Symfony integration

    As symfony has it's own session management and uses the HttpFoundation component to send the response (and the headers). We can't just exit in the middle of the request.

    This PR makes this possible assigning to response object to symfony_response in the config. This will be adjusted by Opauth and the controller can return this.

    This will make this package usable for all frameworks using the HttpFoundation component

    If you have any remarks/notes to my changes, let me know.

    opened by NoUseFreak 7
  • Pluggable HTTP Transport

    Pluggable HTTP Transport

    It would be swell if, instead of relying on allow_url_fopen, or any particular underlying HTTP transport, if a pluggable system could be added instead. One with adapters for Guzzle, Zend_Http, and others.

    This way, the consumer could use their preferred library for handling HTTP transport instead of requiring you to define one specifically.

    Inversion of control, FTW!

    opened by skyzyx 6
  • localhost/facebook not found

    localhost/facebook not found

    I am very new to this and when I followed the instructions and clicked on facebook link in example, I am getting the "localhost/facebook" not found error.

    I have the app id and secret installed properly and have downloaded the facebook strategy to lib/Opauth/Strategy/Facebook folder.

    Am I missing something?

    opened by sguddati 6
  • Make private methods protected

    Make private methods protected

    The Opauth class should not use private methods. When a class entends the Opauth class it can not access those private methods.

    opened by smichaelsen 5
  • WordPress Plugin

    WordPress Plugin

    We have draft a WordPress plugin:

    opened by uira 0
  • Nginx support

    Nginx support

    Due to .htaccess rewrite, OPauth does not work with nginx. Apache is not part of the requirements.

    opened by leirn 1
  • Opauth is not currently actively maintained. Seeking maintainers.

    Opauth is not currently actively maintained. Seeking maintainers.

    I am hardly even developing in PHP now these days so it's getting difficult for me to maintain a PHP project.

    Opauth has been unmaintained for awhile now.

    The other core members, @ceeram and @t1mmen, are not keen to take the lead in Opauth. Would anyone be interested in taking the lead in Opauth?

    opened by uzyn 14
  • GitLab Strategy

    GitLab Strategy

    I created gitlab strategy and it could be added to this opauth repo here's new strategy Tested with GitLab CE 8.7.0

    opened by ppatrik 0
  • Reddit strategy

    Reddit strategy

    available here

    opened by pixeline 0
  • Still actively developed?

    Still actively developed?

    Just wanted to check if opauth is still actively developed? I see the last commit was on Mar 23, 2014. So I'm wondering if it is still supported.

    opened by Taapo 5
  • What bit of user data is common between Twitter and Facebook/Google/github... ?

    What bit of user data is common between Twitter and Facebook/Google/github... ?

    opauth is an incredibly useful tool _ thank you so much for putting this up.

    Question: i'm using the user email address as a way to detect which user logged in, which is fine for Facebook, Google and Github; providing the user used the same email address on any of these providers, he is recognized.

    But Twitter does not return the user email address, which is ennoying because I don't see any way I could match a user that would have register using his facebook account, and who tries to log in via his twitter account. I've looked in the Twitter raw response and I don't see any field that could be used to reliably identify a user who would have previously logged in via Facebook/G+ or Github.

    As far as i know, the only unique identifier Twitter uses is the "nickname", which does not exist in the other providers response.

    What would be a good work around?

    opened by pixeline 1
  • Fix opauth parse uri function

    Fix opauth parse uri function

    The parseUri function takes the URI of the request and extracts the paramters. The request string starts immediately after the web path.

    The current implementation does not consider, that the URI can start with a port definition. In this case the extracted request is not correct.

    By searching the web path and let the paramter string start after that, the URI is parsed correctly.

    opened by michaelknapp 0
  • E_WARNING when query fails

    E_WARNING when query fails

    E_WARNING: implode(): Invalid arguments passed Stack trace …/vendor/opauth/opauth/lib/Opauth/OpauthStrategy.php (423) …/vendor/opauth/opauth/lib/Opauth/OpauthStrategy.php (364) …/vendor/opauth/vkontakte/VKontakteStrategy.php (49) …/vendor/opauth/opauth/lib/Opauth/OpauthStrategy.php (190) …/vendor/opauth/opauth/lib/Opauth/Opauth.php (118) …/vendor/opauth/opauth/lib/Opauth/Opauth.php (88)

    OpauthStrategy.php (422 and 423) is: $content = file_get_contents($url, false, $context); $responseHeaders = implode("\r\n", $http_response_header);

    The problem vatiable is $http_response_header (See I think you should check it like this: $content = file_get_contents($url, false, $context); if (isset($http_response_header)) { $responseHeaders = implode("\r\n", $http_response_header); }

    opened by onyanov 0
  • 1.0.0-alpha.1(Apr 7, 2014)

    Opauth 1.0.0-alpha.1

    Today we are really excited to announce the first release of Opauth 1.0.

    Opauth 1.0 brings about a series of changes and improvements. Some of them includes:

    • Cleaner code base and API
    • PSR-1, PSR-2 and PSR-4 compliance.
    • Extensible components
    • More streamlined callbacks
    • With the use of namespace, Opauth is dropping support for PHP 5.2 for version 1.0 and only supports PHP >= 5.3.
    • Tighter integration with Composer.

    and many more.

    To bring about these changes, Opauth 1.0.x is not backward-compatible with 0.4.x.. Please refer to the migration guide on how to get your application and strategies to work with Opauth 1.0.

    You can find more documentations for 1.0 at

    Preview release

    Note that this is still an alpha release with a semi-consistent Opauth 1.0.x API. The purpose of this release is for you to evaluate and let us know what you think.

    It is also for authors of Opauth strategies and/or related plugins to update their code to support the new Opauth 1.0.x.


    This release is made largely possible by @ceeram. Big thanks to you, @ceeram, for great work on 1.0. With this Opauth welcomes @ceeram to the core team and with this addition, Opauth is no longer a personal project of @uzyn alone but an organization.

    Of course, thanks to each and everyone of you who have evaluated and used Opauth in your projects, written guides and tutorials for Opauth, contributed code and docs to Opauth, written plugins and strategies for Opauth.

    There are still some work to be done before 1.0 hits stable. You can see the tasks here:

    If you want to get involved, please follow our new Twitter @opauth and join us at #opauth at Freenode.

    Source code(tar.gz)
    Source code(zip)
Opauth – PHP Auth Framework
Opauth – PHP Auth Framework
OAuth Service Provider for Laravel 4

OAuth wrapper for Laravel 4 oauth-4-laravel is a simple laravel 4 service provider (wrapper) for Lusitanian/PHPoAuthLib which provides oAuth support i

Dariusz Prząda 698 Dec 23, 2021
OAuth Service Provider for Laravel 5

OAuth wrapper for Laravel 5 oauth-5-laravel is a simple laravel 5 service provider (wrapper) for Lusitanian/PHPoAuthLib which provides oAuth support i

null 2 Sep 19, 2018
Authentication REST-API built with Lumen PHP Framework

Authentication REST-API built with Lumen PHP Framework Laravel Lumen is a stunningly fast PHP micro-framework for building web applications with expre

Hüseyin Yağlı 1 Oct 12, 2021
A framework agnostic authentication & authorization system.

Sentinel Sentinel is a PHP 7.3+ framework agnostic fully-featured authentication & authorization system. It also provides additional features such as

Cartalyst 1.4k Jan 14, 2022
Multi Auth and admin auth in Laravel Project

Laravel Multi Auth For Complete Documentation, visit Here This package is just create admin side (multi auth), which is totaly isolated from your norm

Bitfumes 394 Jan 14, 2022
php database agnostic authentication library for php developers

Whoo Whoo is a database agnostic authentication library to manage authentication operation easily. Whoo provides you a layer to access and manage user

Yunus Emre Bulut 9 Jan 15, 2022
PHP library for Two Factor Authentication (TFA / 2FA)

PHP library for Two Factor Authentication PHP library for two-factor (or multi-factor) authentication using TOTP and QR-codes. Inspired by, based on b

Rob Janssen 803 Jan 14, 2022
Library to manage HTTP authentication with PHP. Includes ServiceProviders for easy Laravel integration.

Intervention HttpAuth Library to manage HTTP authentication with PHP. Includes ServiceProviders for easy Laravel integration. Installation You can ins

null 64 Jan 5, 2022
Simple PHP Google Authentication Template

php-google-auth A php google authentication page project View Demo · Report Problems About The Project This is a small and easy project that I made to

Antonio 4 Nov 21, 2021
This is registration and authentication forms written in PHP, JQuery

Registration-form This is registration and authentication forms written in PHP, JQuery Each file is: header.php - html-file for links "Главная", "Реги

Galina 2 Nov 2, 2021
LogRegPHP is a simple authentication module coded in object-oriented PHP.

LogRegPHP is a simple authentication module coded in object-oriented PHP. It provides you with some helper classes to help you get on speed with your project.

NIXX 1 Dec 8, 2021
PHP class to generate and verify Google Authenticator 2-factor authentication

Google Authenticator PHP class Copyright (c) 2012-2016, Author: Michael Kliewe, @PHPGangsta and contributors Licensed under t

Michael Kliewe 2k Jan 13, 2022
Provides a unified interface to local and remote authentication systems.

Aura.Auth Provides authentication functionality and session tracking using various adapters; currently supported adapters are: Apache htpasswd files S

Aura for PHP 121 Dec 15, 2021
Vendor-Agnostic Two-Factor Authentication

Multi-Factor Designed to be a vendor-agnostic implementation of various Two-Factor Authentication solutions. Developed by Paragon Initiative Enterpris

Paragon Initiative Enterprises 136 Aug 24, 2021
:octocat: Socialite is an OAuth2 Authentication tool. It is inspired by laravel/socialite, you can easily use it without Laravel.

Socialite Socialite is an OAuth2 Authentication tool. It is inspired by laravel/socialite, You can easily use it in any PHP project. 中文文档 This tool no

安正超 1.1k Jan 19, 2022
🔐 JSON Web Token Authentication for Laravel & Lumen

Documentation Documentation for 1.* here For version 0.5.* See the WIKI for documentation. Supported by Auth0 If you want to easily add secure authent

Sean Tymon 10.4k Jan 14, 2022
A One Time Password Authentication package, compatible with Google Authenticator.

Google2FA Google Two-Factor Authentication for PHP Google2FA is a PHP implementation of the Google Two-Factor Authentication Module, supporting the HM

Antonio Carlos Ribeiro 1.4k Jan 9, 2022
LDAP Authentication & Management for Laravel

?? Hey there! Looking for something even easier to use for LDAP integration in your Laravel applications? ?? Introducing LdapRecord ?? LdapRecord is t

null 857 Jan 13, 2022
A Simple method to create laravel authentication for an existing laravel project.

Laravel Simple Auth A Simple method to create laravel authentication for an existing laravel project. Indroduction Why I created this kind of package?

Dasun Tharanga 10 Dec 14, 2021