PHP OAuth2 Library
Supports Facebook, LinkedIn and Google+

OAuth2 Wrappers

This component provides wrappers for several OAuth2 systems like Facebook, LinkedIn and Google. After you have gained OAuth2 access token, you can use this wrapper to communicate with the the desired service.

Install the component

The best way to install the component is using Composer.

composer require webiny/oauth2

For additional versions of the package, visit the Packagist page.

Supported OAuth2 servers

Current supported OAuth2 servers are:

  • Facebook
  • Google
  • LinkedIn

Configuring the component

To use the component, you first need to configure it. The configuration is done by defining the following params:

  • Server - class that will be used to process the response from OAuth2 server
  • ClientId - OAuth2 client id
  • ClientSecret - OAuth2 client secret
  • Scope - scope parameter based on the selected OAuth2 server
  • RedirectUri - location where the user will be redirected by the OAuth2 server once he is authorized

Example configuration:

            Server: \Webiny\Component\OAuth2\Server\Facebook
            ClientId: 273234862555915
            ClientSecret: fe5G55632eeabc2086f8209a3ff05g22
            Scope: email
            RedirectUri: '/security/login-fb/'
            Server: \Webiny\Component\OAuth2\Server\Google
            ClientSecret: KyP8Eag3a60Jgb3mkgiuPFdZYl
            Scope: openid%20profile%20email
            RedirectUri: '/security/login-gp/'


This component depends on users access token, without it no API call to the OAuth2 server can be made. To get the access token, please read the implementation guide for a specific server you wish to use. OAuth2 components is also integrated with the Security component as a user and authentication provider, automating the process of getting the required auth token.


// load instance of `GPlus` configuration
$instance = OAuth2Loader::getInstance('GPlus');

// set access token

// do API requests to get user details
$userProfile = $instance->request()->getUserDetails();

// do an API request to a specific API method
$result = $instance->request()->rawRequest($url, $params);

Registering additional servers

First create a class that extends \Webiny\Component\OAuth2\AbstractServer and then implement the abstract methods. All of the abstract methods are described inside AbstractServer class, and additionally you should also check out how implementations of current servers looks like. They are located in \Webiny\Component\OAuth2\Server folder.

class Instagram extends \Webiny\Component\OAuth2\AbstractServer
    public function getAuthorizeUrl(){
        // TODO: Implement _getUserDetailsTargetData() method.

    public function getAccessTokenUrl(){
        // TODO: Implement _getUserDetailsTargetData() method.

    protected function _getUserDetailsTargetData() {
        // TODO: Implement _getUserDetailsTargetData() method.

    protected function _processUserDetails($result) {
        // TODO: Implement _processUserDetails() method.

    public function processAuthResponse($response) {
        // TODO: Implement processAuthResponse() method.

Once you have implemented your logic for the abstract methods, it's time to register the class with the OAuth2 component. In order to do so, inside your config file, set the value of Server property to your newly created class.

            Server: \MyLib\OAuth2\Server\Instagram

And you're done! To use it, just configure it the same way as the built in classes.


The code on this component is not fully covered by unit test. Only main classes are tested, while tests for Bridge and Server still need to be written.


To run unit tests, you need to use the following command:

$ cd path/to/Webiny/Component/OAuth2/
$ composer.phar install
$ phpunit

To learn what you can do with Webiny Framework, checkout Webiny Platform - open-source content management system.

Explore Webiny Framework components:

  • Amazon currently supports implementation of Amazon S3
  • Annotations component for parsing annotations from a class, method or a property
  • Cache provides several caching libraries like Apc, Couchbase, Memcache and Redis
  • ClassLoader a PSR-0, PSR-4 and PEAR class loader
  • Config a very handy library for parsing YAML, INI, JSON and PHP configuration files
  • Crypt library for encoding, decoding and validating hashes
  • Entity an ODM layer (currently only supports MongoDB)
  • EventManager want to do event-based development, this is a library for you
  • Http library for parsing HTTP requests and creating HTTP responses
  • Image library for image manipulation
  • Logger PSR-3 log components for logging code execution in runtime
  • Mailer component for sending emails
  • Mongo MongoDB class wrapper
  • OAuth2 library for working with OAuth2, currently supports Facebook, LinkedIn and Google+
  • REST fully featured REST library with caching, security and rate control
  • Router handles defining, parsing, creating and matching url routes
  • Security provides authorization and authentication layer
  • ServiceManager want to write truly service based, loosely-coupled code, this library provides that
  • StdLib this component provides object wrappers for Arrays, Strings, Urls and DateTime data types
  • Storage storage abstraction layer that simplifies the way you work with files and directories
  • TemplateEngine provides a layer for rendering view templates and defining template plugins and manipulators
  • TwitterOAuth library for working with Twitter API using Twitter OAuth


Lastest from our blog:

The Power of the Community

In the focus of recent feedback that I got, I think there is a need for me to justify some of the decisions we made while developing Webiny Framework.

Share & subscribe: