OAuth 2.0 Client VS Nyholm PSR-7

League/oauth2-client has a lot of implementations

Have a look on this one https://oauth2-client.thephpleague.com/

In regards to oauth the phpleague packages are fairly popular. Again, the flow requires some redirect dancing so not something that can be (simply) just a single boolean-returning method on the PHP side. Additionally, oauth is a relatively weak standard (Especially where you want to verify identity) in which case platform specific actions/tweaks are needed hence why most use platform-specific oauth libraries. OIDC builds upon oauth to standardize the flow, including getting the identity, but it isn't supported by all platforms offering oauth.

For the client side, I'll be using the library league/oauth2-client.

"Login with Google/Facebook/Twitter/etc": That's called OAuth2 and quite easy to implement. This package is good OAuth2 client to start.

I'd recommend using a library - for Azure AD OAuth we've been using https://github.com/thephpleague/oauth2-client + https://github.com/thenetworg/oauth2-azure (see also https://oauth2-client.thephpleague.com/providers/thirdparty/ )

For Azure AD, I'd recommend the combination of https://github.com/thephpleague/oauth2-client for the authentication part (getting the token) and the Microsoft Graph SDK for then using the token to get information about the user https://github.com/microsoftgraph/msgraph-sdk-php

Here's a good example of that: https://github.com/thephpleague/oauth2-client/blob/master/.gitattributes

As the documentation states, this package only performs the conversion, so we would need a PSR-7 and a PSR-17 implementation to convert the objects to and from PSR-7. We can use the library the documentation recommends, nyholm/psr7, but there are others.

The following example shows how to create configuration for the HTTP factories, using the nyholm/psr7 package:

Since the library is designed to be easily integrated with different frameworks, it relies on the usage of PSR-7 compliant HTTP messages. To fulfill this requirement, I'll be using the nyholm/psr7 package.

If you go strict PSR-7, as you see in nyholm/psr7, Tobias uses traits to add the functionality of the extended RequestInterface and MessageInterface:

The Symfony folks thought of this, however, and provided a bridge that converts HttpFoundation objects to PSR-7 ones. The bridge simply needs a PSR-7 and PSR-17 factory, for which they suggest to use Tobias Nyholm's PSR-7 implementation.

“In theory, theory and practice are the same. In practice, they are not.” (Dr. Albert Einstein). I believe same goes for packages, too. A good example is the [comparison](https://github.com/Nyholm/psr7) of some PSR-7 implementations.

The point is why would I pull in code in the first place that is not needed? If it is optional, then why is it not a separate package? Same with all of the bloated HTTP requests and response objects that frameworks and other libs usually use. I really like https://github.com/Nyholm/psr7 for that reason, it has a table in it's readme.md that is pretty much enough to know why I like it. If something specific is needed it can be decorated or extended on project level.