Looking for PHP classes that will authenticate against existing OAuth or SAML IdP servers

This page summarizes the projects mentioned and recommended in the original post on /r/opensource

Our great sponsors
  • LearnThisRepo.com - Learn 300+ open source libraries for free using AI.
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • WorkOS - The modern API for authentication & user identity.
  • php-saml

    Simple SAML toolkit for PHP

    I use this library for SAML. The trouble is SAML is quite complex with a lot of options, and the journey requires you to send off the user to the IdP in the correct way, then receive them back in the right manner (Which is often a POST back to your app so can take some extra dancing if you use samesite=lax cookie-based sessions). Additionally, you'd often want to serve an endpoint for your app's metadata. So not really something that can be served by a single method returning a boolean.

  • OAuth 2.0 Client

    Easy integration with OAuth 2.0 service providers.

    In regards to oauth the phpleague packages are fairly popular. Again, the flow requires some redirect dancing so not something that can be (simply) just a single boolean-returning method on the PHP side. Additionally, oauth is a relatively weak standard (Especially where you want to verify identity) in which case platform specific actions/tweaks are needed hence why most use platform-specific oauth libraries. OIDC builds upon oauth to standardize the flow, including getting the identity, but it isn't supported by all platforms offering oauth.

  • LearnThisRepo.com

    Learn 300+ open source libraries for free using AI. LearnThisRepo lets you learn 300+ open source repos including Postgres, Langchain, VS Code, and more by chatting with them using AI!

  • oauth2-github

    GitHub Provider for the OAuth 2.0 Client

    In regards to oauth the phpleague packages are fairly popular. Again, the flow requires some redirect dancing so not something that can be (simply) just a single boolean-returning method on the PHP side. Additionally, oauth is a relatively weak standard (Especially where you want to verify identity) in which case platform specific actions/tweaks are needed hence why most use platform-specific oauth libraries. OIDC builds upon oauth to standardize the flow, including getting the identity, but it isn't supported by all platforms offering oauth.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts