-
Notifications
You must be signed in to change notification settings - Fork 752
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Library status #1041
Comments
OAuth2 is not an authentication protocol, it's an authorization protocol, so the whole idea of this library is wrong:
The proper protocol for authentication is OpenID Connect, which builds on top of OAuth2. There are symfony bundles for OIDC, e.g. https://github.com/halloverden/symfony-oidc-client-bundle Symfony itself also provides some support for OIDC, but only in a scenario where the the front-end handles the token request: https://symfony.com/blog/new-in-symfony-6-3-openid-connect-token-handler |
I've just released version 2.8.0 of oauth2-client, which includes many of the open pull requests, including support for PHP 8.4. Version 3.0 of oauth2-client will drop the Guzzle requirement and fully support PSR-18.
This library doesn't try to use OAuth2 as an authentication protocol. It's not a one-size-fits-all solution. Rather, it abstracts the most common behaviors that developers need to build and provides a way for developers to build on top of the abstraction to support any number of providers. |
It's really unfortunate that the two most popular libraries in this area (https://packagist.org/?query=oauth2%20client) appear to no longer be maintained.
What I wonder:
See #1039
The text was updated successfully, but these errors were encountered: