# swissup/module-oauth2-client

> Magento 2 module to provide OAuth 2.0 supports

`composer require swissup/module-oauth2-client`

Canonical URL: https://packagento.com/swissup/module-oauth2-client

## At a glance

- **Vendor**: swissup (https://packagento.com/swissup.md)
- **Latest version**: 1.0.6 — released 2026-05-15
- **Pricing**: Free
- **Package type**: Magento 2 module
- **Status**: active, accepting new buyers

## Installation

Packagento is licence-gated, so even free packages need a licence on a project before Composer can resolve them.

1. **Sign in or create an account** at https://packagento.com/customer/account/.

2. **Add the package to your account.** Open https://packagento.com/swissup/module-oauth2-client and complete the free checkout. A licence is minted automatically.

3. **Create or pick a project, then activate the licence on it.**
   - Projects represent the Magento installs you deploy to. Manage them at https://packagento.com/projects/.
   - Activate the new licence on the project you'll deploy this package to. Activation is what generates the Composer credentials scoped to that project.

4. **Add the project credentials to your Magento codebase.**

   Grab the project's public + private key from https://packagento.com/projects/ (open the project, then its Credentials tab), and add them to `auth.json`:

   ```json
   {
     "http-basic": {
       "packagento.com": {
         "username": "ppk_live_...",
         "password": "psk_live_..."
       }
     }
   }
   ```

   Add the Packagento Composer repository to `composer.json`:

   ```json
   {
     "repositories": [
       { "type": "composer", "url": "https://packagento.com" }
     ]
   }
   ```

5. **Install and apply.**

   ```bash
   composer require swissup/module-oauth2-client:*
   bin/magento setup:upgrade
   bin/magento setup:di:compile
   bin/magento cache:flush
   ```

## What it does

Magento 2 module to provide OAuth 2.0 supports

## README

Magento 2 module to provide OAuth 2.0 support.
The module's main purpose was to reuse the same code and credentials in other modules.

#### Installation

###### For maintainers

```bash
cd <magento_root>
composer config repositories.swissup composer https://docs.swissuplabs.com/packages/
composer require swissup/module-oauth2-client:dev-master --prefer-source --ignore-platform-reqs --update-no-dev
bin/magento module:enable Swissup_OAuth2Client Swissup_Core
bin/magento setup:upgrade
bin/magento setup:di:compile
```


##### Docs

- [original issue](https://github.com/swissup/module-email/issues/31)
- [Beginning September 30, 2024: third-party apps that use only a password to access Google Accounts and Google Sync will no longer be supported](https://workspaceupdates.googleblog.com/2023/09/winding-down-google-sync-and-less-secure-apps-support.html)
- [thephpleague/oauth2-google](https://github.com/thephpleague/oauth2-google?tab=readme-ov-file)
- [Providers](https://oauth2-client.thephpleague.com/providers/thirdparty/)
- [Official Provider Clients](https://oauth2-client.thephpleague.com/providers/league/)
- [Add support for Microsoft POP3 XOAUTH2](https://github.com/laminas/laminas-mail/commit/64b2059bd25186ceca5ec5d8802ce35d8d9ad0e6)
- [Project Credentials](https://console.cloud.google.com/apis/credentials?project=swissup-email-gmail-oauth2)
- [https://support.google.com/cloud/answer/10311615#zippy=%2Ctesting](https://support.google.com/cloud/answer/10311615#zippy=%2Ctesting)
- [Set Up Email Importing with OAuth2 and Google ](https://docs.whmcs.com/support/support-tutorials/set-up-email-importing-google/)
- ['Token has been expired or revoked'](https://stackoverflow.com/questions/66058279/token-has-been-expired-or-revoked-google-oauth2-refresh-token-gets-expired-i)
- [Gmail IMAP OAuth2 returns error code 400](https://stackoverflow.com/questions/13465349/gmail-imap-oauth2-returns-error-code-400)

## Recent Versions

| Version | Released |
|---|---|
| 1.0.6 | 2026-05-15 |
| 1.0.5 | 2025-09-16 |
| 1.0.4 | 2025-09-12 |
| 1.0.3 | 2025-05-16 |
| 1.0.2 | 2025-04-09 |
| 1.0.1 | 2024-08-06 |
| 1.0.0 | 2024-07-10 |

## Dependencies

### Require

| Package | Constraint |
|---|---|
| league/oauth2-google | ^4.0 |
| magento/framework | ^102.0\|^103.0 |
| php | ^7.4\|^8.0\|^8.1\|^8.2\|^8.3 |
| swissup/module-core | ^1.12.27 |

## Quality

Latest release (1.0.6) fails the Packagento QA pipeline. Verdicts below are per-cell (Magento line × PHP version) for the matrixed tools, and run-once for the static / security tiers.


### Compatibility

Each Magento line is installed on its supported PHP versions, then the module is built (DI compile + static-content deploy). Cells show passed / failed / untested; staircase gaps render as `–`.

| Magento | PHP 8.2 | PHP 8.3 | PHP 8.4 | PHP 8.5 |
|---|---|---|---|---|
| 2.4.7 | Pass | Pass | – | – |
| 2.4.8 | – | Pass | Pass | – |
| 2.4.9 | – | – | Pass | Pass |


### Code Quality

Advisory checks against the module's source. Never affect the Compatibility verdict — a phpcs finding can't make a module incompatible.

#### Static Analysis

Coding standards (phpcs), mess detection (phpmd), copy-pasted code (cpd), PHP cross-version compatibility, composer.json validity. Each runs once for the whole module.

| Tool | Status | Findings | Summary |
|---|---|---|---|
| PHPCS | Warning | 34 | 34 warnings (ruleset: Magento2) |
| PHPMD | Warning | 12 | 12 rule violations (MissingImport:10, UndefinedVariable:1, UnusedLocalVariable:1) |
| Cpd | Pass | 0 |  |
| Composer validate | Info | 1 | valid; 1 advisory note (composer validate --strict) |

#### PHPStan

Type-checks the module against a real Magento install. Re-runs per Magento + PHP version because resolvable symbols differ between releases.

| Magento | PHP 8.2 | PHP 8.3 | PHP 8.4 | PHP 8.5 |
|---|---|---|---|---|
| 2.4.7 | 42 | 42 | – | – |
| 2.4.8 | – | 42 | 42 | – |
| 2.4.9 | – | – | 42 | 42 |


### Tests

Unit and integration suites run per Magento + PHP cell. Test failures speak to the module's behaviour, not its compatibility with a line, so they're reported here separately.

#### Unit Tests

| Magento | PHP 8.2 | PHP 8.3 | PHP 8.4 | PHP 8.5 |
|---|---|---|---|---|
| 2.4.7 | N/A | N/A | – | – |
| 2.4.8 | – | N/A | N/A | – |
| 2.4.9 | – | – | N/A | N/A |

#### Integration Tests

| Magento | PHP 8.2 | PHP 8.3 | PHP 8.4 | PHP 8.5 |
|---|---|---|---|---|
| 2.4.7 | N/A | N/A | – | – |
| 2.4.8 | – | N/A | N/A | – |
| 2.4.9 | – | – | N/A | N/A |


### Security

Dependency-advisory audit (composer audit) plus a source malware scan. A malware detection fails the version outright.

| Tool | Status | Findings | Summary |
|---|---|---|---|
| Composer audit | Pass | 0 |  |
| Malware scan | Pass | 0 |  |

## Licence and pricing

Free. A licence is still minted on checkout and bound to your project for Composer access — no payment step.

Refundable within 14 days of first purchase via https://packagento.com/account/refunds/.

## Install via Claude Code or any MCP client

The Packagento MCP server can run the licence + project + Composer steps above in one tool call:

```
purchase_and_install_packages(
  composer_names=["swissup/module-oauth2-client"],
  project_id="proj_xxx"
)
```

This handles cart, checkout, licence minting, project activation, and writes auth.json credentials. Connect a client with `claude mcp add packagento https://mcp.packagento.com`. Full setup at https://packagento.com/docs/mcp-setup.

## Vendor

swissup is a Magento 2 vendor on Packagento. See https://packagento.com/swissup.md for their full catalogue.