// the find
overtrue/socialite
Socialite is an OAuth2 Authentication tool. It is inspired by laravel/socialite, you can easily use it without Laravel.
A framework-agnostic PHP OAuth2 client library supporting ~25 providers, with especially deep coverage of Chinese platforms (WeChat, Alipay, DingTalk, Feishu, Douyin, Weibo, QQ, Taobao). Inspired by Laravel Socialite but works in any PHP 8+ project. The main audience is developers building PHP apps that need social login, particularly anyone targeting Chinese platform auth flows that most Western OAuth libraries ignore entirely.
The Chinese platform coverage is the actual differentiator — handling WeChat's third-party platform delegation, Alipay's RSA2 signature flow, and Feishu's internal app mode are all genuinely fiddly and this library has them working. The custom provider extension mechanism is clean: pass a closure or implement ProviderInterface and drop it into the config. State parameter support for CSRF protection is first-class, not bolted on. The `Base` provider abstraction is solid — adding a new OAuth2 provider means overriding a handful of methods, not reimplementing the token exchange.
Token refresh is absent from the standard interface — `getRefreshToken()` returns a value but there is no `refreshToken()` method on the provider, so you're on your own once the access token expires. The test suite covers only a handful of providers and leans heavily on Mockery-based HTTP mocking; there are no integration tests and some edge cases in the Chinese providers are not tested at all. PKCE support is not present, which matters now that it's effectively required for public clients in modern OAuth2. Documentation is primarily in Chinese and the English README is a translation, so some platform-specific notes lose nuance in the process.