How do I integrate Guzzle OAuth Subscriber with Laravel’s HttpClient?

Use `HttpClient::withOptions()` to inject the middleware into Laravel’s default client. Configure the `HandlerStack` with the `Oauth1` subscriber and pass it via the `handler` option. This avoids hardcoding credentials in routes or controllers.

Does this package support OAuth 1.0a (three-legged OAuth) or only two-legged?

This package fully supports OAuth 1.0a (three-legged OAuth) with token and token_secret. You can also use it for two-legged OAuth by omitting the token/token_secret fields in the configuration. The middleware handles both flows dynamically.

What’s the best way to store OAuth credentials securely in Laravel?

Store credentials in Laravel’s `.env` file (e.g., `OAUTH_CONSUMER_KEY`, `OAUTH_TOKEN_SECRET`) and load them in a service provider or config file. Avoid hardcoding secrets in code. For production, consider using Laravel Forge, Vault, or AWS Secrets Manager.

Can I use this with Laravel 9+ and Guzzle 7+ without conflicts?

Yes, this package is fully compatible with Laravel 9+ and Guzzle 7+. Laravel’s default HttpClient uses Guzzle 7, and the OAuth Subscriber is designed for Guzzle 7.10+. No additional dependencies or conflicts exist.

How do I handle per-request token overrides for different API endpoints?

Use the `oauth` request option to override `token` and `token_secret` for individual requests while keeping the base consumer credentials. Example: `$client->get('endpoint', ['auth' => 'oauth', 'oauth' => ['token' => 'new_token']])`.

What signing methods does this package support, and which should I use?

The package supports HMAC-SHA1 (default) and RSA-SHA1 signing methods. Use HMAC-SHA1 for most cases (faster, no OpenSSL dependency). RSA-SHA1 requires the `ext-openssl` PHP extension and is needed for APIs requiring asymmetric signing.

How do I debug failed OAuth signatures or API rejections?

Enable Guzzle middleware logging to inspect signed requests. Add a tap middleware to log headers: `$stack->push(Middleware::tap(function ($request) { Log::debug('OAuth Headers', $request->getHeaders()); }));`. Check for errors like `oauth_problem` in API responses.

Is there a performance impact with RSA-SHA1 signing in high-traffic Laravel apps?

Yes, RSA-SHA1 signing is CPU-intensive and can slow down requests. For high-traffic apps, prefer HMAC-SHA1 or offload signing to a dedicated service. Monitor response times and consider caching signed requests if applicable.

Can I use this package with Laravel’s queue system for background OAuth requests?

Yes, you can use the OAuth Subscriber with Laravel queues by creating a custom Guzzle client with the middleware in a job. Example: `$client = new Client(['handler' => $stack]);` and pass it to the job’s `handle()` method.

What alternatives exist for OAuth 1.0 in Laravel if this package doesn’t fit my needs?

Alternatives include the `league/oauth1-client` package (more feature-rich but heavier) or rolling a custom solution using Guzzle’s `Authorization` header. However, this package is the most lightweight and Laravel-friendly for OAuth 1.0 middleware integration.

Weave Code

Code Weaver

Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.

Oauth Subscriber Laravel Package

guzzlehttp/oauth-subscriber

Guzzle middleware that signs HTTP requests with OAuth 1.0. Compatible with Guzzle 7.10+ and PHP 7.2.5+. Configure consumer/token secrets once on a HandlerStack, then enable per request (auth=oauth) or globally, with optional per-request token override.

View on GitHub

Deep Wiki

Context7

Signs Guzzle requests using OAuth 1.0

Frequently asked questions about Oauth Subscriber

How do I integrate Guzzle OAuth Subscriber with Laravel’s HttpClient?: Use `HttpClient::withOptions()` to inject the middleware into Laravel’s default client. Configure the `HandlerStack` with the `Oauth1` subscriber and pass it via the `handler` option. This avoids hardcoding credentials in routes or controllers.
Does this package support OAuth 1.0a (three-legged OAuth) or only two-legged?: This package fully supports OAuth 1.0a (three-legged OAuth) with token and token_secret. You can also use it for two-legged OAuth by omitting the token/token_secret fields in the configuration. The middleware handles both flows dynamically.
What’s the best way to store OAuth credentials securely in Laravel?: Store credentials in Laravel’s `.env` file (e.g., `OAUTH_CONSUMER_KEY`, `OAUTH_TOKEN_SECRET`) and load them in a service provider or config file. Avoid hardcoding secrets in code. For production, consider using Laravel Forge, Vault, or AWS Secrets Manager.
Can I use this with Laravel 9+ and Guzzle 7+ without conflicts?: Yes, this package is fully compatible with Laravel 9+ and Guzzle 7+. Laravel’s default HttpClient uses Guzzle 7, and the OAuth Subscriber is designed for Guzzle 7.10+. No additional dependencies or conflicts exist.
How do I handle per-request token overrides for different API endpoints?: Use the `oauth` request option to override `token` and `token_secret` for individual requests while keeping the base consumer credentials. Example: `$client->get('endpoint', ['auth' => 'oauth', 'oauth' => ['token' => 'new_token']])`.
What signing methods does this package support, and which should I use?: The package supports HMAC-SHA1 (default) and RSA-SHA1 signing methods. Use HMAC-SHA1 for most cases (faster, no OpenSSL dependency). RSA-SHA1 requires the `ext-openssl` PHP extension and is needed for APIs requiring asymmetric signing.
How do I debug failed OAuth signatures or API rejections?: Enable Guzzle middleware logging to inspect signed requests. Add a tap middleware to log headers: `$stack->push(Middleware::tap(function ($request) { Log::debug('OAuth Headers', $request->getHeaders()); }));`. Check for errors like `oauth_problem` in API responses.
Is there a performance impact with RSA-SHA1 signing in high-traffic Laravel apps?: Yes, RSA-SHA1 signing is CPU-intensive and can slow down requests. For high-traffic apps, prefer HMAC-SHA1 or offload signing to a dedicated service. Monitor response times and consider caching signed requests if applicable.
Can I use this package with Laravel’s queue system for background OAuth requests?: Yes, you can use the OAuth Subscriber with Laravel queues by creating a custom Guzzle client with the middleware in a job. Example: `$client = new Client(['handler' => $stack]);` and pass it to the job’s `handle()` method.
What alternatives exist for OAuth 1.0 in Laravel if this package doesn’t fit my needs?: Alternatives include the `league/oauth1-client` package (more feature-rich but heavier) or rolling a custom solution using Guzzle’s `Authorization` header. However, this package is the most lightweight and Laravel-friendly for OAuth 1.0 middleware integration.

Popularity trends

Recorded values over time (once-a-day snapshots). May 10, 2026 – Jun 8, 2026

GitHub · stars

GitHub · forks

GitHub · watchers

Packagist · monthly downloads

View on GitHub

Stars

239

Favorites

241

Forks

Score

25.9

Score breakdown

Sum of components, capped 0–100. Halved if archived.

Stars

input: 239

+1.2
Forks

input: 88

+2.6
Open issues + PRs

input: 0

+0.0
Releases

input: 8

+2.4
Recency

input: 19

+19.0
Issue opportunity

input: 0

+0.0
Laravel News mentions

input: 0

+0.0
Dependents

input: 0

+0.0

Total 25.2

Opportunity

49.3

Opportunity score breakdown

Hidden gem signal × 0.65 + contribution need × 0.35, scaled by health factor.

Hidden gem

log(monthly_downloads / (stars + 1)) × 25

76.2
Contribution need

open_issues + open_prs: 0

0.0
Health factor

archived + recency + open issues

×0.99

Total 49.1

License

MIT

Last release

May 19, 2026

Watchers

Downloads

267K/mo

Dependents

Open issues

Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.

Add packages to context

No packages found.

jayeshmepani/jpl-moshier-ephemeris-php

elnasnato/laraliveui

labrodev/rest-sdk

sampaui/sampaui

babelqueue/php-sdk

facebook/capi-param-builder-php

babelqueue/symfony

hamzi/corewatch

minionfactory/raw-hydrator

hexters/coinpayment

rjcodes/rjcms

act-training/laravel-permissions-manager

alimarchal/laravel-chart-of-accounts

babenkoivan/elastic-scout-driver

mkwebdesign/filament-watchdog-v5

renatomarinho/laravel-page-speed

zedmagdy/filament-business-hours

renatovdemoura/blade-elements-ui

devgeek/beacon-admin

benjamin-rqt/data-watcher-bundle