How do I integrate **guzzlehttp/oauth-subscriber** with Laravel’s HTTP client?

Use `HttpClient::withOptions()` to inject the middleware into a `HandlerStack`. Pass the OAuth1 subscriber with your consumer/token secrets, then set `auth => 'oauth'` in request options or globally in the client config. Example: `$client = HttpClient::withOptions(['handler' => HandlerStack::create()->push(new Oauth1([...]))])`.

Does this package support OAuth 1.0a for APIs like Twitter or Mailchimp?

Yes, it fully supports OAuth 1.0a, including HMAC-SHA1 and RSA-SHA1 signing methods. The middleware handles the signature generation automatically when you enable signing via the `auth => 'oauth'` option.

Can I override OAuth credentials per request without rebuilding the client?

Absolutely. Use the `oauth` request option to pass a new `token` and `token_secret` pair for individual requests. The `auth => 'oauth'` option must still be set to enable signing, but the credentials will dynamically switch.

What Laravel and PHP versions does **guzzlehttp/oauth-subscriber** support?

This package requires **Guzzle 7.11+** and **PHP 7.2.5+**, making it compatible with **Laravel 9+**. It also explicitly supports **PHP 8.5**, addressing non-finite float coercion warnings without breaking changes.

How do I securely store OAuth consumer/token secrets in Laravel?

Store secrets in Laravel’s `.env` file or a secrets manager (e.g., AWS Secrets Manager). Avoid hardcoding credentials; use Laravel’s config system or a service provider to centralize OAuth configuration and inject it into the middleware.

Will RSA-SHA1 signing impact performance for high-volume APIs?

RSA-SHA1 signing is computationally heavier than HMAC-SHA1, so it may impact throughput. Benchmark your API calls under load. For high-volume APIs, consider caching signed requests or negotiating OAuth 2.0 if the API supports it.

How do I handle failed OAuth signatures (e.g., expired tokens) in production?

Log OAuth failures using Guzzle’s event system or middleware. Implement retry logic for transient errors (e.g., expired tokens) by wrapping the client in a retry middleware or using Laravel’s `retry` helper for HTTP calls.

Should I test this package with PHP 8.5 if I’m not upgrading yet?

If you’re not on PHP 8.5, focus on core functionality first. However, the package fixes non-finite float coercion warnings, so if you plan to upgrade, test edge cases like timestamp values in your integration tests to validate stability.

Can I use this with standalone Guzzle (not Laravel’s HTTP client)?

Yes, the middleware works with standalone Guzzle 7+ instances. Instantiate a `Client` with the `HandlerStack` containing the `Oauth1` subscriber, then configure signing as documented. The setup is identical to Laravel’s HTTP client.

Are there alternatives to this package for OAuth 1.0 in Laravel?

Alternatives include custom OAuth 1.0 implementations (e.g., using `league/oauth1-client`) or third-party packages like `abraham/twitteroauth`. However, **guzzlehttp/oauth-subscriber** is the most lightweight and Guzzle-native solution, ideal for Laravel’s middleware-centric HTTP stack.

Weave Code

Code Weaver

Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.

Oauth Subscriber Laravel Package

guzzlehttp/oauth-subscriber

Guzzle middleware for OAuth 1.0 request signing (consumer key/secret + token/secret) compatible with Guzzle 7.11+ and PHP 7.2.5+. Add to a HandlerStack, set auth=oauth, and optionally override token credentials per request.

View on GitHub

Deep Wiki

Context7

Guzzle OAuth 1.0 subscriber

Frequently asked questions about Oauth Subscriber

How do I integrate **guzzlehttp/oauth-subscriber** with Laravel’s HTTP client?: Use `HttpClient::withOptions()` to inject the middleware into a `HandlerStack`. Pass the OAuth1 subscriber with your consumer/token secrets, then set `auth => 'oauth'` in request options or globally in the client config. Example: `$client = HttpClient::withOptions(['handler' => HandlerStack::create()->push(new Oauth1([...]))])`.
Does this package support OAuth 1.0a for APIs like Twitter or Mailchimp?: Yes, it fully supports OAuth 1.0a, including HMAC-SHA1 and RSA-SHA1 signing methods. The middleware handles the signature generation automatically when you enable signing via the `auth => 'oauth'` option.
Can I override OAuth credentials per request without rebuilding the client?: Absolutely. Use the `oauth` request option to pass a new `token` and `token_secret` pair for individual requests. The `auth => 'oauth'` option must still be set to enable signing, but the credentials will dynamically switch.
What Laravel and PHP versions does **guzzlehttp/oauth-subscriber** support?: This package requires **Guzzle 7.11+** and **PHP 7.2.5+**, making it compatible with **Laravel 9+**. It also explicitly supports **PHP 8.5**, addressing non-finite float coercion warnings without breaking changes.
How do I securely store OAuth consumer/token secrets in Laravel?: Store secrets in Laravel’s `.env` file or a secrets manager (e.g., AWS Secrets Manager). Avoid hardcoding credentials; use Laravel’s config system or a service provider to centralize OAuth configuration and inject it into the middleware.
Will RSA-SHA1 signing impact performance for high-volume APIs?: RSA-SHA1 signing is computationally heavier than HMAC-SHA1, so it may impact throughput. Benchmark your API calls under load. For high-volume APIs, consider caching signed requests or negotiating OAuth 2.0 if the API supports it.
How do I handle failed OAuth signatures (e.g., expired tokens) in production?: Log OAuth failures using Guzzle’s event system or middleware. Implement retry logic for transient errors (e.g., expired tokens) by wrapping the client in a retry middleware or using Laravel’s `retry` helper for HTTP calls.
Should I test this package with PHP 8.5 if I’m not upgrading yet?: If you’re not on PHP 8.5, focus on core functionality first. However, the package fixes non-finite float coercion warnings, so if you plan to upgrade, test edge cases like timestamp values in your integration tests to validate stability.
Can I use this with standalone Guzzle (not Laravel’s HTTP client)?: Yes, the middleware works with standalone Guzzle 7+ instances. Instantiate a `Client` with the `HandlerStack` containing the `Oauth1` subscriber, then configure signing as documented. The setup is identical to Laravel’s HTTP client.
Are there alternatives to this package for OAuth 1.0 in Laravel?: Alternatives include custom OAuth 1.0 implementations (e.g., using `league/oauth1-client`) or third-party packages like `abraham/twitteroauth`. However, **guzzlehttp/oauth-subscriber** is the most lightweight and Guzzle-native solution, ideal for Laravel’s middleware-centric HTTP stack.

Popularity trends

Recorded values over time (once-a-day snapshots). May 22, 2026 – Jun 20, 2026

GitHub · stars

GitHub · forks

GitHub · watchers

Packagist · monthly downloads

View on GitHub

Stars

240

Favorites

242

Forks

Score

26.7

Score breakdown

Sum of components, capped 0–100. Halved if archived.

Stars

input: 240

+1.2
Forks

input: 88

+2.6
Open issues + PRs

input: 0

+0.0
Releases

input: 10

+3.0
Recency

input: 3

+19.8
Issue opportunity

input: 0

+0.0
Laravel News mentions

input: 0

+0.0
Dependents

input: 0

+0.0

Total 26.7

Opportunity

50.5

Opportunity score breakdown

Hidden gem signal × 0.65 + contribution need × 0.35, scaled by health factor.

Hidden gem

log(monthly_downloads / (stars + 1)) × 25

77.8
Contribution need

open_issues + open_prs: 0

0.0
Health factor

archived + recency + open issues

×1.00

Total 50.5

License

MIT

Last release

Jun 16, 2026

Watchers

Downloads

312K/mo

Dependents

Open issues

Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.

Add packages to context

No packages found.

nasirkhan/laravel-sharekit

directorytree/privacy-filter-classifier

directorytree/privacy-filter

datacore/hub-sdk

develia/commons

cuci/prototurk-sdk

cuci/prototurk-sdk-symfony

develia/geo-bundle

dreamzy/livewire-charts

touchestate-sdk/php-sdk

22h/doctrine-garbage-collection-bundle

agtp/agtp-php

agtp/mod-php

splash/sonata-admin

splash/metadata

splash/openapi

splash/scopes

splash/toolkit

testo/output-teamcity

testo/bridge-symfony