Library breaks in PHP 7.1 due to deprecated mcrypt_module_open()

[KaneCohen]

It's not issue directly in the OAuth2 Client library, however I feel like it should be noted.

During authorization flow library calls getRandomState() method which is supposed to generate some random string of a given length. Here library uses RandomLib to pick appropriate random string generator and then uses it to generate a string. Problem is - RandomLib internally uses mcrypt_module_open() function which in PHP7.1 has been deprecated.

This basically breaks OAuth2 Client authorization flow. This I'm assuming affects all other libraries that user OAuth2 Client.

RandomLib has appropriate issue submitted, but not yet resolved.

[ramsey]

What version of league/oauth2-client are you using? Version 2 no longer uses RandomLib. Instead, it uses random_bytes() in PHP 7, falling back to paragonie/random_compat for earlier versions of PHP. I advise upgrading to the 2.x series of the oauth2-client library.

[KaneCohen]

Oh I see. I'm using 1.x version of FB/Google clients.

Thanks a lot for the answer, will update libraries.