tl;dr: no actively maintained drop-in replacement exists.
Upstream is fully archived
packagist.org/packages/id4me/id4me-rp explicitly states "abandoned and no longer maintained. No replacement package was suggested."
The source repo at gitlab.com/ID4me/id4me-rp-client-php is archived/read-only.
Alternatives I found, with caveats
plesk/id4me-relying-party — same idea, but the last release (0.2.0) is from March 2019, 7 installs total, not auto-updated. Effectively dead too, and older than what you're already using.
No other PHP forks turned up. Sibling implementations exist only in Node.js and Python, no use here.
The bigger picture
The ID4me protocol itself has very little momentum: the foundation's PHP, JS, and Python clients have all gone quiet, and the package only has 1 dependent on Packagist (likely this app). In composer.json it's already pulled in as a vendored dependency via wikimedia/composer-merge-plugin, and it's used only by lib/Controller/Id4meController.php behind an admin toggle that defaults to disabled.
Given near-zero ecosystem usage and that it's an opt-in alt-login, deprecating it is defensible.
tl;dr: no actively maintained drop-in replacement exists.
Upstream is fully archived
packagist.org/packages/id4me/id4me-rp explicitly states "abandoned and no longer maintained. No replacement package was suggested."
The source repo at gitlab.com/ID4me/id4me-rp-client-php is archived/read-only.
Alternatives I found, with caveats
plesk/id4me-relying-party — same idea, but the last release (0.2.0) is from March 2019, 7 installs total, not auto-updated. Effectively dead too, and older than what you're already using.
No other PHP forks turned up. Sibling implementations exist only in Node.js and Python, no use here.
The bigger picture
The ID4me protocol itself has very little momentum: the foundation's PHP, JS, and Python clients have all gone quiet, and the package only has 1 dependent on Packagist (likely this app). In
composer.jsonit's already pulled in as a vendored dependency viawikimedia/composer-merge-plugin, and it's used only bylib/Controller/Id4meController.phpbehind an admin toggle that defaults to disabled.Given near-zero ecosystem usage and that it's an opt-in alt-login, deprecating it is defensible.