danielburger1337 / openid-hash
Create/Verify OpenID Connect (OIDC) verification hashes.
Requires
- php: ^8.2
- danielburger1337/sha3-shake: ^1.0
- spomky-labs/base64url: ^2.0
Requires (Dev)
- friendsofphp/php-cs-fixer: ^3.50.0
- phpstan/phpstan: ^1.10
- phpunit/phpunit: ^11.0
This package is auto-updated.
Last update: 2024-10-24 06:24:30 UTC
README
openid-hash
Create and/or verify OpenID Connect 1.0 ID Token hashes (at_hash, c_hash, s_hash).
This library is PSR-4 compatible and can be installed via PHP's dependency manager Composer.
composer require danielburger1337/openid-hash
This library requires a 64-bit version of PHP.
How To Use
The constructor takes two arguments. The first argument is the JWA algorithm the ID Token is signed with. This value can usally be found in the alg header parameter of the ID Token.
The second argument is only required when the ID Token is signed with the EdDSA algorithm. This argument must then contain the crv of the JWK that was used to sign the ID Token. This value can usually be found in the crv header parameter of the ID Token or in the jwks_uri document of the OP.
To verify a hash, you can use the verify*Hash methods:
<?php use danielburger1337\OpenIdHash\OpenIdHash; $instance = new OpenIdHash('RS256'); // see also "verifyCodeHash", "verifyStateHash" $isValid = $instance->verifyAccessTokenHash('access token', 'The "at_hash" claim of the ID Token'); // bool
To create a verification hash, you can use the create*Hash methods:
<?php use danielburger1337\OpenIdHash\OpenIdHash; $instance = new OpenIdHash('EdDSA', 'Ed448'); // see also "createCodeHash", "createStateHash" $hash = $instance->createAccessTokenHash('YmJiZTAwYmYtMzgyOC00NzhkLTkyOTItNjJjNDM3MGYzOWIy9sFhvH8K_x8UIHj1osisS57f5DduL'); print $hash; // sB_U72jyb0WgtX8TsVoqJnm6CD295W9gfSDRxkilB3LAL7REi9JYutRW_s1yE4lD8cOfMZf83gi4