digitalcz/openid-connect

PHP implementation of https://openid.net/specs/openid-connect-core-1_0.html

0.x-dev 2022-01-17 08:45 UTC

This package is auto-updated.

Last update: 2022-01-17 08:45:13 UTC


README

Latest Stable Version Total Downloads Latest Unstable Version License PHP Version Require CI Scrutinizer Code Quality codecov

PHP implementation of https://openid.net/specs/openid-connect-core-1_0.html

Install

Via Composer

$ composer require digitalcz/openid-connect

Usage

Initialization

Using the OIDC discovery endpoint

use DigitalCz\OpenIDConnect\ClientMetadata;
use DigitalCz\OpenIDConnect\Factory\ClientFactory;

$discoveryUri = 'https://example.com/.well-known/openid-configuration';
$clientMetadata = new ClientMetadata('clientid', 'clientsecret', 'https://example.com/callback');
$client = ClientFactory::create($discoveryUri, $clientMetadata);
Manually
use DigitalCz\OpenIDConnect\Client;
use DigitalCz\OpenIDConnect\ClientMetadata;
use DigitalCz\OpenIDConnect\Config;
use DigitalCz\OpenIDConnect\Factory\HttpClientFactory;
use DigitalCz\OpenIDConnect\Factory\TokenVerifierFactory;
use DigitalCz\OpenIDConnect\ProviderMetadata;

$clientMetadata = new ClientMetadata('clientid', 'clientsecret', 'https://example.com/callback');
$providerMetadata = new ProviderMetadata([
    ProviderMetadata::AUTHORIZATION_ENDPOINT => 'https://example.com/authorize',
    ProviderMetadata::TOKEN_ENDPOINT => 'https://example.com/token',
    // ...
])
$config = new Config($providerMetadata, $clientMetadata);
$client = new Client(
    $config,
    HttpClientFactory::create(),
    TokenVerifierFactory::create($config)
);

Authorization Code flow

Step 1 - Redirect the user to authorization endpoint

use DigitalCz\OpenIDConnect\Param\AuthorizationParams;

$state = bin2hex(random_bytes(8));
$_SESSION['oauth_state'] = $state;

$authorizationParams = new AuthorizationParams([
    AuthorizationParams::SCOPE => 'openid profile',
    AuthorizationParams::STATE => $state,
]);

$url = $client->getAuthorizationUrl($authorizationParams); 
header('Location: ' . $url);
exit();

Step 2 - Handle callback and exchange code for tokens

use DigitalCz\OpenIDConnect\Param\CallbackParams;
use DigitalCz\OpenIDConnect\Param\CallbackChecks;

$tokens = $client->handleCallback(
    new CallbackParams($_GET),
    new CallbackChecks($_SESSION['oauth_state'])
);

Client Credentials flow

use DigitalCz\OpenIDConnect\Grant\ClientCredentials;
use DigitalCz\OpenIDConnect\Param\CallbackChecks;
use DigitalCz\OpenIDConnect\Param\CallbackParams;
use DigitalCz\OpenIDConnect\Param\TokenParams;

$tokens = $client->requestTokens(
    new TokenParams(
        new ClientCredentials(),
        [
            TokenParams::SCOPE => 'some scope'
        ]
    )
);

See examples for more

Change log

Please see CHANGELOG for more information on what has changed recently.

Testing

$ composer csfix    # fix codestyle
$ composer checks   # run all checks 

# or separately
$ composer tests    # run phpunit
$ composer phpstan  # run phpstan
$ composer cs       # run codesniffer

Contributing

Please see CONTRIBUTING for details.

Security

If you discover any security related issues, please email devs@digital.cz instead of using the issue tracker.

Credits

License

The MIT License (MIT). Please see License File for more information.