digitalcz / openid-connect
PHP implementation of https://openid.net/specs/openid-connect-core-1_0.html
Installs: 11 435
Dependents: 0
Suggesters: 0
Security: 0
Stars: 2
Watchers: 2
Forks: 0
Open Issues: 1
Requires
- php: ^8.1
- php-http/discovery: ^1.14
- psr/http-client: ^1.0.1
- psr/http-factory: ^1.0.1
- psr/http-message: ^1.0.1 || ^2.0
- psr/simple-cache: ^1.0.1 || ^3.0
- spomky-labs/aes-key-wrap: ^7.0
- thecodingmachine/safe: ^2.0
- web-token/jwt-library: ^3.3
Requires (Dev)
- digitalcz/coding-standard: ^0.2.0
- nyholm/nsa: ^1.3.0
- nyholm/psr7: ^1.5.1
- php-http/curl-client: ^2.2.0
- php-http/mock-client: ^1.5.0
- phpstan/extension-installer: ^1.2.0
- phpstan/phpstan: ^1.9.0
- phpstan/phpstan-phpunit: ^1.3.0
- phpstan/phpstan-strict-rules: ^1.4.4
- phpunit/phpunit: ^10.5.11 || ^11.0.3
- symfony/cache: ^6.4.4 || ^v7.0.4
- symfony/var-dumper: ^6.4.4 || ^v7.0.4
- thecodingmachine/phpstan-safe-rule: ^1.2.0
README
PHP implementation of https://openid.net/specs/openid-connect-core-1_0.html
Install
Via Composer
$ composer require digitalcz/openid-connect
Usage
Initialization
Using the OIDC discovery endpoint
use DigitalCz\OpenIDConnect\ClientMetadata; use DigitalCz\OpenIDConnect\ClientFactory; $issuerUrl = 'https://example.com'; $clientMetadata = new ClientMetadata('clientid', 'clientsecret', 'https://example.com/callback'); $client = ClientFactory::create($issuerUrl, $clientMetadata);
Manually
use DigitalCz\OpenIDConnect\Client; use DigitalCz\OpenIDConnect\ClientMetadata; use DigitalCz\OpenIDConnect\Config; use DigitalCz\OpenIDConnect\Http\HttpClientFactory; use DigitalCz\OpenIDConnect\Token\TokenVerifierFactory; use DigitalCz\OpenIDConnect\ProviderMetadata; $clientMetadata = new ClientMetadata('clientid', 'clientsecret', 'https://example.com/callback'); $providerMetadata = new ProviderMetadata([ ProviderMetadata::AUTHORIZATION_ENDPOINT => 'https://example.com/authorize', ProviderMetadata::TOKEN_ENDPOINT => 'https://example.com/token', // ... ]) $config = new Config($providerMetadata, $clientMetadata); $client = new Client($config, HttpClientFactory::create());
Authorization Code flow
Step 1 - Redirect the user to authorization endpoint
use DigitalCz\OpenIDConnect\Param\AuthorizationParams; $state = bin2hex(random_bytes(8)); $_SESSION['oauth_state'] = $state; $authorizationParams = new AuthorizationParams([ AuthorizationParams::SCOPE => 'openid profile', AuthorizationParams::STATE => $state, ]); $url = $client->getAuthorizationUrl($authorizationParams); header('Location: ' . $url); exit();
Step 2 - Handle callback and exchange code for tokens
use DigitalCz\OpenIDConnect\Param\CallbackParams; use DigitalCz\OpenIDConnect\Param\CallbackChecks; $tokens = $client->handleCallback( new CallbackParams($_GET), new CallbackChecks($_SESSION['oauth_state']) );
Client Credentials flow
use DigitalCz\OpenIDConnect\Grant\ClientCredentials; use DigitalCz\OpenIDConnect\Param\TokenParams; $tokens = $client->requestTokens( new TokenParams( new ClientCredentials(), [ TokenParams::SCOPE => 'some scope' ] ) );
See examples for more
Change log
Please see CHANGELOG for more information on what has changed recently.
Testing
$ composer csfix # fix codestyle $ composer checks # run all checks # or separately $ composer tests # run phpunit $ composer phpstan # run phpstan $ composer cs # run codesniffer
Contributing
Please see CONTRIBUTING for details.
Security
If you discover any security related issues, please email devs@digital.cz instead of using the issue tracker.
Credits
License
The MIT License (MIT). Please see License File for more information.