dvsa/php-govuk-account

A league/oauth2-client provider for GOV.UK One Login

3.0.0 2024-10-31 08:30 UTC

This package is auto-updated.

Last update: 2024-12-01 11:05:50 UTC


README

A provider (based on PHP League OAuth2-Client) to interact with GOV.UK Account.

Supports autoconfiguration for most settings using the discovery endpoint.

For identity assurance (when verifying the JWT in , you will need to define the identity_assurance_public_key and expected_core_identity_issuer for the short interim until the key and issuer is published on the discovery endpoint.

Installing

The recommended way to install is through Composer.

composer require dvsa/php-govuk-account

Configuring

You may want to refer to the documentation provided at PHP League OAuth2-Client as this package is a provider for that abstract package.

When instantiating the provider, the constructor accepts additional attributes defined in array $options = [] which are specific for this provider; in addition to the default options provided by the AbstractProvider (PHP League OAuth2-Client).

'base_uri' => 'https://oidc.integration.account.gov.uk', // Base URI for the GOV.UK One Login API 
'discovery_endpoint' => 'https://oidc.integration.account.gov.uk/.well-known/openid-configuration', // Endpoint for OIDC discovery
'core_identity_did_document_url' => 'https://identity.integration.account.gov.uk/.well-known/did.json', // The DID document URL used to verify the JWTCoreIdentity token from UserDetails endpoint
'client_id' => '', // Client ID issued by GOV.UK One Login
'keys' => [
    'algorithm' => 'RS256', // Algorithm for private_key
    'private_key' => '', // Private key used to encode assertion when obtaining access token (public key must be shared with GOV.UK One Login)
    'public_key' => '', // Public key used to decode assertion when obtaining access token
],
'redirect_uri' => [
    'logged_in' => '', // The url used for redirection back to the service
    'logged_out' => '', // The url used for redirection back to the service
],
'expected_core_identity_issuer' => 'https://identity.integration.account.gov.uk/', // Issuer for JWTCoreIdentity token

Contributing

Please refer to our Contribution Guide and Contributor Code of Conduct.