kdoyen / openid-connect-php
Bare-bones OpenID Connect client
Installs: 82 369
Dependents: 0
Suggesters: 0
Security: 0
Stars: 2
Watchers: 1
Forks: 355
Open Issues: 3
Requires
- php: >=5.4.0
- ext-curl: *
- ext-json: *
- phpseclib/phpseclib: ^2.0
Requires (Dev)
- phpunit/phpunit: 5.*
This package is not auto-updated.
Last update: 2024-04-28 00:02:26 UTC
README
(This package is a fork of rask/openid-connect-php.)
A simple library that allows an application to authenticate a user through the basic OpenID Connect flow. This library hopes to encourage OpenID Connect use by making it simple enough for a developer with little knowledge of the OpenID Connect protocol to setup authentication.
A special thanks goes to Justin Richer and Amanda Anganes for their help and support of the protocol.
This package was originally created by Michael Jett and extensively modified by Otto Rask.
Requirements
- PHP 5.4 or greater
- CURL extension
- JSON extension
Install
Install library using composer
composer require kdoyen/openid-connect-php
Then include composer autoloader
<?php require '/vendor/autoload.php';
Example 1: Basic Client
<?php use OpenIdConnectClient\OpenIdConnectClient; $oidc = new OpenIDConnectClient([ 'provider_url' => 'https://id.provider.com/', 'client_id' => 'ClientIDHere', 'client_secret' => 'ClientSecretHere' ]); $oidc->authenticate(); $name = $oidc->requestUserInfo('given_name');
See openid spec for available user attributes.
Example 2: Dynamic Registration
<?php use OpenIdConnectClient\OpenIdConnectClient; $oidc = new OpenIDConnectClient([ 'provider_url' => 'https://id.provider.com/' ]); $oidc->register(); $client_id = $oidc->getClientID(); $client_secret = $oidc->getClientSecret();
Be sure to add logic to store the client id and client secret inside your application.
Example 3: Network and Security
<?php // Configure a proxy $oidc->setHttpProxy('http://my.proxy.com:80/'); // Configure a cert $oidc->setCertPath('/path/to/my.cert');
Example 4: Request Client Credentials Token
<?php use OpenIdConnectClient\OpenIdConnectClient; $oidc = new OpenIDConnectClient([ 'provider_url' => 'https://id.provider.com/', 'client_id' => 'ClientIDHere', 'client_secret' => 'ClientSecretHere' ]); $oidc->providerConfigParam([ 'token_endpoint' => 'https://id.provider.com/connect/token' ]); $oidc->addScope('my_scope'); // This assumes success (to validate check if the access_token // property is there and a valid JWT): $clientCredentialsToken = $oidc->requestClientCredentialsToken()->access_token;
Example 5: Token Introspection
<?php use OpenIdConnectClient\OpenIdConnectClient; $oidc = new OpenIDConnectClient([ 'provider_url' => 'https://id.provider.com/', 'client_id' => 'ClientIDHere', 'client_secret' => 'ClientSecretHere' ]); // Provide access token to introspect. // Can take an optional second parameter to set the token_type_hint. $introspectionResponse = $oidc->introspectToken('provided_access_token'); // Check if the response/token is active and valid (based on exp and nbf). $introspectionResponse->isActive(); // Get a list of allowed scopes. $scopeArray = $introspectionResponse->getScopes(); // Simple boolean response if response has scope provided. $introspectionResponse->hasScope('profile');
Todo
- Dynamic registration does not support registration auth tokens and endpoints.
- Re-factor/replace $_SESSION usage.
- Re-factor/complete test coverage.
License & authors information
This package is licensed with Apache License 2.0.
- This package was originally created by Michael Jett (jumbojett) from MITRE
- JWT signature verification support by Jonathan Reed jdreed@mit.edu.
- Major refactoring/updates by Otto Rask (rask)