ronvanderheijden/openid-connect

OpenID Connect support to the PHP League's OAuth2 Server. Compatible with Laravel Passport.

1.1.0 2023-01-12 13:21 UTC

This package is auto-updated.

Last update: 2024-03-12 16:07:47 UTC


README

OpenID Connect support to the PHP League's OAuth2 Server.

Compatible with Laravel Passport!

Requirements

Installation

composer require ronvanderheijden/openid-connect

Keys

To sign and encrypt the tokens, we need a private and a public key.

mkdir -m 700 -p tmp

openssl genrsa -out tmp/private.key 2048
openssl rsa -in tmp/private.key -pubout -out tmp/public.key

chmod 600 tmp/private.key
chmod 644 tmp/public.key

Example

I recommand to read this first.

To enable OpenID Connect, follow these simple steps

$privateKeyPath = 'tmp/private.key';

// create the response_type
$responseType = new IdTokenResponse(
    new IdentityRepository(),
    new ClaimExtractor(),
    Configuration::forSymmetricSigner(
        new Sha256(),
        InMemory::file($privateKeyPath),
    ),
);

$server = new \League\OAuth2\Server\AuthorizationServer(
    $clientRepository,
    $accessTokenRepository,
    $scopeRepository,
    $privateKeyPath,
    $encryptionKey,
    // add the response_type
    $responseType,
);

Now when calling the /authorize endpoint, provide the openid scope to get an id_token.
Provide more scopes (e.g. openid profile email) to receive additional claims in the id_token.

For a complete implementation, visit the OAuth2 Server example.

Laravel Passport

You can use this package with Laravel Passport in 2 simple steps.

1.) add the service provider

# config/app.php
'providers' => [
    /*
     * Package Service Providers...
     */
    OpenIDConnect\Laravel\PassportServiceProvider::class,
],

2.) create an entity

Create an entity class in app/Entities/ named IdentityEntity or UserEntity. This entity is used to collect the claims.

# app/Entities/IdentityEntity.php
namespace App\Entities;

use League\OAuth2\Server\Entities\Traits\EntityTrait;
use OpenIDConnect\Claims\Traits\WithClaims;
use OpenIDConnect\Interfaces\IdentityEntityInterface;

class IdentityEntity implements IdentityEntityInterface
{
    use EntityTrait;
    use WithClaims;

    /**
     * The user to collect the additional information for
     */
    protected User $user;

    /**
     * The identity repository creates this entity and provides the user id
     * @param mixed $identifier
     */
    public function setIdentifier($identifier): void
    {
        $this->identifier = $identifier;
        $this->user = User::findOrFail($identifier);
    }

    /**
     * When building the id_token, this entity's claims are collected
     */
    public function getClaims(): array
    {
        return [
            'email' => $this->user->email,
        ];
    }
}

Publishing the config

In case you want to change the default scopes, add custom claim sets or change the repositories, you can publish the openid config using:

php artisan vendor:publish --tag=openid

Support

Found a bug? Got a feature request? Create an issue.

License

OpenID Connect is open source and licensed under the MIT licence.