srako/openid-connect

PHP implementation of https://openid.net/specs/openid-connect-core-1_0.html

Maintainers

Details

github.com/srako/openid-connect

Homepage

Source

Issues

Installs: 582

Dependents: 0

Suggesters: 0

Security: 0

Stars: 1

Watchers: 1

Forks: 0

Open Issues: 0

v2.0.1 2024-11-29 13:05 UTC

Requires

Requires (Dev)

MIT 2843579dd0dc4240aaa3097c01d5cdae5cd90f9b

  • Srako <srakor.woop@163.com>

phpOpenIdOpenID Connectoidc

This package is auto-updated.

Last update: 2025-03-29 01:07:11 UTC

README

PHP implementation of https://openid.net/specs/openid-connect-core-1_0.html

Install

Via Composer

$ composer require srako/openid-connect

Usage

Initialization

Using the OIDC discovery endpoint

use Srako\OpenIDConnect\ClientMetadata;
use Srako\OpenIDConnect\ClientFactory;

$issuerUrl = 'https://example.com';
$clientMetadata = new ClientMetadata('clientid', 'clientsecret', 'https://example.com/callback');
$client = ClientFactory::create($issuerUrl, $clientMetadata);
Manually 
use Srako\OpenIDConnect\Client;
use Srako\OpenIDConnect\ClientMetadata;
use Srako\OpenIDConnect\Config;
use Srako\OpenIDConnect\Http\HttpClientFactory;
use Srako\OpenIDConnect\Token\TokenVerifierFactory;
use Srako\OpenIDConnect\ProviderMetadata;

$clientMetadata = new ClientMetadata('clientid', 'clientsecret', 'https://example.com/callback');
$providerMetadata = new ProviderMetadata([
    ProviderMetadata::AUTHORIZATION_ENDPOINT => 'https://example.com/authorize',
    ProviderMetadata::TOKEN_ENDPOINT => 'https://example.com/token',
    // ...
])
$config = new Config($providerMetadata, $clientMetadata);
$client = new Client($config, HttpClientFactory::create());

Authorization Code flow

Step 1 - Redirect the user to authorization endpoint

use Srako\OpenIDConnect\Param\AuthorizationParams;

$state = bin2hex(random_bytes(8));
$_SESSION['oauth_state'] = $state;

$authorizationParams = new AuthorizationParams([
    AuthorizationParams::SCOPE => 'openid profile',
    AuthorizationParams::STATE => $state,
]);

$url = $client->getAuthorizationUrl($authorizationParams); 
header('Location: ' . $url);
exit();

Step 2 - Handle callback and exchange code for tokens

use Srako\OpenIDConnect\Param\CallbackParams;
use Srako\OpenIDConnect\Param\CallbackChecks;

$tokens = $client->handleCallback(
    new CallbackParams($_GET),
    new CallbackChecks($_SESSION['oauth_state'])
);

Client Credentials flow

use Srako\OpenIDConnect\Grant\ClientCredentials;
use Srako\OpenIDConnect\Param\TokenParams;

$tokens = $client->requestTokens(
    new TokenParams(
        new ClientCredentials(),
        [
            TokenParams::SCOPE => 'some scope'
        ]
    )
);

See examples for more

Credits

License

The MIT License (MIT). Please see License File for more information.