srako / openid-connect
PHP implementation of https://openid.net/specs/openid-connect-core-1_0.html
v2.0.1
2024-11-29 13:05 UTC
Requires
- php: ^8.1
- ext-json: *
- firebase/php-jwt: ^6.8
- php-http/discovery: ^1.14
- psr/http-client: ^1.0.1
- psr/http-factory: ^1.0.1
- psr/http-message: ^2.0
- psr/simple-cache: ^3.0
- web-token/jwt-framework: ^4.0
Requires (Dev)
- guzzlehttp/guzzle: ^7.8
README
PHP implementation of https://openid.net/specs/openid-connect-core-1_0.html
Install
Via Composer
$ composer require srako/openid-connect
Usage
Initialization
Using the OIDC discovery endpoint
use Srako\OpenIDConnect\ClientMetadata; use Srako\OpenIDConnect\ClientFactory; $issuerUrl = 'https://example.com'; $clientMetadata = new ClientMetadata('clientid', 'clientsecret', 'https://example.com/callback'); $client = ClientFactory::create($issuerUrl, $clientMetadata);
Manually
use Srako\OpenIDConnect\Client; use Srako\OpenIDConnect\ClientMetadata; use Srako\OpenIDConnect\Config; use Srako\OpenIDConnect\Http\HttpClientFactory; use Srako\OpenIDConnect\Token\TokenVerifierFactory; use Srako\OpenIDConnect\ProviderMetadata; $clientMetadata = new ClientMetadata('clientid', 'clientsecret', 'https://example.com/callback'); $providerMetadata = new ProviderMetadata([ ProviderMetadata::AUTHORIZATION_ENDPOINT => 'https://example.com/authorize', ProviderMetadata::TOKEN_ENDPOINT => 'https://example.com/token', // ... ]) $config = new Config($providerMetadata, $clientMetadata); $client = new Client($config, HttpClientFactory::create());
Authorization Code flow
Step 1 - Redirect the user to authorization endpoint
use Srako\OpenIDConnect\Param\AuthorizationParams; $state = bin2hex(random_bytes(8)); $_SESSION['oauth_state'] = $state; $authorizationParams = new AuthorizationParams([ AuthorizationParams::SCOPE => 'openid profile', AuthorizationParams::STATE => $state, ]); $url = $client->getAuthorizationUrl($authorizationParams); header('Location: ' . $url); exit();
Step 2 - Handle callback and exchange code for tokens
use Srako\OpenIDConnect\Param\CallbackParams; use Srako\OpenIDConnect\Param\CallbackChecks; $tokens = $client->handleCallback( new CallbackParams($_GET), new CallbackChecks($_SESSION['oauth_state']) );
Client Credentials flow
use Srako\OpenIDConnect\Grant\ClientCredentials; use Srako\OpenIDConnect\Param\TokenParams; $tokens = $client->requestTokens( new TokenParams( new ClientCredentials(), [ TokenParams::SCOPE => 'some scope' ] ) );
See examples for more
Credits
License
The MIT License (MIT). Please see License File for more information.