waaseyaa / oidc
OpenID Connect issuer for Waaseyaa — ecosystem-wide single sign-on
Maintainers
Requires
- php: >=8.4
- lcobucci/jwt: ^5.3
- league/oauth2-server: ^9.0
- waaseyaa/access: ^0.1.0-alpha.150
- waaseyaa/foundation: ^0.1.0-alpha.150
- waaseyaa/user: ^0.1.0-alpha.150
Requires (Dev)
- phpunit/phpunit: ^10.5
This package is auto-updated.
Last update: 2026-05-03 20:06:39 UTC
README
OpenID Connect issuer for the Waaseyaa ecosystem.
This package provides the authorization-server primitives used by a dedicated IdP app to act as the single sign-on provider for every Waaseyaa app (Giiken, Minoo, OIATC, NorthOps, etc.). Consumer apps do not install this package — they federate to the IdP via waaseyaa/oauth-provider's GenericOidcProvider.
Scope
- Authorization endpoint (
/authorize) - Token endpoint (
/token) - UserInfo endpoint (
/userinfo) - Discovery (
/.well-known/openid-configuration) - JWKS (
/.well-known/jwks.json) - Revocation (
/revoke) - RP-initiated logout (
/end_session) - Signing-key storage + rotation
Non-goals (v1)
- Multi-tenant realms
- Dynamic client registration (RFC 7591)
- SCIM provisioning
- Federation chaining
See ADR-006 for full context, invariants, and migration plan.
Status
Scaffold only. Implementation lands in follow-up PRs, TDD order per ADR-006 §7: discovery → JWKS → authorization code flow → token → userinfo → revocation → logout.
Stack
league/oauth2-server— OAuth 2.0 authorization serverlcobucci/jwt— ID token JWT assembly
License
GPL-2.0-or-later.