wannabe-pro / openid-connect
Bare-bones OpenID Connect client
Installs: 15 487
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 2
Forks: 0
Open Issues: 0
Requires
- php: >=5.5
- ext-curl: *
- ext-json: *
- phpseclib/phpseclib: ~2.0
Requires (Dev)
- phpunit/phpunit: ^4.8
- roave/security-advisories: dev-master
This package is auto-updated.
Last update: 2025-01-07 20:19:03 UTC
README
This is fork of jumbojett/openid-connect-php
PHP OpenID Connect Basic Client
A simple library that allows an application to authenticate a user through the basic OpenID Connect flow. This library hopes to encourage OpenID Connect use by making it simple enough for a developer with little knowledge of the OpenID Connect protocol to setup authentication.
A special thanks goes to Justin Richer and Amanda Anganes for their help and support of the protocol.
Requirements
- PHP 5.4 or greater
- CURL extension
- JSON extension
Install
- Install library using composer
composer require wannabe-pro/openid-connect
- Include composer autoloader
require __DIR__ . '/vendor/autoload.php';
Example 1: Basic Client
use WannaBaPro\OpenIDConnect; $oidc = new CLient('https://id.provider.com', 'ClientIDHere', 'ClientSecretHere'); $oidc->setCertPath('/path/to/my.cert'); $oidc->authenticate(); $name = $oidc->requestUserInfo('given_name');
See openid spec for available user attributes
Example 2: Dynamic Registration
use WannaBaPro\OpenIDConnect; $oidc = new Client("https://id.provider.com"); $oidc->register(); $client_id = $oidc->getClientID(); $client_secret = $oidc->getClientSecret(); // Be sure to add logic to store the client id and client secret
Example 3: Network and Security
// Configure a proxy $oidc->setHttpProxy("http://my.proxy.com:80/"); // Configure a cert $oidc->setCertPath("/path/to/my.cert");
Example 4: Request Client Credentials Token
use WannaBaPro\OpenIDConnect; $oidc = new Client('https://id.provider.com', 'ClientIDHere', 'ClientSecretHere'); $oidc->providerConfigParam(array('token_endpoint'=>'https://id.provider.com/connect/token')); $oidc->addScope('my_scope'); // this assumes success (to validate check if the access_token property is there and a valid JWT) : $clientCredentialsToken = $oidc->requestClientCredentialsToken()->access_token;
Example 5: Request Resource Owners Token (with client auth)
use WannaBaPro\OpenIDConnect; $oidc = new Client('https://id.provider.com', 'ClientIDHere', 'ClientSecretHere'); $oidc->providerConfigParam(array('token_endpoint'=>'https://id.provider.com/connect/token')); $oidc->addScope('my_scope'); //Add username and password $oidc->addAuthParam(array('username'=>'<Username>')); $oidc->addAuthParam(array('password'=>'<Password>')); //Perform the auth and return the token (to validate check if the access_token property is there and a valid JWT) : $token = $oidc->requestResourceOwnerToken(TRUE)->access_token;
Example 6: Basic client for implicit flow e.g. with Azure AD B2C (see http://openid.net/specs/openid-connect-core-1_0.html#ImplicitFlowAuth)
use WannaBaPro\OpenIDConnect; $oidc = new Client('https://id.provider.com', 'ClientIDHere', 'ClientSecretHere'); $oidc->setResponseTypes(array('id_token')); $oidc->addScope(array('openid')); $oidc->setAllowImplicitFlow(true); $oidc->addAuthParam(array('response_mode' => 'form_post')); $oidc->setCertPath('/path/to/my.cert'); $oidc->authenticate(); $sub = $oidc->getVerifiedClaims('sub');
Example 7: Introspection of an access token (see https://tools.ietf.org/html/rfc7662)
use WannaBaPro\OpenIDConnect; $oidc = new Client('https://id.provider.com', 'ClientIDHere', 'ClientSecretHere'); $data = $oidc->introspectToken('an.access-token.as.given'); if (!$data->active) { // the token is no longer usable }
Development Environments
In some cases you may need to disable SSL security on on your development systems. Note: This is not recommended on production systems.
$oidc->setVerifyHost(false); $oidc->setVerifyPeer(false);
Todo
- Dynamic registration does not support registration auth tokens and endpoints
Contributing
- All pull requests, once merged, should be added to the changelog.md file.