PHP OpenID Connect Basic Client
(This package is a fork of rask/openid-connect-php.), (*1)
A simple library that allows an application to authenticate a user
through the basic OpenID Connect flow. This library hopes to encourage
OpenID Connect use by making it simple enough for a developer with
little knowledge of the OpenID Connect protocol to setup authentication., (*2)
A special thanks goes to Justin Richer and Amanda Anganes for their help
and support of the protocol., (*3)
This package was originally created by Michael Jett and extensively modified by
Otto Rask., (*4)
Requirements
- PHP 5.4 or greater
- CURL extension
- JSON extension
Install
Install library using composer, (*5)
composer require kdoyen/openid-connect-php
Then include composer autoloader, (*6)
<?php
require '/vendor/autoload.php';
Example 1: Basic Client
<?php
use OpenIdConnectClient\OpenIdConnectClient;
$oidc = new OpenIDConnectClient([
'provider_url' => 'https://id.provider.com/',
'client_id' => 'ClientIDHere',
'client_secret' => 'ClientSecretHere'
]);
$oidc->authenticate();
$name = $oidc->requestUserInfo('given_name');
See openid spec for available user attributes., (*7)
Example 2: Dynamic Registration
<?php
use OpenIdConnectClient\OpenIdConnectClient;
$oidc = new OpenIDConnectClient([
'provider_url' => 'https://id.provider.com/'
]);
$oidc->register();
$client_id = $oidc->getClientID();
$client_secret = $oidc->getClientSecret();
Be sure to add logic to store the client id and client secret inside
your application., (*8)
Example 3: Network and Security
<?php
// Configure a proxy
$oidc->setHttpProxy('http://my.proxy.com:80/');
// Configure a cert
$oidc->setCertPath('/path/to/my.cert');
Example 4: Request Client Credentials Token
<?php
use OpenIdConnectClient\OpenIdConnectClient;
$oidc = new OpenIDConnectClient([
'provider_url' => 'https://id.provider.com/',
'client_id' => 'ClientIDHere',
'client_secret' => 'ClientSecretHere'
]);
$oidc->providerConfigParam([
'token_endpoint' => 'https://id.provider.com/connect/token'
]);
$oidc->addScope('my_scope');
// This assumes success (to validate check if the access_token
// property is there and a valid JWT):
$clientCredentialsToken = $oidc->requestClientCredentialsToken()->access_token;
Example 5: Token Introspection
<?php
use OpenIdConnectClient\OpenIdConnectClient;
$oidc = new OpenIDConnectClient([
'provider_url' => 'https://id.provider.com/',
'client_id' => 'ClientIDHere',
'client_secret' => 'ClientSecretHere'
]);
// Provide access token to introspect.
// Can take an optional second parameter to set the token_type_hint.
$introspectionResponse = $oidc->introspectToken('provided_access_token');
// Check if the response/token is active and valid (based on exp and nbf).
$introspectionResponse->isActive();
// Get a list of allowed scopes.
$scopeArray = $introspectionResponse->getScopes();
// Simple boolean response if response has scope provided.
$introspectionResponse->hasScope('profile');
Todo
- Dynamic registration does not support registration auth tokens and endpoints.
- Re-factor/replace $_SESSION usage.
- Re-factor/complete test coverage.
This package is licensed with Apache License 2.0., (*9)
Wallogit.com
