digitalcz / openid-connect
PHP implementation of OpenID Connect using symfony/contracts
Installs: 14 789
Dependents: 0
Suggesters: 0
Security: 0
Stars: 2
Watchers: 2
Forks: 0
Open Issues: 8
Requires
- php: ^8.4
- symfony/cache-contracts: ^3.6
- symfony/http-client-contracts: ^3.6
- web-token/jwt-library: ^4.0
Requires (Dev)
- digitalcz/coding-standard: ^0.3.0
- ergebnis/composer-normalize: ^2.47
- phpstan/phpstan: ^2.1
- phpstan/phpstan-phpunit: ^2.0
- phpstan/phpstan-strict-rules: ^2.0
- phpunit/phpunit: ^12.2
- symfony/cache: ^7.3
- symfony/http-client: ^7.3
- symfony/var-dumper: ^7.3
This package is auto-updated.
Last update: 2025-07-29 06:59:08 UTC
README
PHP implementation of OpenID Connect using symfony/contracts
Install
Via Composer
$ composer require digitalcz/openid-connect
Usage
Initialization
Using the OIDC discovery endpoint
use DigitalCz\OpenIDConnect\OidcFactory; use Symfony\Component\HttpClient\HttpClient; $httpClient = HttpClient::create(); $oidc = OidcFactory::create( httpClient: $httpClient, issuer: 'https://auth.example.com', clientId: 'my-client-id', clientSecret: 'my-client-secret', redirectUri: 'https://myapp.example.com/callback', );
Using manual issuer configuration
use DigitalCz\OpenIDConnect\OidcFactory; use DigitalCz\OpenIDConnect\Config\IssuerMetadata; use Symfony\Component\HttpClient\HttpClient; $httpClient = HttpClient::create(); $issuerMetadata = new IssuerMetadata([ 'authorization_endpoint' => 'https://auth.example.com/authorize', 'token_endpoint' => 'https://auth.example.com/token', 'jwks_uri' => 'https://auth.example.com/.well-known/jwks.json', 'issuer' => 'https://auth.example.com', ]); $oidc = OidcFactory::create( httpClient: $httpClient, issuer: $issuerMetadata, clientId: 'my-client-id', clientSecret: 'my-client-secret', redirectUri: 'https://myapp.example.com/callback', );
Authorization Code flow
Step 1 - Redirect the user to authorization endpoint
$authorizationCode = $oidc->authorizationCode(); $url = $authorizationCode->createAuthorizationUrl([ 'state' => 'random-state', 'nonce' => 'random-nonce' ]); // Redirect user to $url
Step 2 - Handle the callback and exchange code for tokens
// Get the authorization code from the callback URL $code = $_GET['code']; $nonce = 'random-nonce'; // Same nonce used in step 1 $tokens = $authorizationCode->fetchTokens($code, $nonce); echo "Access Token: " . $tokens->accessToken() . PHP_EOL; echo "ID Token: " . $tokens->idToken() . PHP_EOL; echo "Refresh Token: " . $tokens->refreshToken() . PHP_EOL;
Client Credentials flow
$clientCredentials = $oidc->clientCredentials(); $tokens = $clientCredentials->fetchTokens(); echo "Access Token: " . $tokens->accessToken() . PHP_EOL;
Resource Server (Token Validation)
use DigitalCz\OpenIDConnect\ResourceServer\JwtAccessToken; use DigitalCz\OpenIDConnect\ResourceServer\OpaqueAccessToken; use DigitalCz\OpenIDConnect\Util\JWT; $resourceServer = $oidc->resourceServer(); $accessToken = new JwtAccessToken($jwt); $validatedToken = $resourceServer->introspect($accessToken); echo "Token is valid for subject: " . $validatedToken->sub() . PHP_EOL; echo "Token expires at: " . date('Y-m-d H:i:s', $validatedToken->exp()) . PHP_EOL;
See examples for more complete examples
Testing
$ composer csfix # fix codestyle $ composer checks # run all checks # or separately $ composer tests # run phpunit $ composer phpstan # run phpstan $ composer cs # run codesniffer
Contributing
Please see CONTRIBUTING for details.
Security
If you discover any security related issues, please email devs@digital.cz instead of using the issue tracker.
Credits
License
The MIT License (MIT). Please see License File for more information.