pvodicka / openid-connect-php
There is no license information available for the latest version (0.3.4) of this package.
Bare-bones OpenID Connect client
0.3.4
2018-01-15 09:58 UTC
Requires
- php: >=5.4
- ext-curl: *
- ext-json: *
- phpseclib/phpseclib: 2.0.* >=2.0.1
This package is auto-updated.
Last update: 2024-10-20 05:53:28 UTC
README
A simple library that allows an application to authenticate a user through the basic OpenID Connect flow. This library hopes to encourage OpenID Connect use by making it simple enough for a developer with little knowledge of the OpenID Connect protocol to setup authentication.
A special thanks goes to Justin Richer and Amanda Anganes for their help and support of the protocol.
Requirements
- PHP 5.4 or greater
- CURL extension
- JSON extension
Install
- Install library using composer
composer require jumbojett/openid-connect-php
- Include composer autoloader
require '/vendor/autoload.php';
Example 1: Basic Client
use Jumbojett\OpenIDConnectClient; $oidc = new OpenIDConnectClient('https://id.provider.com', 'ClientIDHere', 'ClientSecretHere'); $oidc->setCertPath('/path/to/my.cert'); $oidc->authenticate(); $name = $oidc->requestUserInfo('given_name');
See openid spec for available user attributes
Example 2: Dynamic Registration
use Jumbojett\OpenIDConnectClient; $oidc = new OpenIDConnectClient("https://id.provider.com"); $oidc->register(); $client_id = $oidc->getClientID(); $client_secret = $oidc->getClientSecret(); // Be sure to add logic to store the client id and client secret
Example 3: Network and Security
// Configure a proxy $oidc->setHttpProxy("http://my.proxy.com:80/"); // Configure a cert $oidc->setCertPath("/path/to/my.cert");
Example 4: Request Client Credentials Token
use Jumbojett\OpenIDConnectClient; $oidc = new OpenIDConnectClient('https://id.provider.com', 'ClientIDHere', 'ClientSecretHere'); $oidc->providerConfigParam(array('token_endpoint'=>'https://id.provider.com/connect/token')); $oidc->addScope('my_scope'); // this assumes success (to validate check if the access_token property is there and a valid JWT) : $clientCredentialsToken = $oidc->requestClientCredentialsToken()->access_token;
Example 5: Request Resource Owners Token (with client auth)
use Jumbojett\OpenIDConnectClient; $oidc = new OpenIDConnectClient('https://id.provider.com', 'ClientIDHere', 'ClientSecretHere'); $oidc->providerConfigParam(array('token_endpoint'=>'https://id.provider.com/connect/token')); $oidc->addScope('my_scope'); //Add username and password $oidc->addAuthParam(array('username'=>'<Username>')); $oidc->addAuthParam(array('password'=>'<Password>')); //Perform the auth and return the token (to validate check if the access_token property is there and a valid JWT) : $token = $oidc->requestResourceOwnerToken(TRUE)->access_token;
Development Environments
In some cases you may need to disable SSL security on on your development systems. Note: This is not recommended on production systems.
$oidc->setVerifyHost(false); $oidc->setVerifyPeer(false);
Todo
- Dynamic registration does not support registration auth tokens and endpoints
Contributing
- All pull requests, once merged, should be added to the changelog.md file.