Skip to content
An OpenID Connect Server that sites on The PHP League's OAuth2 Server
PHP
Branch: master
Clone or download
Pull request Compare This branch is 39 commits behind steverhoades:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
src remove setClaims method as cannot reset the claimSets collection Oct 14, 2016
.gitignore add id_token to OAuth2 Authorization response Oct 14, 2016
LICENSE
README.md Update README.md Oct 31, 2016
composer.json

README.md

OAuth 2.0 OpenID Connect Server

This implements the OpenID Connect specification on top of The PHP League's OAuth2 Server.

Requirements

The following versions of PHP are supported.

  • PHP 5.5
  • PHP 5.6
  • PHP 7.0

Usage

The following classes will need to be configured and passed to the AuthorizationServer in order to provide OpenID Connect functionality.

  1. IdentityRepository. This should implement the IdentityRepositoryInterface and return the identity of the user based on the return value of $accessToken->getUserIdentifier().
  2. ClaimSet. ClaimSet is a way to associate claims to a given scope.
  3. ClaimExtractor. The ClaimExtractor takes an array of ClaimSets and in addition provides default claims for the OpenID Connect specified scopes of: profile, email, phone and address.
  4. IdTokenResponse. This class must be passed to the AuthorizationServer during construction and is responsible for adding the id_token to the response.

Example Configuration

// Init Repositories
$clientRepository       = new ClientRepository();
$scopeRepository        = new ScopeRepository();
$accessTokenRepository  = new AccessTokenRepository();
$authCodeRepository     = new AuthCodeRepository();
$refreshTokenRepository = new RefreshTokenRepository();

$privateKeyPath = 'file://' . __DIR__ . '/../private.key';
$publicKeyPath = 'file://' . __DIR__ . '/../public.key';

// OpenID Connect Response Type
$responseType = new IdTokenResponse(new IdentityRepository(), new ClaimExtractor());

// Setup the authorization server
$server = new \League\OAuth2\Server\AuthorizationServer(
    $clientRepository,
    $accessTokenRepository,
    $scopeRepository,
    $privateKey,
    $publicKey,
    $responseType
);

$grant = new \League\OAuth2\Server\Grant\AuthCodeGrant(
    $authCodeRepository,
    $refreshTokenRepository,
    new \DateInterval('PT10M') // authorization codes will expire after 10 minutes
);

$grant->setRefreshTokenTTL(new \DateInterval('P1M')); // refresh tokens will expire after 1 month

// Enable the authentication code grant on the server
$server->enableGrantType(
    $grant,
    new \DateInterval('PT1H') // access tokens will expire after 1 hour
);

return $server;

After the server has been configured it should be used as described in the OAuth2 Server documentation.

Install

Via Composer

$ composer require steverhoades/oauth2-openid-connect-server

License

The MIT License (MIT). Please see License File for more information.

You can’t perform that action at this time.