(This package is a fork of jumbojett/OpenID-Connect-PHP.)
A simple library that allows an application to authenticate a user through the basic OpenID Connect flow. This library hopes to encourage OpenID Connect use by making it simple enough for a developer with little knowledge of the OpenID Connect protocol to setup authentication.
A special thanks goes to Justin Richer and Amanda Anganes for their help and support of the protocol.
This package was originally created by Michael Jett.
- PHP 7.0 or greater
- CURL extension
- JSON extension
Add the package repository to your composer.json repositories
"repositories": [
{
"type": "vcs",
"url": "https://github.com/rask/openid-connect-php.git"
}
]
Install library using composer
composer require rask/openid-connect-php
Then include composer autoloader
<?php
require '/vendor/autoload.php';
<?php
use OpenIdConnectClient\OpenIdConnectClient;
$oidc = new OpenIDConnectClient([
'provider_url' => 'https://id.provider.com/',
'client_id' => 'ClientIDHere',
'client_secret' => 'ClientSecretHere'
]);
$oidc->authenticate();
$name = $oidc->requestUserInfo('given_name');
See openid spec for available user attributes.
<?php
use OpenIdConnectClient\OpenIdConnectClient;
$oidc = new OpenIDConnectClient([
'provider_url' => 'https://id.provider.com/'
]);
$oidc->register();
$client_id = $oidc->getClientID();
$client_secret = $oidc->getClientSecret();
Be sure to add logic to store the client id and client secret inside your application.
<?php
// Configure a proxy
$oidc->setHttpProxy('http://my.proxy.com:80/');
// Configure a cert
$oidc->setCertPath('/path/to/my.cert');
<?php
use OpenIdConnectClient\OpenIdConnectClient;
$oidc = new OpenIDConnectClient([
'provider_url' => 'https://id.provider.com/',
'client_id' => 'ClientIDHere',
'client_secret' => 'ClientSecretHere'
]);
$oidc->providerConfigParam([
'token_endpoint' => 'https://id.provider.com/connect/token'
]);
$oidc->addScope('my_scope');
// This assumes success (to validate check if the access_token
// property is there and a valid JWT):
$clientCredentialsToken = $oidc->requestClientCredentialsToken()->access_token;
- Dynamic registration does not support registration auth tokens and endpoints
This package is licensed with Apache License 2.0.
- This package was originally created by Michael Jett (jumbojett) from MITRE
- JWT signature verification support by Jonathan Reed jdreed@mit.edu.