Skip to content
/ oauth2-hydra Public

Hydra Provider for the PHP League OAuth 2.0 Client

1 star 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

tulipretail/oauth2-hydra

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
src
src
 
 
tests/Provider
tests/Provider
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
composer.json
composer.json
 
 
composer.lock
composer.lock
 
 
phpunit.xml
phpunit.xml
 
 

Repository files navigation

Hydra PHP Oauth2 Client

This package provides Hydra OAuth 2.0 support for the PHP League's OAuth 2.0 Client.

Installation

To install, use composer:

composer require tulip/oauth2-hydra

Usage

Usage is the same as The League's OAuth client, using \Hydra\OAuth2\Provider\OAuth2 as the provider.

With the Hydra SDK

You can use this library to acquire an access token for use with the Hydra SDK.

Here we get one with the 'hydra.clients' scope:

    $provider = new \Hydra\OAuth2\Provider\OAuth2([
        'clientId' => 'admin',
        'clientSecret' => 'demo-password',
        'domain' => 'https://your-hydra-domain',
    ]);

    try {
        // Get an access token using the client credentials grant.
        // Note that you must separate multiple scopes with a plus (+)
        $accessToken = $provider->getAccessToken(
            'client_credentials', ['scope' => 'hydra.clients']
        );
    } catch (\Hydra\Oauth2\Provider\Exception\ConnectionException $e) {
        die("Connection to Hydra failed: ".$e->getMessage());
    } catch (\Hydra\Oauth2\Provider\Exception\IdentityProviderException $e) {
        die("Failed to get an access token: ".$e->getMessage());
    }

    // You may now pass $accessToken to the hydra SDK to manage clients

As an OIDC Client

You can also use this library if you are a Relying Party.

Here we send users to Hydra to authenticate so that we can complete the authorization code flow:

    $provider = new \Hydra\OAuth2\Provider\OAuth2([
        'clientId' => 'admin',
        'clientSecret' => 'demo-password',
        'domain' => 'https://your-hydra-domain',
        // Be sure this is a redirect URI you registered with Hydra for your client!
        'redirectUri' => 'http://your-domain.com/bobsflowers',
    ]);

    if (!isset($_GET['code'])) {

        // If we don't have an authorization code then get one
        $authUrl = $provider->getAuthorizationUrl(['scope' => ['openid']]);
        $_SESSION['oauth2state'] = $provider->getState();
        header('Location: '.$authUrl);
        die();

    // Check given state against previously stored one to mitigate CSRF attack
    } elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) {

        unset($_SESSION['oauth2state']);
        die('Invalid state');

    } else {

        // Try to get an access token (using the authorization code grant)
        $token = $provider->getAccessToken('authorization_code', [
            'code' => $_GET['code']
        ]);

        // Optional: Now you have a token you can look up a users profile data
        try {

            // We got an access token, let's now get the user's details
            $user = $provider->getResourceOwner($token);

            // $user contains public claims from the id token
            printf('User info: ', json_encode($user));

        } catch (\Hydra\Oauth2\Provider\Exception\IdentityProviderException $e) {
            die('Unable to fetch user details: '.$e->getMessage());
        }

        // Use this to interact with an API on the users behalf
        echo $token->getToken();
    }

About

Hydra Provider for the PHP League OAuth 2.0 Client

Topics

php oauth2 composer hydra oidc

Resources

Readme
Activity
Custom properties

Stars

1 star

Watchers

3 watching

Forks

4 forks
Report repository

Releases 2

Fix breaking change with phpleage's oauth2 client. Latest
Nov 28, 2018
+ 1 release

Packages

No packages published

Languages