Download the PHP package facile-it/php-openid-client without Composer
On this page you can find all versions of the php package facile-it/php-openid-client. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download facile-it/php-openid-client
More information about facile-it/php-openid-client
Files in facile-it/php-openid-client
Informations about the package php-openid-client
php-openid-client
Full OpenID client implementation.
Most of the library code is based on the awesome node-openid-client
.
The PHP extension gmp
could be required.
Implemented specs and features
- OAuth 2.0 RFC 6749 & OpenID Connect Core 1.0
- Authorization (Authorization Code Flow, Implicit Flow, Hybrid Flow)
- UserInfo Endpoint and ID Tokens including Signing and Encryption (using the JWT Framework library)
- Passing a Request Object by Value or Reference including Signing and Encryption
- Offline Access / Refresh Token Grant
- Client Credentials Grant
- Client Authentication incl.
client_secret_jwt
andprivate_key_jwt
methods
- OpenID Connect Discovery 1.0
- OpenID Connect Dynamic Client Registration 1.0 and RFC7591 OAuth 2.0 Dynamic Client Registration Protocol
- OAuth 2.0 Form Post Response Mode
- RFC7009 - OAuth 2.0 Token Revocation
- RFC7662 - OAuth 2.0 Token Introspection
- RFC7592 - OAuth 2.0 Dynamic Client Registration Management Protocol
Supports of the following draft specifications
- JWT Response for OAuth Token Introspection - draft 03
- JWT Secured Authorization Response Mode for OAuth 2.0 (JARM) - draft 02
- OAuth 2.0 JWT Secured Authorization Request (JAR)
- OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access Tokens (MTLS) - draft 15
Installation
Requirements:
psr/http-client-implementation
implementationpsr/http-factory-implementation
implementationpsr/http-message-implementation
implementation
RSA
signing algorithms are already included from the JWT Framework package`.
If you need other algorithms you should install it manually.
Basic Usage
For a basic usage you shouldn't require any other dependency package.
Every builder have methods to customize instances with other dependencies.
Client registration
See OpenID Connect Dynamic Client Registration 1.0 and RFC7591 OAuth 2.0 Dynamic Client Registration Protocol.
Token Introspection
See RFC7662 - OAuth 2.0 Token Introspection.
Token Revocation
See RFC7009 - OAuth 2.0 Token Revocation.
Request Object
You can create a request object authorization request with the
Facile\OpenIDClient\RequestObject\RequestObjectFactory
class.
This will create a signed (and optionally encrypted) JWT token based on your client metadata.
Then you can use it to create the AuthRequest:
Aggregated and Distributed Claims
The library can handle aggregated and distributed claims:
`
Using middlewares
There are some middlewares and handles available:
SessionCookieMiddleware
This middleware should always be on top of middlewares chain to provide
a session for state
and nonce
parameters.
To use it you should install the dflydev/fig-cookies
package:
The middleware provides a Facile\OpenIDClient\Session\AuthSessionInterface
attribute with an Facile\OpenIDClient\Session\AuthSessionInterface
stateful
instance used to persist session data.
Using another session storage
If you have another session storage, you can handle it and provide a
Facile\OpenIDClient\Session\AuthSessionInterface
instance in the
Facile\OpenIDClient\Session\AuthSessionInterface
attribute.
ClientProviderMiddleware
This middleware should always be on top of middlewares chain to provide the client to the other middlewares.
AuthRequestProviderMiddleware
This middleware provide the auth request to use with the AuthRedirectHandler
.
AuthRedirectHandler
This handler will redirect the user to the OpenID authorization page.
CallbackMiddleware
This middleware will handle the callback from the OpenID provider.
It will provide a Facile\OpenIDClient\Token\TokenSetInterface
attribute
with the final TokenSet object.
UserInfoMiddleware
This middleware will fetch user data from the userinfo endpoint and will
provide an Facile\OpenIDClient\Middleware\UserInfoMiddleware
attribute
with user infos as array.
Performance improvements for production environment
It's important to use a cache to avoid to fetch issuer configuration and keys on every request.
Using Psalm
If you need to use Psalm you can include the plugin in your psalm.xml
.
All versions of php-openid-client with dependencies
ext-json Version *
facile-it/php-jose-verifier Version ^0.3 || ^0.4.3
php-http/discovery Version ^1.6
psr/http-client Version ^1.0
psr/http-client-implementation Version ^1.0
psr/http-factory Version ^1.0
psr/http-factory-implementation Version ^1.0
psr/http-message Version ^1.0 || ^2.0
psr/http-message-implementation Version ^1.0
psr/http-server-middleware Version ^1.0
web-token/jwt-checker Version ^2.0 || ^3.0
web-token/jwt-core Version ^2.0 || ^3.0
web-token/jwt-encryption Version ^2.0 || ^3.0
web-token/jwt-key-mgmt Version ^2.0.7 || ^3.0
web-token/jwt-signature Version ^2.0 || ^3.0
web-token/jwt-signature-algorithm-rsa Version ^2.0 || ^3.0