Download the PHP package itk-dev/openid-connect without Composer
On this page you can find all versions of the php package itk-dev/openid-connect. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download itk-dev/openid-connect
More information about itk-dev/openid-connect
Files in itk-dev/openid-connect
Package openid-connect
Short Description OpenID connect configuration package
License MIT
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package openid-connect
OpenID Connect
Composer package for configuring OpenID Connect via OpenID Connect Discovery document.
This library is made and tested for use with Azure AD B2C but should be usable for other OpenID Connect providers.
References
- OpenID Connect Implicit Client Implementer's Guide 1.0
- Azure Active Directory B2C documentation
- Web sign-in with OpenID Connect in Azure Active Directory B2C
Usage
Framework
If you are looking to use this in a Symfony or Drupal project you should use either:
- Symfony: itk-dev/openid-connect-bundle
- Drupal: itk-dev/itkdev_openid_connect_drupal
Direct Installation
To install this library directly run
To use the library you must provide a cache implementation of PSR-6: Caching Interface. Look to PHP Cache for documentation and implementations.
Direct usage
Flow
When a user wishes to authenticate themselves, we create an instance of
OpenIdConfigurationProvider and redirect them to the authorization url this
provides.
Here the user can authenticate and if successful be redirected back the
redirect uri provided. During verification of the response from the authorizer
we can extract information about the user from the id_token, depending on
which claims are supported.
Configuration
To use the package import the namespace, create and configure a provider
Leeway
To account for clock skew times between the signing and verifying servers, you can set a leeway when configuring the provider. It is recommended that leeway should not be bigger than a few minutes.
Defaults to 10 seconds
For more information see the following:
-
firebase/php-jwt Last entry in the example mentions the leeway option.
- JWT documentation
Non-authorized requests
Non-authorized requests should be redirected to the authorization url.
To generate the authorization url you must supply "state" and "nonce":
State: "A value included in the request that's also returned in the token response. It can be a string of any content that you want. A randomly generated unique value is typically used for preventing cross-site request forgery attacks. The state is also used to encode information about the user's state in the application before the authentication request occurred, such as the page they were on."
Nonce: "A value included in the request (generated by the application) that is included in the resulting ID token as a claim. The application can then verify this value to mitigate token replay attacks. The value is typically a randomized unique string that can be used to identify the origin of the request."
See: Send authentication requests
You must persist these locally so that they can be used to validate the token when the user is redirected back to your application.
Note that the default response type and mode is set in
Verify authorized requests
The authorization service will redirect the user back to the redirectUri. This
should be an endpoint in your application where you validate the token and the
user.
Load the "state" and "nonce" from local storage and validate against the request values
Development Setup
A docker-compose.yml file with a PHP 7.4 image is included in this project.
To install the dependencies you can run
Unit Testing
A PhpUnit/Mockery setup is included in this library. To run the unit tests:
The test suite uses Mockery in order mock
public static methods
in 3rd party libraries like the JWT::decode method from firebase/jwt.
Psalm static analysis
Where using Psalm for static analysis. To run psalm do
Check Coding Standard
The following command let you test that the code follows the coding standard for the project.
-
PHP files (PHP-CS-Fixer)
- Markdown files (markdownlint standard rules)
Apply Coding Standards
To attempt to automatically fix coding style
-
PHP files (PHP-CS-Fixer)
- Markdown files (markdownlint standard rules)
CI
Github Actions are used to run the test suite and code style checks on all PR's.
If you wish to test against the jobs locally you can install act. Then do:
Versioning
We use SemVer for versioning. For the versions available, see the tags on this repository.
License
This project is licensed under the MIT License - see the LICENSE.md file for details
All versions of openid-connect with dependencies
ext-json Version *
ext-openssl Version *
league/oauth2-client Version ^2.6
firebase/php-jwt Version ^6.8
psr/cache Version ^2.0 || ^3.0
robrichards/xmlseclibs Version ^3.1
psr/http-client Version ^1.0