Download the PHP package juliuspc/openid-connect-php without Composer
On this page you can find all versions of the php package juliuspc/openid-connect-php. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Informations about the package openid-connect-php
PHP OpenID Connect Client
A simple library that allows an application to authenticate a user through the basic OpenID Connect flow. This library hopes to encourage OpenID Connect use by making it simple enough for a developer with little knowledge of the OpenID Connect protocol to setup authentication.
This library is a fork of jumbojett/OpenID-Connect-PHP, which seems to be discontinued. For progress being made on fixing bugs of the original library see this wiki page.
Supported Specifications
- OpenID Connect Core 1.0
- OpenID Connect Discovery 1.0 (finding the issuer is missing)
- OpenID Connect RP-Initiated Logout 1.0 - draft 01
- OpenID Connect Dynamic Client Registration 1.0
- RFC 6749: The OAuth 2.0 Authorization Framework
- RFC 7009: OAuth 2.0 Token Revocation
- RFC 7636: Proof Key for Code Exchange by OAuth Public Clients
- RFC 7662: OAuth 2.0 Token Introspection
- RFC 8693: OAuth 2.0 Token Exchange
- Draft: OAuth 2.0 Authorization Server Issuer Identifier in Authorization Response
Requirements
- PHP 7.3 or greater
- JSON extension
Install
-
Install library using composer
- Include composer autoloader
Example 1: Basic Client
This example uses the Authorization Code flow and will also use PKCE if the OpenID Provider announces it in his Discovery document. If you are not sure, which flow you should choose: This one is the way to go. It is the most secure and versatile flow.
See OpenID Connect spec for available user attributes
Example 2: Dynamic Registration
Example 3: Network and Security
Example 4: Request Client Credentials Token
Example 5: Basic client for Implicit Flow
The Implicit Flow should be considered a legacy flow and not used if authorization code grant can be used. Due to its disadvantages and poor security, the implicit flow will be obsoleted with the upcoming OAuth 2.1 standard. See Example 1 for alternatives.
Example 6: Introspection of an access token
Introspection as defined in RFC 7662 is intended to get information about the token without needing to parse it. Especially in case of so called reference token, which are random strings and do not contain information.
Example 7: PKCE Client
PKCE is already configured used in most szenarios in Example 1. This example shows two special things:
- You may omit the client secret, if your OpenID Provider allows you to do so and if it is really needed for your use case. This is a rare use case, since PHP applications are typically confidential OAuth clients and thus don’t leak a client secret.
- Explicitly setting the Code Challenge Method via
setCodeChallengeMethod()
. This enables PKCE in case your OpenID Provider doesn’t announce support for it in the discovery document, but supports it anyway.
Development Environments
In some cases you may need to disable TLS certificate validation on on your development systems. Note: This is not recommended on production systems.
Unit Tests
Run the unit tests:
./vendor/bin/phpunit tests
Generate a code coverage report (open html/index.html in a browser to view results):
XDEBUG_MODE=coverage ./vendor/bin/phpunit --coverage-html html tests/
Note: You may need to install Xdebug to make this work.
Todo
- Dynamic registration does not support registration auth tokens and endpoints
- improving tests and test coverage of this library
Contributing
- All pull requests, once merged, should be added to the CHANGELOG.md file.
All versions of openid-connect-php with dependencies
phpseclib/phpseclib Version ~2.0
ext-json Version *
guzzlehttp/guzzle Version ^7
guzzlehttp/psr7 Version ^1.8