Download the PHP package marcing/php-openid-client without Composer
On this page you can find all versions of the php package marcing/php-openid-client. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download marcing/php-openid-client
More information about marcing/php-openid-client
Files in marcing/php-openid-client
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package php-openid-client
php-openid-client
Full OpenID client implementation.
Most of the library code is based on the awesome node-openid-client.
The PHP extension gmp could be required.
Implemented specs and features
- OAuth 2.0 RFC 6749 & OpenID Connect Core 1.0
- Authorization (Authorization Code Flow, Implicit Flow, Hybrid Flow)
- UserInfo Endpoint and ID Tokens including Signing and Encryption (using the JWT Framework library)
- Passing a Request Object by Value or Reference including Signing and Encryption
- Offline Access / Refresh Token Grant
- Client Credentials Grant
- Client Authentication incl.
client_secret_jwtandprivate_key_jwtmethods
- OpenID Connect Discovery 1.0
- OpenID Connect Dynamic Client Registration 1.0 and RFC7591 OAuth 2.0 Dynamic Client Registration Protocol
- OAuth 2.0 Form Post Response Mode
- RFC7009 - OAuth 2.0 Token Revocation
- RFC7662 - OAuth 2.0 Token Introspection
- RFC7592 - OAuth 2.0 Dynamic Client Registration Management Protocol
Supports of the following draft specifications
- JWT Response for OAuth Token Introspection - draft 03
- JWT Secured Authorization Response Mode for OAuth 2.0 (JARM) - draft 02
- OAuth 2.0 JWT Secured Authorization Request (JAR)
- OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access Tokens (MTLS) - draft 15
Installation
Requirements:
psr/http-client-implementationimplementationpsr/http-factory-implementationimplementationpsr/http-message-implementationimplementation
RSA signing algorithms are already included from the JWT Framework package`.
If you need other algorithms you should install it manually.
Basic Usage
For a basic usage you shouldn't require any other dependency package.
Every builder have methods to customize instances with other dependencies.
Client registration
See OpenID Connect Dynamic Client Registration 1.0 and RFC7591 OAuth 2.0 Dynamic Client Registration Protocol.
Token Introspection
See RFC7662 - OAuth 2.0 Token Introspection.
Token Revocation
See RFC7009 - OAuth 2.0 Token Revocation.
Request Object
You can create a request object authorization request with the
Facile\OpenIDClient\RequestObject\RequestObjectFactory class.
This will create a signed (and optionally encrypted) JWT token based on your client metadata.
Then you can use it to create the AuthRequest:
Aggregated and Distributed Claims
The library can handle aggregated and distributed claims:
`
Using middlewares
There are some middlewares and handles available:
SessionCookieMiddleware
This middleware should always be on top of middlewares chain to provide
a session for state and nonce parameters.
To use it you should install the dflydev/fig-cookies package:
The middleware provides a Facile\OpenIDClient\Session\AuthSessionInterface
attribute with an Facile\OpenIDClient\Session\AuthSessionInterface stateful
instance used to persist session data.
Using another session storage
If you have another session storage, you can handle it and provide a
Facile\OpenIDClient\Session\AuthSessionInterface instance in the
Facile\OpenIDClient\Session\AuthSessionInterface attribute.
ClientProviderMiddleware
This middleware should always be on top of middlewares chain to provide the client to the other middlewares.
AuthRequestProviderMiddleware
This middleware provide the auth request to use with the AuthRedirectHandler.
AuthRedirectHandler
This handler will redirect the user to the OpenID authorization page.
CallbackMiddleware
This middleware will handle the callback from the OpenID provider.
It will provide a Facile\OpenIDClient\Token\TokenSetInterface attribute
with the final TokenSet object.
UserInfoMiddleware
This middleware will fetch user data from the userinfo endpoint and will
provide an Facile\OpenIDClient\Middleware\UserInfoMiddleware attribute
with user infos as array.
Performance improvements for production environment
It's important to use a cache to avoid to fetch issuer configuration and keys on every request.
Using Psalm
If you need to use Psalm you can include the plugin in your psalm.xml.
All versions of php-openid-client with dependencies
ext-json Version *
facile-it/php-jose-verifier Version ^0.3 || ^0.4
php-http/discovery Version ^1.6
psr/http-client Version ^1.0
psr/http-client-implementation Version ^1.0
psr/http-factory Version ^1.0
psr/http-factory-implementation Version ^1.0
psr/http-message Version ^1.0
psr/http-message-implementation Version ^1.0
psr/http-server-middleware Version ^1.0
web-token/jwt-checker Version ^2.0 || ^3.0
web-token/jwt-core Version ^2.0 || ^3.0
web-token/jwt-encryption Version ^2.0 || ^3.0
web-token/jwt-key-mgmt Version ^2.0.7 || ^3.0
web-token/jwt-signature Version ^2.0 || ^3.0
web-token/jwt-signature-algorithm-rsa Version ^2.0 || ^3.0