Download the PHP package mperusso/openid-connect-php without Composer
On this page you can find all versions of the php package mperusso/openid-connect-php. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download mperusso/openid-connect-php
More information about mperusso/openid-connect-php
Files in mperusso/openid-connect-php
Package openid-connect-php
Short Description Bare-bones OpenID Connect client
License Apache-2.0
Informations about the package openid-connect-php
PHP OpenID Connect Basic Client
A simple library that allows an application to authenticate a user through the basic OpenID Connect flow. This library hopes to encourage OpenID Connect use by making it simple enough for a developer with little knowledge of the OpenID Connect protocol to set up authentication.
A special thanks goes to Justin Richer and Amanda Anganes for their help and support of the protocol.
Requirements
- PHP 7.0 or greater
- CURL extension
- JSON extension
Install
-
Install library using composer
- Include composer autoloader
Example 1: Basic Client
See openid spec for available user attributes
Example 2: Dynamic Registration
Example 3: Network and Security
Example 4: Request Client Credentials Token
Example 5: Request Resource Owners Token (with client auth)
Example 6: Basic client for implicit flow e.g. with Azure AD B2C (see http://openid.net/specs/openid-connect-core-1_0.html#ImplicitFlowAuth)
Example 7: Introspection of an access token (see https://tools.ietf.org/html/rfc7662)
Example 8: PKCE Client
Example 9: Back-channel logout
Back-channel authentication assumes you can end a session on the server side on behalf of the user (without relying on their browser). The request is a POST from the OP direct to your RP. In this way, the use of this library can ensure your RP performs 'single sign out' for the user even if they didn't have your RP open in a browser or other device, but still had an active session there.
Either the sid or the sub may be accessible from the logout token sent from the OP. You can use either
getSidFromBackChannel()
or getSubjectFromBackChannel()
to retrieve them if it is helpful to match them to a session
in order to destroy it.
The below ensures the use of this library to ensure validation of the back-channel logout token, but is afterward just a hypothetical way of finding such a session and destroying it. Adjust it to the needs of your RP.
Example 10: Enable Token Endpoint Auth Methods
By default, only client_secret_basic
is enabled on client side which was the only supported for a long time.
Recently client_secret_jwt
and private_key_jwt
have been added, but they remain disabled until explicitly enabled.
Development Environments
In some cases you may need to disable SSL security on your development systems. Note: This is not recommended on production systems.
Also, your local system might not support HTTPS, so you might disable upgrading to it:
Todo
- Dynamic registration does not support registration auth tokens and endpoints
Contributing
- All pull requests, once merged, should be added to the CHANGELOG.md file.