Download the PHP package steverhoades/oauth2-openid-connect-server without Composer
On this page you can find all versions of the php package steverhoades/oauth2-openid-connect-server. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download steverhoades/oauth2-openid-connect-server
More information about steverhoades/oauth2-openid-connect-server
Files in steverhoades/oauth2-openid-connect-server
Package oauth2-openid-connect-server
Short Description An OpenID Connect Server that sites on The PHP League's OAuth2 Server
License MIT
Informations about the package oauth2-openid-connect-server
OAuth 2.0 OpenID Connect Server
This implements the OpenID Connect specification on top of The PHP League's OAuth2 Server.
Requirements
- Requires PHP version 7.4 or greater.
- league/oauth2-server 8.4.2 or greater.
Note: league/oauth2-server version may have a higher PHP requirement.
Usage
The following classes will need to be configured and passed to the AuthorizationServer in order to provide OpenID Connect functionality.
- IdentityRepository. This MUST implement the OpenIDConnectServer\Repositories\IdentityProviderInterface and return the identity of the user based on the return value of $accessToken->getUserIdentifier().
- The IdentityRepository MUST return a UserEntity that implements the following interfaces
- OpenIDConnectServer\Entities\ClaimSetInterface
- League\OAuth2\Server\Entities\UserEntityInterface.
- The IdentityRepository MUST return a UserEntity that implements the following interfaces
- ClaimSet. ClaimSet is a way to associate claims to a given scope.
- ClaimExtractor. The ClaimExtractor takes an array of ClaimSets and in addition provides default claims for the OpenID Connect specified scopes of: profile, email, phone and address.
- IdTokenResponse. This class must be passed to the AuthorizationServer during construction and is responsible for adding the id_token to the response.
- ScopeRepository. The getScopeEntityByIdentifier($identifier) method must return a ScopeEntity for the
openid
scope in order to enable support. See examples.
Example Configuration
After the server has been configured it should be used as described in the OAuth2 Server documentation.
UserEntity
In order for this library to work properly you will need to add your IdentityProvider to the IdTokenResponse object. This will be used internally to lookup a UserEntity by it's identifier. Additionally your UserEntity must implement the ClaimSetInterface which includes a single method getClaims(). The getClaims() method should return a list of attributes as key/value pairs that can be returned if the proper scope has been defined.
ClaimSets
A ClaimSet is a scope that defines a list of claims.
As you can see from the above, profile lists a set of claims that can be extracted from our UserEntity if the profile scope is included with the authorization request.
Adding Custom ClaimSets
At some point you will likely want to include your own group of custom claims. To do this you will need to create a ClaimSetEntity, give it a scope (the value you will include in the scope parameter of your OAuth2 request) and the list of claims it supports.
Now, when you pass the company scope with your request it will attempt to locate those properties from your UserEntity::getClaims().
Install
Via Composer
Testing
To run the unit tests you will need to require league/oauth2-server from the source as this repository utilizes some of their existing test infrastructure.
Run PHPUnit from the root directory:
License
The MIT License (MIT). Please see License File for more information.
All versions of oauth2-openid-connect-server with dependencies
league/oauth2-server Version ^8.4.2|^9.0
lcobucci/jwt Version 4.1.5|^4.2|^4.3|^5.0