A simple library that allows an application to authenticate a user through the basic OpenID Connect flow. This library hopes to encourage OpenID Connect use by making it simple enough for a developer with little knowledge of the OpenID Connect protocol to setup authentication.
A special thanks goes to Justin Richer and Amanda Anganes for their help and support of the protocol.
- PHP 5.6 or greater
- JSON extension
- Install library using composer
composer require Athanasius/openid-connect-php
- Include composer autoloader
require '/vendor/autoload.php';use Athanasius\OpenIDConnectClient;
$request = \Zend\Diactoros\ServerRequestFactory::fromGlobals(
$_SERVER,
$_GET,
$_POST,
$_COOKIE,
$_FILES
);
$redirectUrl = \Athanasius\Utilities::getCurrentUri($request);//or take your own uri
$sessionStorage = new \Athanasius\Session\PHPSessionBridge();
$guzzleClient = new GuzzleHttp\Client();
$configuration = new \Athanasius\Configuration\ProviderAutoDiscover(
$guzzleClient,
'http://myproviderURL.com/',
'ClientIDHere',
'ClientSecretHere'
);
$oidc = new OpenIDConnectClient(
$configuration,
$sessionStorage,
$guzzleClient
);
$oidc->setCertPath('/path/to/my.cert');
$oidc->authenticate($request,$redirectUrl);
$name = $oidc->requestUserInfo('given_name');See openid spec for available user attributes
use Athanasius\OpenIDConnectClient;
$request = \Zend\Diactoros\ServerRequestFactory::fromGlobals(
$_SERVER,
$_GET,
$_POST,
$_COOKIE,
$_FILES
);
$sessionStorage = new \Athanasius\Session\PHPSessionBridge();
$redirectUrls = [\Athanasius\Utilities::getCurrentUri($request)];//or take your own uri
$guzzleClient = new GuzzleHttp\Client();
$configuration = new \Athanasius\Configuration\ProviderAutoDiscover(
$guzzleClient,
'http://myproviderURL.com/'
);
$oidc = new OpenIDConnectClient(
$configuration,
$sessionStorage,
$guzzleClient
);
$oidc->register($request,$redirectUrls);
$client_id = $oidc->getClientID();
$client_secret = $oidc->getClientSecret();
// Be sure to add logic to store the client id and client secret// Configure a proxy
$oidc->setHttpProxy("http://my.proxy.com:80/");
// Configure a cert
$oidc->setCertPath("/path/to/my.cert");use Athanasius\OpenIDConnectClient;
$sessionStorage = new \Athanasius\Session\PHPSessionBridge();
$guzzleClient = new GuzzleHttp\Client();
$configuration = new \Athanasius\Configuration\ProviderAutoDiscover(
$guzzleClient,
'http://myproviderURL.com/',
'ClientIDHere',
'ClientSecretHere'
);
$oidc = new OpenIDConnectClient(
$configuration,
$sessionStorage,
$guzzleClient
);
$oidc->providerConfigParam(array('token_endpoint'=>'https://id.provider.com/connect/token'));
$oidc->addScope('my_scope');
// this assumes success (to validate check if the access_token property is there and a valid JWT) :
$clientCredentialsToken = $oidc->requestClientCredentialsToken()->access_token;use Athanasius\OpenIDConnectClient;
$sessionStorage = new \Athanasius\Session\PHPSessionBridge();
$guzzleClient = new GuzzleHttp\Client();
$configuration = new \Athanasius\Configuration\ProviderAutoDiscover(
$guzzleClient,
'http://myproviderURL.com/',
'ClientIDHere',
'ClientSecretHere'
);
$oidc = new OpenIDConnectClient(
$configuration,
$sessionStorage,
$guzzleClient
);
$oidc->providerConfigParam(array('token_endpoint'=>'https://id.provider.com/connect/token'));
$oidc->addScope('my_scope');
//Add username and password
$oidc->addAuthParam(array('username'=>'<Username>'));
$oidc->addAuthParam(array('password'=>'<Password>'));
//Perform the auth and return the token (to validate check if the access_token property is there and a valid JWT) :
$token = $oidc->requestResourceOwnerToken(TRUE)->access_token;In some cases you may need to disable SSL security on on your development systems. Note: This is not recommended on production systems.
$oidc->setVerifyHost(false);
$oidc->setVerifyPeer(false);- Dynamic registration does not support registration auth tokens and endpoints
- All pull requests, once merged, should be added to the changelog.md file.