jumbojett / Openid Connect Php
Licence: apache-2.0
Minimalist OpenID Connect client
Stars: ✭ 336
Projects that are alternatives of or similar to Openid Connect Php
Aspnet5identityserverangularimplicitflow
OpenID Connect Code / Implicit Flow with Angular and ASP.NET Core 5 IdentityServer4
Stars: ✭ 670 (+99.4%)
Mutual labels: authentication, authorization, openid
Spark Pac4j
Security library for Sparkjava: OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...
Stars: ✭ 154 (-54.17%)
Mutual labels: authentication, authorization, openid-connect
Django Oidc Rp
A server side OpenID Connect Relying Party (RP, Client) implementation for Django.
Stars: ✭ 16 (-95.24%)
Mutual labels: authentication, authorization, openid-connect
Play Pac4j
Security library for Play framework 2 in Java and Scala: OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...
Stars: ✭ 375 (+11.61%)
Mutual labels: authentication, authorization, openid-connect
Oauthlib
A generic, spec-compliant, thorough implementation of the OAuth request-signing logic
Stars: ✭ 2,323 (+591.37%)
Mutual labels: authentication, authorization, openid-connect
Cloudfront Auth
An AWS CloudFront [email protected] function to authenticate requests using Google Apps, Microsoft, Auth0, OKTA, and GitHub login
Stars: ✭ 471 (+40.18%)
Mutual labels: authentication, authorization, openid-connect
Fosite
Extensible security first OAuth 2.0 and OpenID Connect SDK for Go.
Stars: ✭ 1,738 (+417.26%)
Mutual labels: authentication, authorization, openid-connect
Buji Pac4j
pac4j security library for Shiro: OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...
Stars: ✭ 444 (+32.14%)
Mutual labels: authentication, authorization, openid-connect
Django Oidc Provider
OpenID Connect and OAuth2 provider implementation for Djangonauts.
Stars: ✭ 320 (-4.76%)
Mutual labels: authentication, openid-connect, openid
External Auth Server
easy auth for reverse proxies
Stars: ✭ 189 (-43.75%)
Mutual labels: authentication, openid-connect, openid
Hydra
OpenID Certified™ OpenID Connect and OAuth Provider written in Go - cloud native, security-first, open source API security for your infrastructure. SDKs for any language. Compatible with MITREid.
Stars: ✭ 11,884 (+3436.9%)
Mutual labels: authorization, openid-connect, openid
Spring Security Pac4j
pac4j security library for Spring Security: OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...
Stars: ✭ 231 (-31.25%)
Mutual labels: authentication, authorization, openid-connect
Spring Webmvc Pac4j
Security library for Spring Web MVC: OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...
Stars: ✭ 110 (-67.26%)
Mutual labels: authentication, authorization, openid-connect
Pac4j
Security engine for Java (authentication, authorization, multi frameworks): OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...
Stars: ✭ 2,097 (+524.11%)
Mutual labels: authentication, authorization, openid-connect
Awesome Iam
👤 Identity and Access Management Knowledge for Cloud Platforms
Stars: ✭ 186 (-44.64%)
Mutual labels: authentication, authorization, openid
Oxauth
OAuth 2.0 server and client; OpenID Connect Provider (OP) & UMA Authorization Server (AS)
Stars: ✭ 308 (-8.33%)
Mutual labels: authentication, authorization, openid-connect
secure-oauth2-oidc-workshop
Hands-On Workshop for OAuth 2.0 and OpenID Connect 1.0
Stars: ✭ 58 (-82.74%)
Mutual labels: authorization, openid-connect
powerauth-crypto
PowerAuth - Open-source solution for authentication, secure data storage and transport security in mobile banking.
Stars: ✭ 48 (-85.71%)
Mutual labels: protocol, authorization
oidc-agent
oidc-agent for managing OpenID Connect tokens on the command line
Stars: ✭ 47 (-86.01%)
Mutual labels: openid, openid-connect
PHP OpenID Connect Basic Client
A simple library that allows an application to authenticate a user through the basic OpenID Connect flow. This library hopes to encourage OpenID Connect use by making it simple enough for a developer with little knowledge of the OpenID Connect protocol to setup authentication.
A special thanks goes to Justin Richer and Amanda Anganes for their help and support of the protocol.
Requirements
- PHP 5.4 or greater
- CURL extension
- JSON extension
Install
- Install library using composer
composer require jumbojett/openid-connect-php
- Include composer autoloader
require __DIR__ . '/vendor/autoload.php';
Example 1: Basic Client
use Jumbojett\OpenIDConnectClient;
$oidc = new OpenIDConnectClient('https://id.provider.com',
'ClientIDHere',
'ClientSecretHere');
$oidc->setCertPath('/path/to/my.cert');
$oidc->authenticate();
$name = $oidc->requestUserInfo('given_name');
See openid spec for available user attributes
Example 2: Dynamic Registration
use Jumbojett\OpenIDConnectClient;
$oidc = new OpenIDConnectClient("https://id.provider.com");
$oidc->register();
$client_id = $oidc->getClientID();
$client_secret = $oidc->getClientSecret();
// Be sure to add logic to store the client id and client secret
Example 3: Network and Security
// Configure a proxy
$oidc->setHttpProxy("http://my.proxy.com:80/");
// Configure a cert
$oidc->setCertPath("/path/to/my.cert");
Example 4: Request Client Credentials Token
use Jumbojett\OpenIDConnectClient;
$oidc = new OpenIDConnectClient('https://id.provider.com',
'ClientIDHere',
'ClientSecretHere');
$oidc->providerConfigParam(array('token_endpoint'=>'https://id.provider.com/connect/token'));
$oidc->addScope('my_scope');
// this assumes success (to validate check if the access_token property is there and a valid JWT) :
$clientCredentialsToken = $oidc->requestClientCredentialsToken()->access_token;
Example 5: Request Resource Owners Token (with client auth)
use Jumbojett\OpenIDConnectClient;
$oidc = new OpenIDConnectClient('https://id.provider.com',
'ClientIDHere',
'ClientSecretHere');
$oidc->providerConfigParam(array('token_endpoint'=>'https://id.provider.com/connect/token'));
$oidc->addScope('my_scope');
//Add username and password
$oidc->addAuthParam(array('username'=>'<Username>'));
$oidc->addAuthParam(array('password'=>'<Password>'));
//Perform the auth and return the token (to validate check if the access_token property is there and a valid JWT) :
$token = $oidc->requestResourceOwnerToken(TRUE)->access_token;
Example 6: Basic client for implicit flow e.g. with Azure AD B2C (see http://openid.net/specs/openid-connect-core-1_0.html#ImplicitFlowAuth)
use Jumbojett\OpenIDConnectClient;
$oidc = new OpenIDConnectClient('https://id.provider.com',
'ClientIDHere',
'ClientSecretHere');
$oidc->setResponseTypes(array('id_token'));
$oidc->addScope(array('openid'));
$oidc->setAllowImplicitFlow(true);
$oidc->addAuthParam(array('response_mode' => 'form_post'));
$oidc->setCertPath('/path/to/my.cert');
$oidc->authenticate();
$sub = $oidc->getVerifiedClaims('sub');
Example 7: Introspection of an access token (see https://tools.ietf.org/html/rfc7662)
use Jumbojett\OpenIDConnectClient;
$oidc = new OpenIDConnectClient('https://id.provider.com',
'ClientIDHere',
'ClientSecretHere');
$data = $oidc->introspectToken('an.access-token.as.given');
if (!$data->active) {
// the token is no longer usable
}
Example 8: PKCE Client
use Jumbojett\OpenIDConnectClient;
$oidc = new OpenIDConnectClient('https://id.provider.com',
'ClientIDHere',
null);
$oidc->setCodeChallengeMethod('S256');
$oidc->authenticate();
$name = $oidc->requestUserInfo('given_name');
Development Environments
In some cases you may need to disable SSL security on on your development systems. Note: This is not recommended on production systems.
$oidc->setVerifyHost(false);
$oidc->setVerifyPeer(false);
Todo
- Dynamic registration does not support registration auth tokens and endpoints
Contributing
- All pull requests, once merged, should be added to the changelog.md file.
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].