通过 
搜索
搜索digitalcz / openid-connect
PHP 实现了 https://openid.net/specs/openid-connect-core-1_0.html
v0.3.1
2024-05-30 13:14 UTC
Requires
- php: ^8.1
- php-http/discovery: ^1.14
- psr/http-client: ^1.0.1
- psr/http-factory: ^1.0.1
- psr/http-message: ^1.0.1 || ^2.0
- psr/simple-cache: ^1.0.1 || ^3.0
- spomky-labs/aes-key-wrap: ^7.0
- thecodingmachine/safe: ^2.0
- web-token/jwt-library: ^3.3
Requires (Dev)
- digitalcz/coding-standard: ^0.2.0
- nyholm/nsa: ^1.3.0
- nyholm/psr7: ^1.5.1
- php-http/curl-client: ^2.2.0
- php-http/mock-client: ^1.5.0
- phpstan/extension-installer: ^1.2.0
- phpstan/phpstan: ^1.9.0
- phpstan/phpstan-phpunit: ^1.3.0
- phpstan/phpstan-strict-rules: ^1.4.4
- phpunit/phpunit: ^10.5.11 || ^11.0.3
- symfony/cache: ^6.4.4 || ^v7.0.4
- symfony/var-dumper: ^6.4.4 || ^v7.0.4
- thecodingmachine/phpstan-safe-rule: ^1.2.0
README
PHP 实现 https://openid.net/specs/openid-connect-core-1_0.html
安装
通过 Composer
$ composer require digitalcz/openid-connect
用法
初始化
使用 OIDC 发现端点
use DigitalCz\OpenIDConnect\ClientMetadata; use DigitalCz\OpenIDConnect\ClientFactory; $issuerUrl = 'https://example.com'; $clientMetadata = new ClientMetadata('clientid', 'clientsecret', 'https://example.com/callback'); $client = ClientFactory::create($issuerUrl, $clientMetadata);
手动
use DigitalCz\OpenIDConnect\Client; use DigitalCz\OpenIDConnect\ClientMetadata; use DigitalCz\OpenIDConnect\Config; use DigitalCz\OpenIDConnect\Http\HttpClientFactory; use DigitalCz\OpenIDConnect\Token\TokenVerifierFactory; use DigitalCz\OpenIDConnect\ProviderMetadata; $clientMetadata = new ClientMetadata('clientid', 'clientsecret', 'https://example.com/callback'); $providerMetadata = new ProviderMetadata([ ProviderMetadata::AUTHORIZATION_ENDPOINT => 'https://example.com/authorize', ProviderMetadata::TOKEN_ENDPOINT => 'https://example.com/token', // ... ]) $config = new Config($providerMetadata, $clientMetadata); $client = new Client($config, HttpClientFactory::create());
授权代码流
步骤 1 - 将用户重定向到授权端点
use DigitalCz\OpenIDConnect\Param\AuthorizationParams; $state = bin2hex(random_bytes(8)); $_SESSION['oauth_state'] = $state; $authorizationParams = new AuthorizationParams([ AuthorizationParams::SCOPE => 'openid profile', AuthorizationParams::STATE => $state, ]); $url = $client->getAuthorizationUrl($authorizationParams); header('Location: ' . $url); exit();
步骤 2 - 处理回调并交换代码为令牌
use DigitalCz\OpenIDConnect\Param\CallbackParams; use DigitalCz\OpenIDConnect\Param\CallbackChecks; $tokens = $client->handleCallback( new CallbackParams($_GET), new CallbackChecks($_SESSION['oauth_state']) );
客户端凭证流
use DigitalCz\OpenIDConnect\Grant\ClientCredentials; use DigitalCz\OpenIDConnect\Param\TokenParams; $tokens = $client->requestTokens( new TokenParams( new ClientCredentials(), [ TokenParams::SCOPE => 'some scope' ] ) );
更多示例请见 这里
变更日志
有关最近更改的更多信息,请参阅 变更日志
测试
$ composer csfix # fix codestyle $ composer checks # run all checks # or separately $ composer tests # run phpunit $ composer phpstan # run phpstan $ composer cs # run codesniffer
贡献
请参阅 贡献指南 了解详情。
安全
如果您发现任何安全问题,请通过电子邮件 devs@digital.cz 联系我们,而不是使用问题跟踪器。
致谢
许可协议
MIT 许可协议(MIT)。更多信息请参阅 许可文件