pzworks/openid-connect-php

简洁的OpenID Connect客户端

维护者

详细信息

github.com/pzworks/OpenID-Connect-PHP

源代码

安装: 832

依赖: 0

建议: 0

安全: 0

星星: 0

关注者: 0

分支: 363

v0.8.2 2019-12-03 08:38 UTC

Requires

Requires (Dev)

Apache-2.0 61119d43949dcd8a9b935946c47592e1aa42ee87

This package is auto-updated.

Last update: 2024-09-15 00:09:19 UTC

README

这是一个简单的库,允许应用程序通过基本的OpenID Connect流程进行用户身份验证。这个库旨在通过简化设置过程来鼓励使用OpenID Connect,即使开发者对OpenID Connect协议知之甚少,也可以轻松进行身份验证。

特别感谢Justin Richer和Amanda Anganes对协议的帮助和支持。

需求

  1. PHP 5.4或更高版本
  2. CURL扩展
  3. JSON扩展

安装

  1. 使用composer安装库
composer require pzworks/openid-connect-php
  1. 包含composer自动加载器
require __DIR__ . '/vendor/autoload.php';

示例1:基本客户端

use pzworks\OpenIDConnectClient;

$oidc = new OpenIDConnectClient('https://id.provider.com',
                                'ClientIDHere',
                                'ClientSecretHere');
$oidc->setCertPath('/path/to/my.cert');
$oidc->authenticate();
$name = $oidc->requestUserInfo('given_name');

请参阅openid规范以获取可用用户属性

示例2:动态注册

use pzworks\OpenIDConnectClient;

$oidc = new OpenIDConnectClient("https://id.provider.com");

$oidc->register();
$client_id = $oidc->getClientID();
$client_secret = $oidc->getClientSecret();

// Be sure to add logic to store the client id and client secret

示例3:网络和安全

// Configure a proxy
$oidc->setHttpProxy("http://my.proxy.com:80/");

// Configure a cert
$oidc->setCertPath("/path/to/my.cert");

示例4:请求客户端凭证令牌

use pzworks\OpenIDConnectClient;

$oidc = new OpenIDConnectClient('https://id.provider.com',
                                'ClientIDHere',
                                'ClientSecretHere');
$oidc->providerConfigParam(array('token_endpoint'=>'https://id.provider.com/connect/token'));
$oidc->addScope('my_scope');

// this assumes success (to validate check if the access_token property is there and a valid JWT) :
$clientCredentialsToken = $oidc->requestClientCredentialsToken()->access_token;

示例5:请求资源所有者令牌(带有客户端身份验证)

use pzworks\OpenIDConnectClient;

$oidc = new OpenIDConnectClient('https://id.provider.com',
                                'ClientIDHere',
                                'ClientSecretHere');
$oidc->providerConfigParam(array('token_endpoint'=>'https://id.provider.com/connect/token'));
$oidc->addScope('my_scope');

//Add username and password
$oidc->addAuthParam(array('username'=>'<Username>'));
$oidc->addAuthParam(array('password'=>'<Password>'));

//Perform the auth and return the token (to validate check if the access_token property is there and a valid JWT) :
$token = $oidc->requestResourceOwnerToken(TRUE)->access_token;

示例6:基本客户端,用于隐式流程,例如与Azure AD B2C(请参阅http://openid.net/specs/openid-connect-core-1_0.html#ImplicitFlowAuth

use pzworks\OpenIDConnectClient;

$oidc = new OpenIDConnectClient('https://id.provider.com',
                                'ClientIDHere',
                                'ClientSecretHere');
$oidc->setResponseTypes(array('id_token'));
$oidc->addScope(array('openid'));
$oidc->setAllowImplicitFlow(true);
$oidc->addAuthParam(array('response_mode' => 'form_post'));
$oidc->setCertPath('/path/to/my.cert');
$oidc->authenticate();
$sub = $oidc->getVerifiedClaims('sub');

示例7:访问令牌的检查(请参阅https://tools.ietf.org/html/rfc7662

use pzworks\OpenIDConnectClient;

$oidc = new OpenIDConnectClient('https://id.provider.com',
                                'ClientIDHere',
                                'ClientSecretHere');
$data = $oidc->introspectToken('an.access-token.as.given');
if (!$data->active) {
    // the token is no longer usable
}

开发环境

在某些情况下,您可能需要在开发系统上禁用SSL安全。注意:在生产系统上不推荐这样做。

$oidc->setVerifyHost(false);
$oidc->setVerifyPeer(false);

待办事项

  • 动态注册不支持注册认证令牌和端点

贡献

  • 所有合并后的pull请求都应该添加到changelog.md文件中。