通过 
搜索
搜索srako / openid-connect
PHP 实现的 https://openid.net/specs/openid-connect-core-1_0.html
v1.7
2024-04-08 08:32 UTC
Requires
- php: ^7.4||^8.0
- ext-json: *
- firebase/php-jwt: ^6.8
- php-http/discovery: ^1.14
- psr/http-client: ^1.0.1
- psr/http-factory: ^1.0.1
- psr/http-message: ^1.0.1
- psr/simple-cache: ^1.0||^2.0||^3.0
- web-token/jwt-checker: ^2.2
Requires (Dev)
- guzzlehttp/guzzle: ^7.8
README
PHP 实现的 https://openid.net/specs/openid-connect-core-1_0.html
安装
通过 Composer
$ composer require srako/openid-connect
用法
初始化
使用 OIDC 发现端点
use Srako\OpenIDConnect\ClientMetadata; use Srako\OpenIDConnect\ClientFactory; $issuerUrl = 'https://example.com'; $clientMetadata = new ClientMetadata('clientid', 'clientsecret', 'https://example.com/callback'); $client = ClientFactory::create($issuerUrl, $clientMetadata);
手动
use Srako\OpenIDConnect\Client; use Srako\OpenIDConnect\ClientMetadata; use Srako\OpenIDConnect\Config; use Srako\OpenIDConnect\Http\HttpClientFactory; use Srako\OpenIDConnect\Token\TokenVerifierFactory; use Srako\OpenIDConnect\ProviderMetadata; $clientMetadata = new ClientMetadata('clientid', 'clientsecret', 'https://example.com/callback'); $providerMetadata = new ProviderMetadata([ ProviderMetadata::AUTHORIZATION_ENDPOINT => 'https://example.com/authorize', ProviderMetadata::TOKEN_ENDPOINT => 'https://example.com/token', // ... ]) $config = new Config($providerMetadata, $clientMetadata); $client = new Client($config, HttpClientFactory::create());
授权代码流
步骤 1 - 将用户重定向到授权端点
use Srako\OpenIDConnect\Param\AuthorizationParams; $state = bin2hex(random_bytes(8)); $_SESSION['oauth_state'] = $state; $authorizationParams = new AuthorizationParams([ AuthorizationParams::SCOPE => 'openid profile', AuthorizationParams::STATE => $state, ]); $url = $client->getAuthorizationUrl($authorizationParams); header('Location: ' . $url); exit();
步骤 2 - 处理回调并交换代码为令牌
use Srako\OpenIDConnect\Param\CallbackParams; use Srako\OpenIDConnect\Param\CallbackChecks; $tokens = $client->handleCallback( new CallbackParams($_GET), new CallbackChecks($_SESSION['oauth_state']) );
客户端凭据流
use Srako\OpenIDConnect\Grant\ClientCredentials; use Srako\OpenIDConnect\Param\TokenParams; $tokens = $client->requestTokens( new TokenParams( new ClientCredentials(), [ TokenParams::SCOPE => 'some scope' ] ) );
更多示例请见 examples
致谢
许可证
MIT 许可证 (MIT)。请参阅 许可证文件 了解更多信息。