通过 
搜索
搜索steverhoades / oauth2-openid-connect-client
利用PHP Leagues OAuth2 Client的OAuth2 OpenID Connect客户端
v2.0.0
2023-01-13 18:13 UTC
Requires
- php: >= 7.4
- lcobucci/jwt: ~4.0
- league/oauth2-client: ^2.0
- webmozart/assert: ^1.10
Requires (Dev)
- dg/bypass-finals: ^1.3
- enlightn/security-checker: ^1.9
- ergebnis/composer-normalize: ^2.15
- insolita/unused-scanner: ^2.3
- maglnet/composer-require-checker: ^3.3
- php-parallel-lint/php-parallel-lint: ^1.3
- phpunit/phpunit: ^9.5
- roave/security-advisories: dev-master
- squizlabs/php_codesniffer: ^3.6
This package is auto-updated.
Last update: 2024-09-04 12:00:21 UTC
README
此包使用PHP League的OAuth2客户端和此JWT令牌库来提供OAuth2 OpenID Connect客户端。
要求
以下版本的PHP受支持。
- PHP 7.4
- PHP 8.0
- PHP 8.1
用法
您可以测试您的OpenID Connect客户端与bshaffer的演示oauth2服务器。
<?php $signer = new \Lcobucci\JWT\Signer\Rsa\Sha256(); $provider = new \OpenIDConnectClient\OpenIDConnectProvider([ 'clientId' => 'demoapp', 'clientSecret' => 'demopass', // the issuer of the identity token (id_token) this will be compared with what is returned in the token. 'idTokenIssuer' => 'brentertainment.com', // Your server 'redirectUri' => 'http://example.com/your-redirect-url/', 'urlAuthorize' => 'http://brentertainment.com/oauth2/lockdin/authorize', 'urlAccessToken' => 'http://brentertainment.com/oauth2/lockdin/token', 'urlResourceOwnerDetails' => 'http://brentertainment.com/oauth2/lockdin/resource', // Find the public key here: https://github.com/bshaffer/oauth2-demo-php/blob/master/data/pubkey.pem // to test against brentertainment.com 'publicKey' => 'file:///myproj/data/public.key', ], [ 'signer' => $signer ] ); // send the authorization request if (empty($_GET['code'])) { $redirectUrl = $provider->getAuthorizationUrl(); header(sprintf('Location: %s', $redirectUrl), true, 302); return; } // receive authorization response try { $token = $provider->getAccessToken('authorization_code', [ 'code' => $_GET['code'] ]); } catch (\OpenIDConnectClient\Exception\InvalidTokenException $e) { $errors = $provider->getValidatorChain()->getMessages(); return; } $accessToken = $token->getToken(); $refreshToken = $token->getRefreshToken(); $expires = $token->getExpires(); $hasExpired = $token->hasExpired(); $idToken = $token->getIdToken(); $email = $idToken->claims()->get('email', false); $allClaims = $idToken->claims();
运行示例
已提供示例客户端,可在本存储库的/example目录中找到。要运行示例,可以使用PHP内置的web服务器。
$ php -S localhost:8081 client.php
然后打开此链接: http://localhost:8081/
这应会将您带到bshaffer的OAuth2 Live OpenID Connect演示网站。
令牌验证
使用lcobucci/jwt库验证id_token。您需要将适当的signer和publicKey传递给OpenIdConnectProvider。
安装
通过Composer
$ composer require steverhoades/oauth2-openid-connect-client
nbf中的时钟差异容忍度
通过在getAccessToken方法调用中使用nbfToleranceSeconds选项,可以在IdP和SP之间容忍一些时钟差异。
<?php ... // receive authorization response try { $token = $provider->getAccessToken('authorization_code', [ 'code' => $_GET['code'], //adds 60 seconds to currentTime to tolerate 1 minute difference in clocks between IdP and SP 'nbfToleranceSeconds' => 60 ]); } catch (\OpenIDConnectClient\Exception\InvalidTokenException $e) { $errors = $provider->getValidatorChain()->getMessages(); return; }
许可证
MIT许可证(MIT)。有关更多信息,请参阅许可证文件。
待办事项
- 添加对OpenID Connect 认证请求参数的支持
- 添加测试
- 检查隐式和混合流支持
- 示例端点以显示用法