How to integrate with backend and pass custom OAuth claims back to the client

[liverpoolfc-fan]

While I am comfortable with PHP in general, I am not familiar with the PHP framework your code uses.

I would like to customize the OpenID connect sample implementation on the server side to authenticate against our own backend system and to provide custom Oauth claims back to the client in the output Token.

Where do I go about doing this?

I can see references to $params['scope'] as possibly referring to custom data to be added but I cannot see where this ever gets set. Perhaps it is totally unrelated.

It would be useful to add high level instructions for the integration points in the readme referring to the modules to modify, and to add some commented out pseudo code where the integration should be done, and in what format the data should be returned by the backend so as to be usable by the library.

Are there flags/settings that determine whether the Token is Signed and/or Encrypted?

Thanks in advance. And apologies if these are basic questions.

[pzingg]

I wanted to do the same thing and found a couple of ways to do this.

1. One is to add scopes, but that's not so easily done if the scopes are created per token; I extended OAuth2\\Scope class and overrode the checkScope and scopeExists methods to define my own scope-permitted logic.

2. Another way is to extend as many of the OAuth2\\ResponseType and OAuth2\\OpenID\\ResponseType classes as you need and find the methods that create tokens, claims, etc.

In either case you will probably then have to write a class that extends OAuth2\\Server to bring in these new classes. My child Server class has to override these methods: createDefaultAuthorizeController, createDefaultIdTokenResponseType, createDefaultIdTokenTokenResponseType, createDefaultJwtAccessTokenResponseType, getDefaultResponseTypes, and getScopeUtil.