search

thephpleague / oauth2-client

Easy integration with OAuth 2.0 service providers.
http://oauth2-client.thephpleague.com
MIT License
3.65k stars 751 forks source link

OpenID Connect Discovery Support #899

Closed cloudcogsio closed 1 year ago

cloudcogsio commented 3 years ago

Initial Commit Tests and Documentation to follow.

cloudcogsio commented 3 years ago

Proposed

  1. New AbstractOIDCProvider that extends the base AbstractProvider but provides mechanisms for OIDC.

  2. Custom Providers wishing to utilize OIDC should extend the AbstractOIDCProvider class.

  3. An Interface which should be implemented and passed to the Provider config that will handle caching of public keys (JWKs). A simple file system implementation is provided. League\OAuth2\Client\Provider\OpenIDConnect\PublicKeyCache\File

  4. Required configs are [clientId, clientSecret, well_known_endpoint, publickey_cache_provider]

I believe backward compatibility is maintained with 2.x


use League\OAuth2\Client\Provider\OpenIDConnect\AbstractOIDCProvider;

class MyProvider extends AbstractOIDCProvider 
{
    /**
     * {@inheritDoc}
     * @see \League\OAuth2\Client\Provider\AbstractProvider::getDefaultScopes()
     */
    protected function getDefaultScopes()
    {
        // TODO Auto-generated method stub

    }

    /**
     * {@inheritDoc}
     * @see \League\OAuth2\Client\Provider\AbstractProvider::checkResponse()
     */
    protected function checkResponse(\Psr\Http\Message\ResponseInterface $response, $data)
    {
        // TODO Auto-generated method stub

    }

    /**
     * {@inheritDoc}
     * @see \League\OAuth2\Client\Provider\AbstractProvider::createResourceOwner()
     */
    protected function createResourceOwner(array $response, \League\OAuth2\Client\Token\AccessToken $token)
    {
        // TODO Auto-generated method stub

    }

}

$Provider = new MyProvider([
    AbstractOIDCProvider::OPTION_WELL_KNOWN_URL => 'https://my.auth.server/.well-known/openid-configuration',
    AbstractOIDCProvider::OPTION_PUBLICKEY_CACHE_PROVIDER => new \League\OAuth2\Client\Provider\OpenIDConnect\PublicKeyCache\File('my.auth.server.keys'),
    'clientId' => '{CLIENT-ID}',
    'clientSecret' => '{CLIENT-SECRET}'
]);

// Dump the auto discovered data
print_r($Provider->Discovery());

// Get the base auth URL
print $Provider->Discovery()->getAuthorizationEndpoint();
ruben0909 commented 3 years ago

Thank you for this :)

cloudcogsio commented 3 years ago

Thank you for this :)

You're welcome.

Decided to make it available as a separate package. https://github.com/cloudcogsio/oauth2-openid-connect-discovery

May close this PR or leave pending for 3.x consideration.

pierrocknroll commented 2 years ago

Is there any plan merge this PR ? Thanks