oauth2-server-php-docs icon indicating copy to clipboard operation
oauth2-server-php-docs copied to clipboard

Published 20 hours ago verified publisher icon bshaffer

Document OpenID Connect

Open bshaffer opened this issue 11 years ago • 4 comments
trafficstars

Document OpenID Connect integration

bshaffer avatar May 17 '14 01:05 bshaffer

Hi there,

Is there any documentation about this feature?

Thanks!

thyandrecardoso avatar Oct 01 '14 10:10 thyandrecardoso

I'll wrote a small guide here.

  1. Enable OpenID Connect with the option 'use_openid_connect' => true

  2. Then create a custom Authorize Controller similar to Step-By-Step Walkthrough

// include our OAuth2 Server object
require_once __DIR__.'/server.php';

$request = OAuth2\Request::createFromGlobals();
$response = new OAuth2\Response();

// validate the authorize request
if (!$server->validateAuthorizeRequest($request, $response)) {
    $response->send();
    die;
}
// display an authorization form
if (empty($_POST)) {
  exit('
<form method="post">
  **<label>Username <input type="text" name="username" /></label><br />**
  **<label>password <input type="password" name="password" /></label><br />**
  <label>Do You Authorize TestClient?</label><br />
  <input type="submit" name="authorized" value="yes">
  <input type="submit" name="authorized" value="no">
</form>');
}

// ** Validate User **

// Clean input from attack threads
$sanitizedUsername = mySatinizeFunction($_POST['username']);
$sanitizedPassword = mySatinizeFunction($_POST['password']);

// A User credentials storage or any other custom class for validate the input pair.
$storage = new OAuth2\Storage\Memory(array('user_credentials' => $users));

if (!$storage->checkUserCredentials($sanitizedUsername, $sanitizedPassword) {
   exit("wrong username/password");
}
$userDetails = $storage->getUserDetails($sanitizedUsername);
$user_id = $userDetails['user_id'];
// ** Validate User (END) **

// print the authorization code if the user has authorized your client
$is_authorized = ($_POST['authorized'] === 'yes');
$server->handleAuthorizeRequest($request, $response, $is_authorized, **$user_id**);
if ($is_authorized) {
  // this is only here so that you get to see your code in the cURL request. Otherwise, we'd redirect back to the client
  $code = substr($response->getHttpHeader('Location'), strpos($response->getHttpHeader('Location'), 'code=')+5, 40);
  exit("SUCCESS! Authorization Code: $code");
}
$response->send();

Note: I've put * around the changes made from the step-by-step guide

Maks3w avatar Mar 17 '15 08:03 Maks3w

Hi,

can somone confirm, that Maks3w approach is correct ? For me it seems like customization on OAuth, not a valid use of OpenID connect.

Don't take me wrong, it took me whilte to understand, that OAuth is for authorization and OpenID connect is for authentication, but i don't know hot to connect these two things.

Is there any tutorial about setting up OpenID Connect on top of OAuth2 ? I will appreciate any help.

jan2442 avatar Mar 24 '15 12:03 jan2442

OpenID Connect is now documented here

bshaffer avatar Dec 01 '15 18:12 bshaffer