oauth2-server-php-docs icon indicating copy to clipboard operation
oauth2-server-php-docs copied to clipboard

Published 20 hours ago verified publisher icon bshaffer

Improve OpenID Documentation

Open biwerr opened this issue 9 years ago • 3 comments
trafficstars

Please add to the openID documentation, that you musst add a new grant type

$config['use_openid_connect'] = true; $config['issuer'] = 'brentertainment.com'; $server = new OAuth2\Server($config); $server->addGrantType(new OAuth2\OpenID\GrantType\AuthorizationCode($storage));

biwerr avatar Dec 15 '15 11:12 biwerr

This line of code should not be necessary. As long as use_openid_connect is true, the grant type above will automatically be added to the server object.

It's possible somewhere else in your code explicitly sets the grant types, and so getDefaultGrantTypes is never called, or something along these lines. Could you paste a full repro case here?

bshaffer avatar Nov 15 '17 01:11 bshaffer

Yes I set the GranTypes as mentioned in your Documentation

    $storage = new OAuth2\Storage\Pdo(DB::connection()->getPdo());

    $server = new OAuth2\Server($storage,Config::get("oauth2.config"));

    $publicKey  = file_get_contents(Config::get('oauth2.openID.public_key_test'));
    $privateKey = file_get_contents(Config::get('oauth2.openID.private_key'));

    $keyStorage = new OAuth2\Storage\Memory(array('keys' => array(
        'public_key'  => $publicKey,
        'private_key' => $privateKey,
    )));

    $server->addGrantType(new OAuth2\GrantType\ClientCredentials($storage));
    $server->addGrantType(new OAuth2\GrantType\UserCredentials($storage));
    $server->addGrantType(new OAuth2\GrantType\AuthorizationCode($storage));
    $server->addGrantType(new OAuth2\GrantType\RefreshToken($storage,Config::get("oauth2.config")));
    $server->addGrantType(new OAuth2\OpenID\GrantType\AuthorizationCode($storage));
    $server->addStorage($keyStorage, 'public_key');

    return $server;

biwerr avatar Nov 15 '17 07:11 biwerr

I'm currently following the this documentation to implement the OpenID connect, but I'm running into a few issues:

  1. It is not mentioned that a UserClaimsInterface implementation also needs to be provided.
  2. The documentation seems to mix a response_type=code request with an response_type=id_token response.
  3. I'm unsure why a public / private keys are needed with the id_token flow. A signed id_token is stored in the authorisation code table, but is not sent over the internet.
  4. Although fairly simple to work out, the UserInfoController is not documented.
  5. As mentioned earlier, using just using OAuth2\GrantType\AuthorizationCode instead of adding OAuth2\OpenID\GrantType\AuthorizationCode.

ghost avatar Feb 16 '18 10:02 ghost