oauth2-client
oauth2-client copied to clipboard
thephpleague
Add support for OpenID config discovery
Would be great if the library is to include support for OpenID config discovery https://openid.net/specs/openid-connect-discovery-1_0.html
There are a few servers who implemented it, and it would make the clients a bit more stable and easier to maintain:
- no need to update code on config changes
- easier to add new providers which have the config file, by adding only one URL instead of all URLs required atm
This looks like a feature to be added in this client, rather than in each individual provider.
Can be used now for:
- https://accounts.google.com/.well-known/openid-configuration
- https://login.salesforce.com/.well-known/openid-configuration
- https://www.paypalobjects.com/.well-known/openid-configuration
- https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration
- OAuth apps made with Amazon Cognito or Azure
Opening this only to start a discussion, as there is a lot required for this, both planning and code.
Since this is an identity layer on top of OAuth 2, I could see value in adding it here or having a separate library that provides it and depends on this library. This way, any provider who wants to use it can also require the other library.
I'm working on this. However I'm not sure how to handle caching for the discovery url. It would be too bad if this mostly static info had to be fetched for pretty much any request. Does oauth2-client have some cache layer?
Can't you achieve this by simply overriding the GenericProvider and adding a small cache layer ?
https://gist.github.com/emmanuelballery/200bc0838899400f678df94d88d12310
This is really a novice approach but...
https://github.com/cirrusidentity/simplesamlphp-module-authoauth2/blob/master/lib/Providers/OpenIDConnectProvider.php here is my take. It's not fully self contained, but it should be quite possible to extract something reusable from it
Would something like this work? https://github.com/thephpleague/oauth2-client/pull/899
