oauth2-client icon indicating copy to clipboard operation
oauth2-client copied to clipboard

Published 20 hours ago verified publisher icon thephpleague

OpenID Connect Discovery Support

Open cloudcogsio opened this issue 4 years ago • 4 comments

Initial Commit Tests and Documentation to follow.

cloudcogsio avatar Aug 03 '21 11:08 cloudcogsio

Proposed

  1. New AbstractOIDCProvider that extends the base AbstractProvider but provides mechanisms for OIDC.

  2. Custom Providers wishing to utilize OIDC should extend the AbstractOIDCProvider class.

  3. An Interface which should be implemented and passed to the Provider config that will handle caching of public keys (JWKs). A simple file system implementation is provided. League\OAuth2\Client\Provider\OpenIDConnect\PublicKeyCache\File

  4. Required configs are [clientId, clientSecret, well_known_endpoint, publickey_cache_provider]

  • well_known_endpoint - The URL of the well-known endpoint service of the provider
  • publickey_cache_provider - A concrete implementation of League\OAuth2\Client\Provider\OpenIDConnect\PublicKeyCacheInterface

I believe backward compatibility is maintained with 2.x


use League\OAuth2\Client\Provider\OpenIDConnect\AbstractOIDCProvider;

class MyProvider extends AbstractOIDCProvider 
{
    /**
     * {@inheritDoc}
     * @see \League\OAuth2\Client\Provider\AbstractProvider::getDefaultScopes()
     */
    protected function getDefaultScopes()
    {
        // TODO Auto-generated method stub
        
    }

    /**
     * {@inheritDoc}
     * @see \League\OAuth2\Client\Provider\AbstractProvider::checkResponse()
     */
    protected function checkResponse(\Psr\Http\Message\ResponseInterface $response, $data)
    {
        // TODO Auto-generated method stub
        
    }

    /**
     * {@inheritDoc}
     * @see \League\OAuth2\Client\Provider\AbstractProvider::createResourceOwner()
     */
    protected function createResourceOwner(array $response, \League\OAuth2\Client\Token\AccessToken $token)
    {
        // TODO Auto-generated method stub
        
    }

    
}

$Provider = new MyProvider([
    AbstractOIDCProvider::OPTION_WELL_KNOWN_URL => 'https://my.auth.server/.well-known/openid-configuration',
    AbstractOIDCProvider::OPTION_PUBLICKEY_CACHE_PROVIDER => new \League\OAuth2\Client\Provider\OpenIDConnect\PublicKeyCache\File('my.auth.server.keys'),
    'clientId' => '{CLIENT-ID}',
    'clientSecret' => '{CLIENT-SECRET}'
]);

// Dump the auto discovered data
print_r($Provider->Discovery());

// Get the base auth URL
print $Provider->Discovery()->getAuthorizationEndpoint();

cloudcogsio avatar Aug 03 '21 12:08 cloudcogsio

Thank you for this :)

ruben0909 avatar Aug 03 '21 14:08 ruben0909

Thank you for this :)

You're welcome.

Decided to make it available as a separate package. https://github.com/cloudcogsio/oauth2-openid-connect-discovery

May close this PR or leave pending for 3.x consideration.

cloudcogsio avatar Aug 06 '21 11:08 cloudcogsio

Is there any plan merge this PR ? Thanks

pierrocknroll avatar Jan 08 '22 10:01 pierrocknroll