Inheritance | yii\authclient\OpenIdConnect » yii\authclient\OAuth2 » yii\authclient\BaseOAuth » yii\authclient\BaseClient » yii\base\Component » yii\base\Object |
---|---|
Implements | yii\authclient\ClientInterface, yii\base\Configurable |
Available since version | 2.1.3 |
Source Code | https://github.com/yiisoft/yii2-authclient/blob/master/OpenIdConnect.php |
OpenIdConnect serves as a client for the OpenIdConnect flow.
Application configuration example:
'components' => [ 'authClientCollection' => [ 'class' => 'yii\authclient\Collection', 'clients' => [ 'google' => [ 'class' => 'yii\authclient\OpenIdConnect', 'issuerUrl' => 'https://accounts.google.com', 'clientId' => 'google_client_id', 'clientSecret' => 'google_client_secret', 'name' => 'google', 'title' => 'Google OpenID Connect', ], ], ] // ... ]
This class requires spomky-labs/jose
library to be installed for JWS verification. This can be done via composer:
composer require --prefer-dist "spomky-labs/jose:~5.0.6"
Note: if you are using well-trusted OpenIdConnect provider, you may disable $validateJws, making installation of spomky-labs/jose
library redundant, however it is not recommended as it violates the protocol specification.
See also:
JWS algorithms, which are allowed to be used. These are used by spomky-labs/jose
library for JWS validation/decryption. Make sure spomky-labs/jose
supports the particular algorithm before adding it here.
public array $allowedJwsAlgorithms = ['HS256', 'HS384', 'HS512', 'ES256', 'ES384', 'ES512', 'RS256', 'RS384', 'RS512', 'PS256', 'PS384', 'PS512']
The cache object, null
- if not enabled.
public yii\caching\Cache|null getCache ( )
public void setCache ( $cache )
OpenID provider configuration parameters.
public array getConfigParams ( )
The prefix for the key used to store $configParams data in cache. Actual cache key will be formed addition $id value to it.
See also $cache.
public string $configParamsCacheKeyPrefix = 'config-params-'
OpenID Issuer (provider) base URL, e.g. https://example.com
.
public string $issuerUrl = null
Auth request scope.
public string $scope = 'openid'
Whether to use and validate auth 'nonce' parameter in authentication flow.
public boolean getValidateAuthNonce ( )
public void setValidateAuthNonce ( $validateAuthNonce )
Whether to validate/decrypt JWS received with Auth token. Note: this functionality requires spomky-labs/jose
composer package to be installed. You can disable this option in case of usage of trusted OpenIDConnect provider, however this violates the protocol rules, so you are doing it on your own risk.
public boolean $validateJws = true
Applies client credentials (e.g. $clientId and $clientSecret) to the HTTP request instance.
This method should be invoked before sending any HTTP request, which requires client credentials.
protected void applyClientCredentialsToRequest ( $request ) | ||
---|---|---|
$request | yii\httpclient\Request |
HTTP request instance. |
Composes user authorization URL.
public string buildAuthUrl ( array $params = [] ) | ||
---|---|---|
$params | array |
Additional auth GET params. |
return | string |
Authorization URL. |
Creates token from its configuration.
protected yii\authclient\OAuthToken createToken ( array $tokenConfig = [] ) | ||
---|---|---|
$tokenConfig | array |
Token configuration. |
return | yii\authclient\OAuthToken |
Token instance. |
Composes default $returnUrl value.
protected string defaultReturnUrl ( ) | ||
---|---|---|
return | string |
Return URL. |
Discovers OpenID Provider configuration parameters.
protected array discoverConfig ( ) | ||
---|---|---|
return | array |
OpenID Provider configuration parameters. |
throws | yii\authclient\InvalidResponseException |
on failure. |
Fetches access token from authorization code.
public yii\authclient\OAuthToken fetchAccessToken ( $authCode, array $params = [] ) | ||
---|---|---|
$authCode | string |
Authorization code, usually comes at $_GET['code']. |
$params | array |
Additional request params. |
return | yii\authclient\OAuthToken |
Access token. |
throws | yii\web\HttpException |
on invalid auth state in case \yii\authclient\enableStateValidation is enabled. |
Generates the auth nonce value.
protected string generateAuthNonce ( ) | ||
---|---|---|
return | string |
Auth nonce value. |
public yii\caching\Cache|null getCache ( ) | ||
---|---|---|
return | yii\caching\Cache|null |
The cache object, |
Returns particular configuration parameter value.
public mixed getConfigParam ( $name ) | ||
---|---|---|
$name | string |
Configuration parameter name. |
return | mixed |
Configuration parameter value. |
public array getConfigParams ( ) | ||
---|---|---|
return | array |
OpenID provider configuration parameters. |
public boolean getValidateAuthNonce ( ) | ||
---|---|---|
return | boolean |
Whether to use and validate auth 'nonce' parameter in authentication flow. |
Initializes authenticated user attributes.
protected array initUserAttributes ( ) | ||
---|---|---|
return | array |
Auth user attributes. |
Decrypts/validates JWS, returning related data.
protected array loadJws ( $jws ) | ||
---|---|---|
$jws | string |
Raw JWS input. |
return | array |
JWS underlying data. |
throws | yii\web\HttpException |
on invalid JWS signature. |
Gets new auth token to replace expired one.
public yii\authclient\OAuthToken refreshAccessToken ( yii\authclient\OAuthToken $token ) | ||
---|---|---|
$token | yii\authclient\OAuthToken |
Expired auth token. |
return | yii\authclient\OAuthToken |
New auth token. |
Sets up a component to be used for caching.
This can be one of the following:
cache
)When null
is passed, it means caching is not enabled.
public void setCache ( $cache ) | ||
---|---|---|
$cache | yii\caching\Cache|array|string|null |
The cache object or the ID of the cache application component. |
public void setValidateAuthNonce ( $validateAuthNonce ) | ||
---|---|---|
$validateAuthNonce | boolean |
Whether to use and validate auth 'nonce' parameter in authentication flow. |
© 2008–2017 by Yii Software LLC
Licensed under the three clause BSD license.
http://www.yiiframework.com/doc-2.0/yii-authclient-openidconnect.html