Skip to content

Commit

Permalink
Merge branch 'master' into features/allow-client_secret_basic-on-requ…
Browse files Browse the repository at this point in the history
…est-token

* master:
  fix: Removed duplicate check on jwks_uri and only check if jwks_uri exists when needed (jumbojett#373)
  fix: Check if subject is equal to subject of id token when verifying JWT claims (jumbojett#406)
  fix: Cast SERVER_PORT to integer (jumbojett#404)
  chore(deps): bump actions/cache from 3 to 4 (jumbojett#417)
  chore(deps): bump actions/checkout from 2 to 4 (jumbojett#416)
  docs: Update README.md to correct addScope parameter type in 1.0.0 (jumbojett#405)
  chore: Update ci to support php 8.3 and add dependabot (jumbojett#407)
  release: 1.0.0 (jumbojett#402)
  Set the User-Agent regardless of GET or POST (jumbojett#382)
  fix: Update well known config value function response types (jumbojett#376)
  feat: set useragent (jumbojett#370)
  feat: php7.0 minimum requirement (jumbojett#327)
  updated composer.json added replace, updated README.md added notification about project forked from

# Conflicts:
#	CHANGELOG.md
  • Loading branch information
Magentron committed May 22, 2024
2 parents 5b3bd9a + 41301c6 commit c9ee737
Show file tree
Hide file tree
Showing 8 changed files with 304 additions and 489 deletions.
13 changes: 13 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
# To get started with Dependabot version updates, you'll need to specify which
# package ecosystems to update and where the package manifests are located.
# Please see the documentation for all configuration options:
# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates

version: 2

updates:
# Maintain dependencies for GitHub Actions
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
8 changes: 4 additions & 4 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,20 +14,20 @@ jobs:
fail-fast: false
matrix:
os: [ubuntu-latest]
php: ['5.5', '5.6', '7.0', '7.1', '7.2', '7.3', '7.4', '8.0', '8.1']
php: ['7.0', '7.1', '7.2', '7.3', '7.4', '8.0', '8.1', '8.2', '8.3']

steps:
- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@v4
- name: Install PHP
uses: shivammathur/setup-php@v2
with:
php-version: ${{ matrix.php }}
- name: Get composer cache directory
id: composer-cache
run: echo "::set-output name=dir::$(composer config cache-files-dir)"
run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
- name: Cache composer dependencies
uses: actions/cache@v1
uses: actions/cache@v4
with:
path: ${{ steps.composer-cache.outputs.dir }}
key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
Expand Down
29 changes: 20 additions & 9 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,18 +4,29 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## [unreleased]
* Update visibility of getWellKnownConfigValue to protected. #363
* Fixed issue on authentication for php8. #354
[unreleased]
- Updated CI to also test on PHP 8.3 #407
- Updated readme PHP requirement to PHP 7.0+ #407
- Added dependabot for GitHub Actions #407
- Cast `$_SERVER['SERVER_PORT']` to integer to prevent adding 80 or 443 port to redirect URL. #403
- Check subject when verifying JWT #406
- Removed duplicate check on jwks_uri and only check if jwks_uri exists when needed #373
* Enabled `client_secret_basic` authentication on `requestClientCredentialsToken()` #347
* Support for signed and encrypted UserInfo response. #305
* Support for signed and encrypted ID Token. #305
* Update construct typehint in docblock. #364
* Fixed LogoutToken verification for single value aud claims #334

## [1.0.0] - 2023-12-13

### Added
- Support for signed and encrypted UserInfo response. #305
- Support for signed and encrypted ID Token. #305
- PHP 7.0 is required. #327
- Support for signed and encrypted UserInfo response and ID Token. #305
- Allow to set User-Agent header. #370

### Fixed
- User-Agent is set for any HTTP method in fetchURL() (not just POST). #382
- Update visibility of getWellKnownConfigValue to protected. #363
- Fixed issue on authentication for php8. #354
- Update construct typehint in docblock. #364
- Fixed LogoutToken verification for single value aud claims. #334
- Update well known config value function response types. #376

## [0.9.10] - 2022-09-30

Expand Down
25 changes: 13 additions & 12 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
NB: This is a fork from [jumbojett/OpenID-Connect-PHP](https://github.com/jumbojett/OpenID-Connect-PHP) to allow client basic authentication on obtaining the access token.

PHP OpenID Connect Basic Client
========================
A simple library that allows an application to authenticate a user through the basic OpenID Connect flow.
Expand All @@ -7,14 +9,14 @@ the OpenID Connect protocol to set up authentication.
A special thanks goes to Justin Richer and Amanda Anganes for their help and support of the protocol.

# Requirements #
1. PHP 5.4 or greater
1. PHP 7.0 or greater
2. CURL extension
3. JSON extension

## Install ##
1. Install library using composer
```
composer require jumbojett/openid-connect-php
composer require magentron/openid-connect-php
```

2. Include composer autoloader
Expand Down Expand Up @@ -69,8 +71,8 @@ use Jumbojett\OpenIDConnectClient;
$oidc = new OpenIDConnectClient('https://id.provider.com',
'ClientIDHere',
'ClientSecretHere');
$oidc->providerConfigParam(array('token_endpoint'=>'https://id.provider.com/connect/token'));
$oidc->addScope('my_scope');
$oidc->providerConfigParam(['token_endpoint'=>'https://id.provider.com/connect/token']);
$oidc->addScope(['my_scope']);

// this assumes success (to validate check if the access_token property is there and a valid JWT) :
$clientCredentialsToken = $oidc->requestClientCredentialsToken()->access_token;
Expand All @@ -85,12 +87,12 @@ use Jumbojett\OpenIDConnectClient;
$oidc = new OpenIDConnectClient('https://id.provider.com',
'ClientIDHere',
'ClientSecretHere');
$oidc->providerConfigParam(array('token_endpoint'=>'https://id.provider.com/connect/token'));
$oidc->addScope('my_scope');
$oidc->providerConfigParam(['token_endpoint'=>'https://id.provider.com/connect/token']);
$oidc->addScope(['my_scope']);

//Add username and password
$oidc->addAuthParam(array('username'=>'<Username>'));
$oidc->addAuthParam(array('password'=>'<Password>'));
$oidc->addAuthParam(['username'=>'<Username>']);
$oidc->addAuthParam(['password'=>'<Password>']);

//Perform the auth and return the token (to validate check if the access_token property is there and a valid JWT) :
$token = $oidc->requestResourceOwnerToken(TRUE)->access_token;
Expand All @@ -105,10 +107,9 @@ use Jumbojett\OpenIDConnectClient;
$oidc = new OpenIDConnectClient('https://id.provider.com',
'ClientIDHere',
'ClientSecretHere');
$oidc->setResponseTypes(array('id_token'));
$oidc->addScope(array('openid'));
$oidc->setResponseTypes(['id_token']);
$oidc->setAllowImplicitFlow(true);
$oidc->addAuthParam(array('response_mode' => 'form_post'));
$oidc->addAuthParam(['response_mode' => 'form_post']);
$oidc->setCertPath('/path/to/my.cert');
$oidc->authenticate();
$sub = $oidc->getVerifiedClaims('sub');
Expand Down Expand Up @@ -184,7 +185,7 @@ function handleLogout() {
session_commit();
session_id($session_id_to_destroy); // switches to that session
session_start();
$_SESSION = array(); // effectively ends the session
$_SESSION = []; // effectively ends the session
}
}
}
Expand Down
14 changes: 8 additions & 6 deletions composer.json
Original file line number Diff line number Diff line change
@@ -1,18 +1,20 @@
{
"name": "jumbojett/openid-connect-php",
"description": "Bare-bones OpenID Connect client",
"name": "magentron/openid-connect-php",
"description": "Bare-bones OpenID Connect client (forked to allow client secret basic authentication on obtaining access token)",
"license": "Apache-2.0",
"require": {
"php": ">=5.4",
"phpseclib/phpseclib" : "~2.0 || ^3.0",
"php": ">=7.0",
"ext-json": "*",
"ext-curl": "*",
"paragonie/random_compat": ">=2"
"phpseclib/phpseclib": "~3.0"
},
"require-dev": {
"roave/security-advisories": "dev-master",
"roave/security-advisories": "dev-latest",
"yoast/phpunit-polyfills": "^1.0"
},
"replace": {
"jumbojett/openid-connect-php": "<=0.9.10"
},
"archive" : {
"exclude" : [
".*"
Expand Down
Loading

0 comments on commit c9ee737

Please sign in to comment.