OpenID Connect support to the PHP League's OAuth2 Server. Compatible with Laravel Passport.

#OpenID Connect

OpenID Connect support to the PHP League's OAuth2 Server.

Compatible with Laravel Passport!

#Requirements

• Requires PHP version ^7.4|^8.0.
• lcobucci/jwt version ^4.0.
• league/oauth2-server ^8.2.

#Installation

composer require ronvanderheijden/openid-connect

#Keys

To sign and encrypt the tokens, we need a private and a public key.

mkdir -m 700 -p tmp
 
openssl genrsa -out tmp/private.key 2048
openssl rsa -in tmp/private.key -pubout -out tmp/public.key
 
chmod 600 tmp/private.key
chmod 644 tmp/public.key

#Example

I recommand to read this first.

To enable OpenID Connect, follow these simple steps

$privateKeyPath = 'tmp/private.key';
 
// create the response_type
$responseType = new IdTokenResponse(
    new IdentityRepository(),
    new ClaimExtractor(),
    Configuration::forSymmetricSigner(
        new Sha256(),
        InMemory::file($privateKeyPath),
    ),
);
 
$server = new \League\OAuth2\Server\AuthorizationServer(
    $clientRepository,
    $accessTokenRepository,
    $scopeRepository,
    $privateKeyPath,
    $encryptionKey,
    // add the response_type
    $responseType,
);

Now when calling the /authorize endpoint, provide the openid scope to get an id_token.
Provide more scopes (e.g. openid profile email) to receive additional claims in the id_token.

For a complete implementation, visit the OAuth2 Server example.

#Laravel Passport

You can use this package with Laravel Passport in 2 simple steps.

#1.) add the service provider

# config/app.php
'providers' => [
    /*
     * Package Service Providers...
     */
    OpenIDConnect\Laravel\PassportServiceProvider::class,
],

#2.) create an entity

Create an entity class in app/Entities/ named IdentityEntity or UserEntity. This entity is used to collect the claims.

# app/Entities/IdentityEntity.php
namespace App\Entities;
 
use League\OAuth2\Server\Entities\Traits\EntityTrait;
use OpenIDConnect\Claims\Traits\WithClaims;
use OpenIDConnect\Interfaces\IdentityEntityInterface;
 
class IdentityEntity implements IdentityEntityInterface
{
    use EntityTrait;
    use WithClaims;
 
    /**
     * The user to collect the additional information for
     */
    protected User $user;
 
    /**
     * The identity repository creates this entity and provides the user id
     * @param mixed $identifier
     */
    public function setIdentifier($identifier): void
    {
        $this->identifier = $identifier;
        $this->user = User::findOrFail($identifier);
    }
 
    /**
     * When building the id_token, this entity's claims are collected
     */
    public function getClaims(): array
    {
        return [
            'email' => $this->user->email,
        ];
    }
}

#Publishing the config

In case you want to change the default scopes, add custom claim sets or change the repositories, you can publish the openid config using:

php artisan vendor:publish --tag=openid

#Support

Found a bug? Got a feature request? Create an issue.

#License

OpenID Connect is open source and licensed under the MIT licence.