Support for OpenID Connect (OIDC)?

Are there plans to support OpenID Connect (aka OIDC) via yii2-authclient or otherwise? (OpenID Connect is an authentication layer built on top of the OAuth2 authorization framework.)

Now that OpenID is dead and OAuth2 is widely (mis)used for authentication, OIDC adoption is growing quickly and is poised to become the industry standard for authentication and authorization.

I see that yii2-authclient supports both OpenID and OAuth2 so it should be fairly easy to support OpenID Connect. Is support for OIDC in the works? Is there a third-party extension? The only thing I could find was “yii2-openidconnect” on github, but it doesn’t appear to be production ready.

See:

• openid.net/connect/

• openid.net/connect/faq/

• en.wikipedia.org/wiki/OpenID_Connect

(First post so I can’t include links.)

It’s not in the works. Are there any examples of any major service adopting it?

Here are a few:

Google

https://developers.google.com/identity/protocols/OpenIDConnect

Microsoft Azure

https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-protocols-openid-connect-code

Amazon Web Services

http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc.html

Ping Identity

https://www.pingidentity.com/en/resources/articles/openid-connect.html

Gigya Identity Management

https://developers.gigya.com/display/GD/OpenID+Connect

Janrain Identity & Access Management

http://www.janrain.com/blog/janrain-supports-openid-connect/

Gluu Identity & Access Management

https://www.gluu.org/resources/documents/standards/openid-connect/

WSO2 Identity & Access Management

https://docs.wso2.com/display/IS510/OAuth2-OpenID+Connect

ForgeRock Access Management

https://www.forgerock.com/blog/openam-now-openid-certified/

Centrify Identity Server

https://docs.centrify.com/en/centrify/appref/index.html#page/cloudhelp/gen/saas_appref_openid.html

IBM Websphere

https://www.ibm.com/support/knowledgecenter/SSD28V_8.5.5/com.ibm.websphere.wlp.core.doc/ae/cwlp_openid_connect.html

VMware Authentication Services

https://vmware.github.io/lightwave/

Paypal

https://developer.paypal.com/docs/integration/direct/identity/log-in-with-paypal/

Salesforce

https://developer.salesforce.com/page/Inside_OpenID_Connect_on_Force.com

What would it take to get it in the works?

Unfortunately, I don’t have the skills to implement it. But it should be fairly easy for someone who knows OAuth2.

Authclient is mostly done by Paul Klimov so an issue at https://github.com/yiisoft/yii2-authclient/ which describes it in detail, links to docs and lists major services as you did here would be a good start.

Done:

https://github.com/yiisoft/yii2-authclient/issues/155

Thank you! Paul is currently busy but he’ll get to the issue for sure.

Hi

is there a way to get this to work on older versions of Yii ?

or a doc ? for Yii2 extensions to run on Yii 1.1.15 ?

Yii 2 extensions won’t run on 1.1 for sure.