Final Class Yiisoft\Yii\AuthClient\Client\OpenIdConnect
OpenIdConnect serves as a client for the OpenIdConnect flow.
See also Yiisoft\Yii\AuthClient\OAuth2.
Protected Properties
| Property | Type | Description | Defined By |
|---|---|---|---|
| $accessToken | array|Yiisoft\Yii\AuthClient\OAuthToken|null | Access token instance or its array configuration. | Yiisoft\Yii\AuthClient\OAuth |
| $authUrl | string | Yiisoft\Yii\AuthClient\Client\OpenIdConnect | |
| $autoRefreshAccessToken | boolean | Whether to automatically perform 'refresh access token' request on expired access token. | Yiisoft\Yii\AuthClient\OAuth |
| $clientId | string | OAuth client ID. | Yiisoft\Yii\AuthClient\OAuth2 |
| $clientSecret | string | OAuth client secret. | Yiisoft\Yii\AuthClient\OAuth2 |
| $endpoint | string | API base URL. | Yiisoft\Yii\AuthClient\OAuth |
| $factory | \Yiisoft\Factory\Factory | Yiisoft\Yii\AuthClient\OAuth2 | |
| $httpClient | \Psr\Http\Client\ClientInterface | Yiisoft\Yii\AuthClient\AuthClient | |
| $normalizeUserAttributeMap | array | Map used to normalize user attributes fetched from external auth service in format: normalizedAttributeName => sourceSpecification 'sourceSpecification' can be: - string, raw attribute name - array, pass to raw attribute value - callable, PHP callback, which should accept array of raw attributes and return normalized value. | Yiisoft\Yii\AuthClient\AuthClient |
| $requestFactory | \Psr\Http\Message\RequestFactoryInterface | Yiisoft\Yii\AuthClient\AuthClient | |
| $returnUrl | string | Yiisoft\Yii\AuthClient\OAuth2 | |
| $scope | string|null | Yiisoft\Yii\AuthClient\Client\OpenIdConnect | |
| $session | \Yiisoft\Session\SessionInterface | Yiisoft\Yii\AuthClient\OAuth2 | |
| $tokenUrl | string | Token request URL endpoint. | Yiisoft\Yii\AuthClient\OAuth2 |
| $validateAuthState | boolean | Whether to use and validate auth 'state' parameter in authentication flow. | Yiisoft\Yii\AuthClient\OAuth2 |
| $viewOptions | array | View options in format: optionName => optionValue | Yiisoft\Yii\AuthClient\AuthClient |
Public Methods
Protected Methods
Property Details
Method Details
OpenIdConnect constructor.
| public __construct( \Psr\Http\Client\ClientInterface $httpClient, \Psr\Http\Message\RequestFactoryInterface $requestFactory, Yiisoft\Yii\AuthClient\StateStorage\StateStorageInterface $stateStorage, \Yiisoft\Factory\Factory $factory, \Yiisoft\Session\SessionInterface $session, \Psr\SimpleCache\CacheInterface $cache, string $name, string $title ): mixed | ||
| $httpClient | \Psr\Http\Client\ClientInterface | |
| $requestFactory | \Psr\Http\Message\RequestFactoryInterface | |
| $stateStorage | Yiisoft\Yii\AuthClient\StateStorage\StateStorageInterface | |
| $factory | \Yiisoft\Factory\Factory | |
| $session | \Yiisoft\Session\SessionInterface | |
| $cache | \Psr\SimpleCache\CacheInterface | |
| $name | string | |
| $title | string | |
public function __construct(
ClientInterface $httpClient,
RequestFactoryInterface $requestFactory,
StateStorageInterface $stateStorage,
Factory $factory,
SessionInterface $session,
CacheInterface $cache,
string $name,
string $title,
) {
$this->cache = $cache;
$this->name = $name;
$this->title = $title;
parent::__construct($httpClient, $requestFactory, $stateStorage, $factory, $session);
}
Defined in: Yiisoft\Yii\AuthClient\OAuth::api()
Performs request to the OAuth API returning response data.
You may use createApiRequest() method instead, gaining more control over request execution.
See also createApiRequest().
| public api( string $apiSubUrl, string $method = 'GET', array|string $data = [], array $headers = [] ): array | ||
| $apiSubUrl | string |
API sub URL, which will be append to \Yiisoft\Yii\AuthClient\apiBaseUrl, or absolute API URL. |
| $method | string |
Request method. |
| $data | array|string |
Request data or content. |
| $headers | array |
Additional request headers. |
| return | array |
API response data. |
|---|---|---|
| throws | Exception | |
public function api($apiSubUrl, $method = 'GET', $data = [], $headers = []): array
{
$request = $this->createApiRequest($method, $apiSubUrl);
$request = RequestUtil::addHeaders($request, $headers);
if (!empty($data)) {
if (is_array($data)) {
$request = RequestUtil::addParams($request, $data);
} else {
$request->getBody()->write($data);
}
}
$request = $this->beforeApiRequestSend($request);
$response = $this->sendRequest($request);
if ($response->getStatusCode() !== 200) {
throw new InvalidResponseException(
$response,
'Request failed with code: ' . $response->getStatusCode() . ', message: ' . (string)$response->getBody()
);
}
return (array)Json::decode($response->getBody()->getContents());
}
| public applyAccessTokenToRequest( \Psr\Http\Message\RequestInterface $request, Yiisoft\Yii\AuthClient\OAuthToken $accessToken ): \Psr\Http\Message\RequestInterface | ||
| $request | \Psr\Http\Message\RequestInterface | |
| $accessToken | Yiisoft\Yii\AuthClient\OAuthToken | |
#[\Override]
public function applyAccessTokenToRequest(RequestInterface $request, OAuthToken $accessToken): RequestInterface
{
return RequestUtil::addParams(
$request,
[
'access_token' => $accessToken->getToken(),
]
);
}
| protected applyClientCredentialsToRequest( \Psr\Http\Message\RequestInterface $request ): \Psr\Http\Message\RequestInterface | ||
| $request | \Psr\Http\Message\RequestInterface | |
#[\Override]
protected function applyClientCredentialsToRequest(RequestInterface $request): RequestInterface
{
$supportedAuthMethods = (array) $this->getConfigParam('token_endpoint_auth_methods_supported');
if (in_array('client_secret_basic', $supportedAuthMethods, true)) {
$request = $request->withHeader(
'Authorization',
'Basic ' . base64_encode($this->clientId . ':' . $this->clientSecret)
);
} elseif (in_array('client_secret_post', $supportedAuthMethods, true)) {
$request = RequestUtil::addParams(
$request,
[
'client_id' => $this->clientId,
'client_secret' => $this->clientSecret,
]
);
} elseif (in_array('client_secret_jwt', $supportedAuthMethods, true)) {
$header = [
'typ' => 'JWT',
'alg' => 'HS256',
];
$payload = [
'iss' => $this->clientId,
'sub' => $this->clientId,
'aud' => $this->tokenUrl,
'jti' => $this->generateAuthNonce(),
'iat' => time(),
'exp' => time() + 3600,
];
$signatureBaseString = base64_encode(Json::encode($header)) . '.' . base64_encode(Json::encode($payload));
$signatureMethod = new HmacSha('sha256');
$signature = $signatureMethod->generateSignature($signatureBaseString, $this->clientSecret);
$assertion = $signatureBaseString . '.' . $signature;
$request = RequestUtil::addParams(
$request,
[
'assertion' => $assertion,
]
);
} else {
throw new InvalidConfigException(
'Unable to authenticate request: No auth method supported'
);
}
return $request;
}
| public beforeApiRequestSend( \Psr\Http\Message\RequestInterface $request ): \Psr\Http\Message\RequestInterface | ||
| $request | \Psr\Http\Message\RequestInterface | |
public function beforeApiRequestSend(RequestInterface $request): RequestInterface
{
$accessToken = $this->getAccessToken();
if (!is_object($accessToken) || !$accessToken->getIsValid()) {
throw new Exception('Invalid access token.');
}
return $this->applyAccessTokenToRequest($request, $accessToken);
}
| public buildAuthUrl( \Psr\Http\Message\ServerRequestInterface $incomingRequest, array $params = [] ): string | ||
| $incomingRequest | \Psr\Http\Message\ServerRequestInterface | |
| $params | array | |
#[\Override]
public function buildAuthUrl(
ServerRequestInterface $incomingRequest,
array $params = []
): string {
if (strlen($this->authUrl) == 0) {
$this->authUrl = (string) $this->getConfigParam('authorization_endpoint');
}
return parent::buildAuthUrl($incomingRequest, $params);
}
Defined in: Yiisoft\Yii\AuthClient\OAuth::createApiRequest()
Creates an HTTP request for the API call.
The created request will be automatically processed adding access token parameters and signature before sending. You may use createRequest() to gain full control over request composition and execution.
See also createRequest().
| public createApiRequest( string $method, string $uri ): \Psr\Http\Message\RequestInterface | ||
| $method | string | |
| $uri | string | |
| return | \Psr\Http\Message\RequestInterface |
HTTP request instance. |
|---|---|---|
public function createApiRequest(string $method, string $uri): RequestInterface
{
return $this->createRequest($method, $this->endpoint . $uri);
}
| public createRequest( string $method, string $uri ): \Psr\Http\Message\RequestInterface | ||
| $method | string | |
| $uri | string | |
public function createRequest(string $method, string $uri): RequestInterface
{
return $this->requestFactory->createRequest($method, $uri);
}
| protected createToken( array $tokenConfig = [] ): Yiisoft\Yii\AuthClient\OAuthToken | ||
| $tokenConfig | array | |
#[\Override]
protected function createToken(array $tokenConfig = []): OAuthToken
{
$params = (array) $tokenConfig['params'];
$idToken = (string) $params['id_token'];
if ($this->validateJws) {
$jwsData = $this->loadJws($idToken);
$this->validateClaims($jwsData);
$tokenConfig['params'] = array_merge($params, $jwsData);
if ($this->getValidateAuthNonce()) {
$nonce = isset($jwsData['nonce']) ? (string) $jwsData['nonce'] : '';
$authNonce = (string) $this->getState('authNonce');
if (!isset($jwsData['nonce']) || empty($authNonce) || strcmp($nonce, $authNonce) !== 0) {
throw new ClientException('Invalid auth nonce', 400);
}
$this->removeState('authNonce');
}
}
return parent::createToken($tokenConfig);
}
Defined in: Yiisoft\Yii\AuthClient\AuthClient::defaultNormalizeUserAttributeMap()
Returns the default $normalizeUserAttributeMap value.
Particular client may override this method in order to provide specific default map.
| protected defaultNormalizeUserAttributeMap( ): array | ||
| return | array |
Normalize attribute map. |
|---|---|---|
protected function defaultNormalizeUserAttributeMap(): array
{
return [];
}
| protected defaultReturnUrl( \Psr\Http\Message\ServerRequestInterface $request ): string | ||
| $request | \Psr\Http\Message\ServerRequestInterface | |
#[\Override]
protected function defaultReturnUrl(ServerRequestInterface $request): string
{
$params = $request->getQueryParams();
// OAuth2 specifics :
unset($params['code'], $params['state'], $params['nonce'], $params['authuser'], $params['session_state'], $params['prompt']);
// OpenIdConnect specifics :
return $request->getUri()->withQuery(http_build_query($params, '', '&', PHP_QUERY_RFC3986))->__toString();
}
| protected defaultViewOptions( ): integer[] |
#[\Override]
protected function defaultViewOptions(): array
{
return [
'popupWidth' => 860,
'popupHeight' => 480,
];
}
| public fetchAccessToken( \Psr\Http\Message\ServerRequestInterface $incomingRequest, string $authCode, array $params = [] ): Yiisoft\Yii\AuthClient\OAuthToken | ||
| $incomingRequest | \Psr\Http\Message\ServerRequestInterface | |
| $authCode | string | |
| $params | array | |
#[\Override]
public function fetchAccessToken(ServerRequestInterface $incomingRequest, string $authCode, array $params = []): OAuthToken
{
if (empty($this->tokenUrl)) {
$this->tokenUrl = (string) $this->getConfigParam('token_endpoint');
}
if (!isset($params['nonce']) && $this->getValidateAuthNonce()) {
$nonce = $this->generateAuthNonce();
$this->setState('authNonce', $nonce);
$params['nonce'] = $nonce;
}
return parent::fetchAccessToken($incomingRequest, $authCode, $params);
}
Defined in: Yiisoft\Yii\AuthClient\OAuth2::fetchAccessTokenWithCodeVerifier()
Note: This function will be adapted later to accomodate the 'confidential client'.
See also https://docs.x.com/resources/fundamentals/authentication/oauth-2-0/authorization-code Used specifically for the X i.e. Twitter OAuth2.0 Authorization code with PKCE and public client i.e. client id included in request body; and NOT Confidential Client i.e. Client id not included in the request body.
| public fetchAccessTokenWithCodeVerifier( \Psr\Http\Message\ServerRequestInterface $incomingRequest, string $authCode, array $params = [] ): Yiisoft\Yii\AuthClient\OAuthToken | ||
| $incomingRequest | \Psr\Http\Message\ServerRequestInterface | |
| $authCode | string | |
| $params | array | |
| throws | InvalidArgumentException | |
|---|---|---|
public function fetchAccessTokenWithCodeVerifier(
ServerRequestInterface $incomingRequest,
string $authCode,
array $params = [],
): OAuthToken {
if ($this->validateAuthState) {
/**
* @psalm-suppress MixedAssignment
*/
$authState = $this->getState('authState');
$queryParams = $incomingRequest->getQueryParams();
$bodyParams = $incomingRequest->getParsedBody();
/**
* @psalm-suppress MixedAssignment
*/
$incomingState = $queryParams['state'] ?? ($bodyParams['state'] ?? null);
if (is_string($incomingState)) {
if (strcmp($incomingState, (string)$authState) !== 0) {
throw new InvalidArgumentException('Invalid auth state parameter.');
}
}
if ($incomingState === null) {
throw new InvalidArgumentException('Invalid auth state parameter.');
}
if (empty($authState)) {
throw new InvalidArgumentException('Invalid auth state parameter.');
}
$this->removeState('authState');
}
$requestBody = [
'code' => $authCode,
'grant_type' => 'authorization_code',
'client_id' => $this->clientId,
'client_secret' => $this->clientSecret,
'redirect_uri' => $params['redirect_uri'] ?? '',
'code_verifier' => $params['code_verifier'] ?? '',
];
$request = $this->requestFactory
->createRequest('POST', $this->tokenUrl)
->withHeader('Content-Type', 'application/x-www-form-urlencoded');
$request->getBody()->write(http_build_query($requestBody));
try {
$response = $this->httpClient->sendRequest($request);
$body = $response->getBody()->getContents();
if (strlen($body) > 0) {
$output = (array) json_decode($body, true);
} else {
$output = [];
}
} catch (\Throwable $e) {
$output = [];
}
$token = new OAuthToken();
/**
* @var string $key
* @var string $value
*/
foreach ($output as $key => $value) {
$token->setParam($key, $value);
}
return $token;
}
Generates the auth nonce value.
| protected generateAuthNonce( ): string | ||
| return | string |
Auth nonce value. |
|---|---|---|
| throws | Exception | |
protected function generateAuthNonce(): string
{
return Random::string();
}
Defined in: Yiisoft\Yii\AuthClient\OAuth2::generateAuthState()
Generates the auth state value.
| protected generateAuthState( ): string | ||
| return | string |
Auth state value. |
|---|---|---|
protected function generateAuthState(): string
{
$baseString = static::class . '-' . time();
$sessionId = $this->session->getId();
if (null !== $sessionId) {
if ($this->session->isActive()) {
$baseString .= '-' . $sessionId;
}
}
return hash('sha256', uniqid($baseString, true));
}
Defined in: Yiisoft\Yii\AuthClient\OAuth::getAccessToken()
| public getAccessToken( ): Yiisoft\Yii\AuthClient\OAuthToken|null | ||
| return | Yiisoft\Yii\AuthClient\OAuthToken|null |
Auth token instance. |
|---|---|---|
public function getAccessToken(): ?OAuthToken
{
if (!is_object($this->accessToken)) {
$this->accessToken = $this->restoreAccessToken();
}
return $this->accessToken;
}
| public getButtonClass( ): string |
#[\Override]
public function getButtonClass(): string
{
return '';
}
Defined in: Yiisoft\Yii\AuthClient\OAuth2::getClientId()
| public getClientId( ): string |
#[\Override]
public function getClientId(): string
{
return $this->clientId;
}
Defined in: Yiisoft\Yii\AuthClient\OAuth2::getClientSecret()
| public getClientSecret( ): string |
public function getClientSecret(): string
{
return $this->clientSecret;
}
Returns particular configuration parameter value.
| public getConfigParam( string $name ): mixed | ||
| $name | string |
Configuration parameter name. |
| return | mixed |
Configuration parameter value. |
|---|---|---|
| throws | Yiisoft\Yii\AuthClient\Exception\InvalidConfigException | |
| throws | \Psr\SimpleCache\InvalidArgumentException | |
public function getConfigParam(string $name): mixed
{
$params = $this->getConfigParams();
/**
* @psalm-suppress PossiblyInvalidArrayOffset
*/
return $params[$name];
}
| public getConfigParams( ): array|string | ||
| return | array|string |
OpenID provider configuration parameters. |
|---|---|---|
| throws | Yiisoft\Yii\AuthClient\Exception\InvalidConfigException | |
| throws | \Psr\SimpleCache\InvalidArgumentException | |
public function getConfigParams(): array|string
{
if (empty($this->configParams)) {
$cacheKey = $this->configParamsCacheKeyPrefix . $this->getName();
if (empty($configParams = (array) $this->cache->get($cacheKey))) {
$configParams = $this->discoverConfig();
}
$this->configParams = $configParams;
$this->cache->set($cacheKey, $configParams);
}
return $this->configParams;
}
Defined in: Yiisoft\Yii\AuthClient\OAuth::getDefaultScope()
| protected getDefaultScope( ): string |
protected function getDefaultScope(): string
{
return '';
}
| protected getJwkSet( ): \Jose\Component\Core\JWKSet|null |
protected function getJwkSet(): ?JWKSet
{
$jwkSet = $this->jwkSet;
if (!($this->jwkSet instanceof JWKSet)) {
$cacheKey = $this->configParamsCacheKeyPrefix . 'jwkSet';
/** @var mixed $jwkSetRaw */
$jwkSetRaw = $this->cache->get($cacheKey);
/** @var JWKSet|null $jwkSet */
$jwkSet = $jwkSetRaw instanceof JWKSet ? $jwkSetRaw : null;
if ($jwkSet === null) {
/** @var mixed $jwksUriRaw */
$jwksUriRaw = $this->getConfigParam('jwks_uri');
$jwksUri = is_string($jwksUriRaw) ? $jwksUriRaw : '';
$request = $this->createRequest('GET', $jwksUri);
$response = $this->sendRequest($request);
/** @var mixed $jsonBody */
$jsonBody = Json::decode($response->getBody()->getContents());
$jsonBody = is_array($jsonBody) ? $jsonBody : [];
$jwkSet = JWKFactory::createFromValues($jsonBody);
}
$this->cache->set($cacheKey, $jwkSet);
}
return $jwkSet instanceof JWKSet ? $jwkSet : null;
}
Return JWSLoader that validate the JWS token.
| protected getJwsLoader( ): \Jose\Component\Signature\JWSLoader | ||
| return | \Jose\Component\Signature\JWSLoader |
To do token validation. |
|---|---|---|
| throws | Yiisoft\Yii\AuthClient\Exception\InvalidConfigException |
on invalid algorithm provide in configuration. |
protected function getJwsLoader(): JWSLoader
{
if (!($this->jwsLoader instanceof JWSLoader)) {
$algorithms = [];
/** @var string $algorithm */
foreach ($this->allowedJwsAlgorithms as $algorithm) {
$class = '\Jose\Component\Signature\Algorithm\\' . $algorithm;
if (!class_exists($class)) {
throw new InvalidConfigException("Algorithm class $class doesn't exist");
}
/**
* @psalm-suppress MixedMethodCall new $class()
*/
$algorithms[] = new $class();
}
/**
* @psalm-suppress ArgumentTypeCoercion
*/
$algorithmManager = new AlgorithmManager($algorithms);
$compactSerializer = new CompactSerializer();
/** @psalm-var string[] $this->allowedJwsAlgorithms */
$checker = new AlgorithmChecker($this->allowedJwsAlgorithms);
$this->jwsLoader = new JWSLoader(
new JWSSerializerManager([$compactSerializer]),
new JWSVerifier($algorithmManager),
new HeaderCheckerManager(
[new AlgorithmChecker($checker)],
[new JWSTokenSupport()]
)
);
}
return $this->jwsLoader;
}
| public getName( ): string |
#[\Override]
public function getName(): string
{
/**
* Note 1: Change OpenIdConnect::class to OAuth, Google,
* Note 2: Keep 'oidc' unchanged
* Related logic: app's config/web/di/yii-auth-client
* `@var array $paramsClients['oidc']`
* `$openidconnectClient = $paramsClients['oidc'];`
*
* Related logic: app's config/common/params [yiisoft/yii-auth-client] =>
* [
* 'oidc' => [
* 'class' => 'Yiisoft\Yii\AuthClient\Client\OpenIdConnect::class',
* 'issuerUrl' => 'dev-0yporhwwkgkdmu1g.uk.auth0.com',
* 'clientId' => $_ENV['OIDC_API_CLIENT_ID'] ?? '',
* 'clientSecret' => $_ENV['OIDC_API_CLIENT_SECRET'] ?? '',
* 'returnUrl' => $_ENV['OIDC_API_CLIENT_RETURN_URL'] ?? '',
* ],
*/
return 'oidc';
}
| public getNormalizeUserAttributeMap( ): array | ||
| return | array |
Normalize user attribute map. |
|---|---|---|
public function getNormalizeUserAttributeMap(): array
{
if (empty($this->normalizeUserAttributeMap)) {
$this->normalizeUserAttributeMap = $this->defaultNormalizeUserAttributeMap();
}
return $this->normalizeUserAttributeMap;
}
| public getOauth2ReturnUrl( ): string |
public function getOauth2ReturnUrl(): string
{
return $this->returnUrl;
}
| public getRequestFactory( ): \Psr\Http\Message\RequestFactoryInterface |
public function getRequestFactory(): RequestFactoryInterface
{
return $this->requestFactory;
}
Defined in: Yiisoft\Yii\AuthClient\OAuth::getReturnUrl()
| public getReturnUrl( \Psr\Http\Message\ServerRequestInterface $request ): string | ||
| $request | \Psr\Http\Message\ServerRequestInterface | |
| return | string |
Return URL. |
|---|---|---|
public function getReturnUrl(ServerRequestInterface $request): string
{
if ($this->returnUrl === '') {
$this->returnUrl = $this->defaultReturnUrl($request);
}
return $this->returnUrl;
}
Defined in: Yiisoft\Yii\AuthClient\OAuth::getScope()
| public getScope( ): string |
public function getScope(): string
{
if ($this->scope === null) {
return $this->getDefaultScope();
}
return $this->scope;
}
Defined in: Yiisoft\Yii\AuthClient\OAuth2::getSessionAuthState()
Compare a callback query parameter 'state' with the saved Auth Client's 'authState' parameter in order to prevent CSRF attacks
Use: Typically used in a AuthController's callback function specifically for an Identity Provider e.g. Facebook
| public getSessionAuthState( ): mixed |
public function getSessionAuthState(): mixed
{
/**
* @see src\AuthClient protected function getState('authState')
*/
return $this->getState('authState');
}
Defined in: Yiisoft\Yii\AuthClient\AuthClient::getState()
Returns persistent state value.
| protected getState( string $key ): mixed | ||
| $key | string |
State key. |
| return | mixed |
State value. |
|---|---|---|
protected function getState(string $key): mixed
{
return $this->stateStorage->get($this->getStateKeyPrefix() . $key);
}
Defined in: Yiisoft\Yii\AuthClient\AuthClient::getStateKeyPrefix()
Returns session key prefix, which is used to store internal states.
| protected getStateKeyPrefix( ): string | ||
| return | string |
Session key prefix. |
|---|---|---|
protected function getStateKeyPrefix(): string
{
return static::class . '_' . $this->getName() . '_';
}
| public getTitle( ): string |
#[\Override]
public function getTitle(): string
{
return 'Open Id Connect';
}
Defined in: Yiisoft\Yii\AuthClient\OAuth2::getTokenUrl()
| public getTokenUrl( ): string |
public function getTokenUrl(): string
{
return $this->tokenUrl;
}
| public getValidateAuthNonce( ): boolean | ||
| return | boolean |
Whether to use and validate auth 'nonce' parameter in authentication flow. |
|---|---|---|
| throws | Yiisoft\Yii\AuthClient\Exception\InvalidConfigException | |
| throws | \Psr\SimpleCache\InvalidArgumentException | |
public function getValidateAuthNonce(): bool
{
if ($this->validateAuthNonce === null) {
$this->validateAuthNonce = $this->validateJws && in_array(
'nonce',
(array) $this->getConfigParam('claims_supported'),
true
);
}
return $this->validateAuthNonce;
}
| public getViewOptions( ): array | ||
| return | array |
View options in format: optionName => optionValue |
|---|---|---|
#[\Override]
public function getViewOptions(): array
{
if (empty($this->viewOptions)) {
$this->viewOptions = $this->defaultViewOptions();
}
return $this->viewOptions;
}
| public getYiisoftFactory( ): \Yiisoft\Factory\Factory |
public function getYiisoftFactory(): YiisoftFactory
{
return $this->factory;
}
| protected initUserAttributes( ): array |
protected function initUserAttributes(): array
{
return $this->api((array) $this->getConfigParam('userinfo_endpoint'), 'GET');
}
Decrypts/validates JWS, returning related data.
| protected loadJws( string $jws ): array | ||
| $jws | string |
Raw JWS input. |
| return | array |
JWS underlying data. |
|---|---|---|
| throws | Yiisoft\Yii\AuthClient\Exception\ClientException |
on invalid JWS signature. |
protected function loadJws(string $jws): array
{
try {
$jwsLoader = $this->getJwsLoader();
$signature = null;
$jwsVerified = $jwsLoader->loadAndVerifyWithKeySet($jws, $this->getJwkSet(), $signature);
return (array) Json::decode($jwsVerified->getPayload(), true);
} catch (Exception $e) {
throw new ClientException('Loading JWS: Exception: ' . $e->getMessage(), $e->getCode());
}
}
| public refreshAccessToken( Yiisoft\Yii\AuthClient\OAuthToken $token ): Yiisoft\Yii\AuthClient\OAuthToken | ||
| $token | Yiisoft\Yii\AuthClient\OAuthToken | |
#[\Override]
public function refreshAccessToken(OAuthToken $token): OAuthToken
{
if (strlen($this->tokenUrl) == 0) {
$this->tokenUrl = (string) $this->getConfigParam('token_endpoint');
}
return parent::refreshAccessToken($token);
}
Defined in: Yiisoft\Yii\AuthClient\AuthClient::removeState()
Removes persistent state value.
| protected removeState( string $key ): void | ||
| $key | string |
State key. |
protected function removeState(string $key): void
{
$this->stateStorage->remove($this->getStateKeyPrefix() . $key);
}
Defined in: Yiisoft\Yii\AuthClient\OAuth::restoreAccessToken()
Restores access token.
| protected restoreAccessToken( ): Yiisoft\Yii\AuthClient\OAuthToken|null |
protected function restoreAccessToken(): ?OAuthToken
{
/**
* @psalm-suppress MixedAssignment $token
*/
if (($token = $this->getState('token')) instanceof OAuthToken) {
if ($token->getIsExpired() && $this->autoRefreshAccessToken) {
return $this->refreshAccessToken($token);
}
return $token;
}
return null;
}
Defined in: Yiisoft\Yii\AuthClient\OAuth::saveAccessToken()
Saves token as persistent state.
| protected saveAccessToken( Yiisoft\Yii\AuthClient\OAuthToken|null $token = null ): $this | ||
| $token | Yiisoft\Yii\AuthClient\OAuthToken|null |
Auth token to be saved. |
| return | $this |
The object itself. |
|---|---|---|
protected function saveAccessToken(OAuthToken $token = null): self
{
return $this->setState('token', $token);
}
Defined in: Yiisoft\Yii\AuthClient\AuthClient::sendRequest()
| protected sendRequest( \Psr\Http\Message\RequestInterface $request ): \Psr\Http\Message\ResponseInterface | ||
| $request | \Psr\Http\Message\RequestInterface | |
protected function sendRequest(RequestInterface $request): ResponseInterface
{
return $this->httpClient->sendRequest($request);
}
Defined in: Yiisoft\Yii\AuthClient\OAuth::setAccessToken()
Sets access token to be used.
| public setAccessToken( array|Yiisoft\Yii\AuthClient\OAuthToken $token ): void | ||
| $token | array|Yiisoft\Yii\AuthClient\OAuthToken |
Access token or its configuration. |
public function setAccessToken(array|OAuthToken $token): void
{
if (is_array($token) && !empty($token)) {
/**
* @psalm-suppress MixedAssignment $newToken
*/
$newToken = $this->createToken($token);
/**
* @psalm-suppress MixedAssignment $this->accessToken
*/
$this->accessToken = $newToken;
/**
* @psalm-suppress MixedArgument $newToken
*/
$this->saveAccessToken($newToken);
}
if ($token instanceof OAuthToken) {
$this->accessToken = $token;
$this->saveAccessToken($token);
}
}
Defined in: Yiisoft\Yii\AuthClient\OAuth::setAuthUrl()
| public setAuthUrl( string $authUrl ): void | ||
| $authUrl | string | |
public function setAuthUrl(string $authUrl): void
{
$this->authUrl = $authUrl;
}
Defined in: Yiisoft\Yii\AuthClient\OAuth2::setClientId()
| public setClientId( string $clientId ): void | ||
| $clientId | string | |
public function setClientId(string $clientId): void
{
$this->clientId = $clientId;
}
Defined in: Yiisoft\Yii\AuthClient\OAuth2::setClientSecret()
| public setClientSecret( string $clientSecret ): void | ||
| $clientSecret | string | |
public function setClientSecret(string $clientSecret): void
{
$this->clientSecret = $clientSecret;
}
| public setIssuerUrl( string $url ): void | ||
| $url | string | |
public function setIssuerUrl(string $url): void
{
$this->issuerUrl = rtrim($url, '/');
}
| public setOauth2ReturnUrl( string $returnUrl ): void | ||
| $returnUrl | string | |
public function setOauth2ReturnUrl(string $returnUrl): void
{
$this->returnUrl = $returnUrl;
}
| public setRequestFactory( \Psr\Http\Message\RequestFactoryInterface $requestFactory ): void | ||
| $requestFactory | \Psr\Http\Message\RequestFactoryInterface | |
public function setRequestFactory(RequestFactoryInterface $requestFactory): void
{
$this->requestFactory = $requestFactory;
}
Defined in: Yiisoft\Yii\AuthClient\OAuth::setReturnUrl()
| public setReturnUrl( string $returnUrl ): void | ||
| $returnUrl | string |
Return URL |
public function setReturnUrl(string $returnUrl): void
{
$this->returnUrl = $returnUrl;
}
Defined in: Yiisoft\Yii\AuthClient\AuthClient::setState()
Sets persistent state.
| protected setState( string $key, mixed $value ): $this | ||
| $key | string |
State key. |
| $value | mixed |
State value |
| return | $this |
The object itself |
|---|---|---|
protected function setState(string $key, $value): self
{
$this->stateStorage->set($this->getStateKeyPrefix() . $key, $value);
return $this;
}
Defined in: Yiisoft\Yii\AuthClient\OAuth2::setTokenUrl()
| public setTokenUrl( string $tokenUrl ): void | ||
| $tokenUrl | string | |
public function setTokenUrl(string $tokenUrl): void
{
$this->tokenUrl = $tokenUrl;
}
| public setValidateAuthNonce( boolean $validateAuthNonce ): void | ||
| $validateAuthNonce | boolean |
Whether to use and validate auth 'nonce' parameter in authentication flow. |
public function setValidateAuthNonce($validateAuthNonce): void
{
$this->validateAuthNonce = $validateAuthNonce;
}
| public setYiisoftFactory( \Yiisoft\Factory\Factory $factory ): void | ||
| $factory | \Yiisoft\Factory\Factory | |
public function setYiisoftFactory(YiisoftFactory $factory): void
{
$this->factory = $factory;
}
Validates the claims data received from OpenID provider.
| protected validateClaims( array $claims ): void | ||
| $claims | array |
Claims data. |
| throws | Yiisoft\Yii\AuthClient\Exception\ClientException |
on invalid claims. |
|---|---|---|
protected function validateClaims(array $claims): void
{
$iss = isset($claims['iss']) ? (string) $claims['iss'] : '';
$issuerUrl = $this->issuerUrl;
if (!isset($claims['iss']) || strcmp(rtrim($iss, '/'), rtrim($issuerUrl, '/')) !== 0) {
throw new ClientException('Invalid "iss"', 400);
}
if (!isset($claims['aud']) || (strcmp((string) $claims['aud'], $this->clientId) !== 0)) {
throw new ClientException('Invalid "aud"', 400);
}
}
| public withValidateAuthState( ): self |
public function withValidateAuthState(): self
{
$new = clone $this;
$new->validateAuthState = true;
return $new;
}
| public withoutValidateAuthState( ): self |
public function withoutValidateAuthState(): self
{
$new = clone $this;
$new->validateAuthState = false;
return $new;
}
Signup or Login in order to comment.