Final Class Yiisoft\Yii\AuthClient\Client\OpenIdConnect
OpenIdConnect serves as a client for the OpenIdConnect flow.
See also Yiisoft\Yii\AuthClient\OAuth2.
Protected Properties
| Property | Type | Description | Defined By |
|---|---|---|---|
| $accessToken | array|Yiisoft\Yii\AuthClient\OAuthToken|null | Access token instance or its array configuration. | Yiisoft\Yii\AuthClient\OAuth |
| $authUrl | string | Yiisoft\Yii\AuthClient\Client\OpenIdConnect | |
| $autoRefreshAccessToken | boolean | Whether to automatically perform 'refresh access token' request on expired access token. | Yiisoft\Yii\AuthClient\OAuth |
| $clientId | string | OAuth client ID. | Yiisoft\Yii\AuthClient\OAuth2 |
| $clientSecret | string | OAuth client secret. | Yiisoft\Yii\AuthClient\OAuth2 |
| $endpoint | string | API base URL. | Yiisoft\Yii\AuthClient\OAuth |
| $factory | \Yiisoft\Factory\Factory | Yiisoft\Yii\AuthClient\OAuth2 | |
| $httpClient | \Psr\Http\Client\ClientInterface | Yiisoft\Yii\AuthClient\AuthClient | |
| $normalizeUserAttributeMap | array | Map used to normalize user attributes fetched from external auth service in format: normalizedAttributeName => sourceSpecification 'sourceSpecification' can be: - string, raw attribute name - array, pass to raw attribute value - callable, PHP callback, which should accept array of raw attributes and return normalized value. | Yiisoft\Yii\AuthClient\AuthClient |
| $requestFactory | \Psr\Http\Message\RequestFactoryInterface | Yiisoft\Yii\AuthClient\AuthClient | |
| $returnUrl | string | Yiisoft\Yii\AuthClient\OAuth2 | |
| $scope | string|null | Yiisoft\Yii\AuthClient\Client\OpenIdConnect | |
| $session | \Yiisoft\Session\SessionInterface | Yiisoft\Yii\AuthClient\OAuth2 | |
| $tokenUrl | string | Token request URL endpoint. | Yiisoft\Yii\AuthClient\OAuth2 |
| $validateAuthState | boolean | Whether to use and validate auth 'state' parameter in authentication flow. | Yiisoft\Yii\AuthClient\OAuth2 |
| $viewOptions | array | View options in format: optionName => optionValue | Yiisoft\Yii\AuthClient\AuthClient |
Public Methods
Protected Methods
Property Details
Method Details
OpenIdConnect constructor.
| public mixed __construct ( \Psr\Http\Client\ClientInterface $httpClient, \Psr\Http\Message\RequestFactoryInterface $requestFactory, Yiisoft\Yii\AuthClient\StateStorage\StateStorageInterface $stateStorage, \Yiisoft\Factory\Factory $factory, \Yiisoft\Session\SessionInterface $session, \Psr\SimpleCache\CacheInterface $cache, string $name, string $title ) | ||
| $httpClient | \Psr\Http\Client\ClientInterface | |
| $requestFactory | \Psr\Http\Message\RequestFactoryInterface | |
| $stateStorage | Yiisoft\Yii\AuthClient\StateStorage\StateStorageInterface | |
| $factory | \Yiisoft\Factory\Factory | |
| $session | \Yiisoft\Session\SessionInterface | |
| $cache | \Psr\SimpleCache\CacheInterface | |
| $name | string | |
| $title | string | |
public function __construct(
ClientInterface $httpClient,
RequestFactoryInterface $requestFactory,
StateStorageInterface $stateStorage,
Factory $factory,
SessionInterface $session,
CacheInterface $cache,
string $name,
string $title,
) {
$this->cache = $cache;
$this->name = $name;
$this->title = $title;
parent::__construct($httpClient, $requestFactory, $stateStorage, $factory, $session);
}
Defined in: Yiisoft\Yii\AuthClient\OAuth::api()
Performs request to the OAuth API returning response data.
You may use {@see \Yiisoft\Yii\AuthClient\createApiRequest()} method instead, gaining more control over request execution.
See also createApiRequest().
| public array api ( string $apiSubUrl, string $method = 'GET', array|string $data = [], array $headers = [] ) | ||
| $apiSubUrl | string |
API sub URL, which will be append to {@see \Yiisoft\Yii\AuthClient\apiBaseUrl}, or absolute API URL. |
| $method | string |
Request method. |
| $data | array|string |
Request data or content. |
| $headers | array |
Additional request headers. |
| return | array |
API response data. |
|---|---|---|
| throws | Exception | |
public function api($apiSubUrl, $method = 'GET', $data = [], $headers = []): array
{
$request = $this->createApiRequest($method, $apiSubUrl);
$request = RequestUtil::addHeaders($request, $headers);
if (!empty($data)) {
if (is_array($data)) {
$request = RequestUtil::addParams($request, $data);
} else {
$request->getBody()->write($data);
}
}
$request = $this->beforeApiRequestSend($request);
$response = $this->sendRequest($request);
if ($response->getStatusCode() !== 200) {
throw new InvalidResponseException(
$response,
'Request failed with code: ' . $response->getStatusCode() . ', message: ' . (string)$response->getBody()
);
}
return (array)Json::decode($response->getBody()->getContents());
}
| public \Psr\Http\Message\RequestInterface applyAccessTokenToRequest ( \Psr\Http\Message\RequestInterface $request, Yiisoft\Yii\AuthClient\OAuthToken $accessToken ) | ||
| $request | \Psr\Http\Message\RequestInterface | |
| $accessToken | Yiisoft\Yii\AuthClient\OAuthToken | |
#[\Override]
public function applyAccessTokenToRequest(RequestInterface $request, OAuthToken $accessToken): RequestInterface
{
return RequestUtil::addParams(
$request,
[
'access_token' => $accessToken->getToken(),
]
);
}
| protected \Psr\Http\Message\RequestInterface applyClientCredentialsToRequest ( \Psr\Http\Message\RequestInterface $request ) | ||
| $request | \Psr\Http\Message\RequestInterface | |
#[\Override]
protected function applyClientCredentialsToRequest(RequestInterface $request): RequestInterface
{
$supportedAuthMethods = (array) $this->getConfigParam('token_endpoint_auth_methods_supported');
if (in_array('client_secret_basic', $supportedAuthMethods, true)) {
$request = $request->withHeader(
'Authorization',
'Basic ' . base64_encode($this->clientId . ':' . $this->clientSecret)
);
} elseif (in_array('client_secret_post', $supportedAuthMethods, true)) {
$request = RequestUtil::addParams(
$request,
[
'client_id' => $this->clientId,
'client_secret' => $this->clientSecret,
]
);
} elseif (in_array('client_secret_jwt', $supportedAuthMethods, true)) {
$header = [
'typ' => 'JWT',
'alg' => 'HS256',
];
$payload = [
'iss' => $this->clientId,
'sub' => $this->clientId,
'aud' => $this->tokenUrl,
'jti' => $this->generateAuthNonce(),
'iat' => time(),
'exp' => time() + 3600,
];
$signatureBaseString = base64_encode(Json::encode($header)) . '.' . base64_encode(Json::encode($payload));
$signatureMethod = new HmacSha('sha256');
$signature = $signatureMethod->generateSignature($signatureBaseString, $this->clientSecret);
$assertion = $signatureBaseString . '.' . $signature;
$request = RequestUtil::addParams(
$request,
[
'assertion' => $assertion,
]
);
} else {
throw new InvalidConfigException(
'Unable to authenticate request: No auth method supported'
);
}
return $request;
}
| public \Psr\Http\Message\RequestInterface beforeApiRequestSend ( \Psr\Http\Message\RequestInterface $request ) | ||
| $request | \Psr\Http\Message\RequestInterface | |
public function beforeApiRequestSend(RequestInterface $request): RequestInterface
{
$accessToken = $this->getAccessToken();
if (!is_object($accessToken) || !$accessToken->getIsValid()) {
throw new Exception('Invalid access token.');
}
return $this->applyAccessTokenToRequest($request, $accessToken);
}
| public string buildAuthUrl ( \Psr\Http\Message\ServerRequestInterface $incomingRequest, array $params = [] ) | ||
| $incomingRequest | \Psr\Http\Message\ServerRequestInterface | |
| $params | array | |
#[\Override]
public function buildAuthUrl(
ServerRequestInterface $incomingRequest,
array $params = []
): string {
if (strlen($this->authUrl) == 0) {
$this->authUrl = (string) $this->getConfigParam('authorization_endpoint');
}
return parent::buildAuthUrl($incomingRequest, $params);
}
Defined in: Yiisoft\Yii\AuthClient\OAuth::createApiRequest()
Creates an HTTP request for the API call.
The created request will be automatically processed adding access token parameters and signature before sending. You may use {@see \Yiisoft\Yii\AuthClient\createRequest()} to gain full control over request composition and execution.
See also createRequest().
| public \Psr\Http\Message\RequestInterface createApiRequest ( string $method, string $uri ) | ||
| $method | string | |
| $uri | string | |
| return | \Psr\Http\Message\RequestInterface |
HTTP request instance. |
|---|---|---|
public function createApiRequest(string $method, string $uri): RequestInterface
{
return $this->createRequest($method, $this->endpoint . $uri);
}
| public \Psr\Http\Message\RequestInterface createRequest ( string $method, string $uri ) | ||
| $method | string | |
| $uri | string | |
public function createRequest(string $method, string $uri): RequestInterface
{
return $this->requestFactory->createRequest($method, $uri);
}
| protected Yiisoft\Yii\AuthClient\OAuthToken createToken ( array $tokenConfig = [] ) | ||
| $tokenConfig | array | |
#[\Override]
protected function createToken(array $tokenConfig = []): OAuthToken
{
$params = (array) $tokenConfig['params'];
$idToken = (string) $params['id_token'];
if ($this->validateJws) {
$jwsData = $this->loadJws($idToken);
$this->validateClaims($jwsData);
$tokenConfig['params'] = array_merge($params, $jwsData);
if ($this->getValidateAuthNonce()) {
$nonce = isset($jwsData['nonce']) ? (string) $jwsData['nonce'] : '';
$authNonce = (string) $this->getState('authNonce');
if (!isset($jwsData['nonce']) || empty($authNonce) || strcmp($nonce, $authNonce) !== 0) {
throw new ClientException('Invalid auth nonce', 400);
}
$this->removeState('authNonce');
}
}
return parent::createToken($tokenConfig);
}
Defined in: Yiisoft\Yii\AuthClient\AuthClient::defaultNormalizeUserAttributeMap()
Returns the default {@see normalizeUserAttributeMap} value.
Particular client may override this method in order to provide specific default map.
| protected array defaultNormalizeUserAttributeMap ( ) | ||
| return | array |
Normalize attribute map. |
|---|---|---|
protected function defaultNormalizeUserAttributeMap(): array
{
return [];
}
| protected string defaultReturnUrl ( \Psr\Http\Message\ServerRequestInterface $request ) | ||
| $request | \Psr\Http\Message\ServerRequestInterface | |
#[\Override]
protected function defaultReturnUrl(ServerRequestInterface $request): string
{
$params = $request->getQueryParams();
// OAuth2 specifics :
unset($params['code'], $params['state'], $params['nonce'], $params['authuser'], $params['session_state'], $params['prompt']);
// OpenIdConnect specifics :
return $request->getUri()->withQuery(http_build_query($params, '', '&', PHP_QUERY_RFC3986))->__toString();
}
| protected integer[] defaultViewOptions ( ) |
#[\Override]
protected function defaultViewOptions(): array
{
return [
'popupWidth' => 860,
'popupHeight' => 480,
];
}
| public Yiisoft\Yii\AuthClient\OAuthToken fetchAccessToken ( \Psr\Http\Message\ServerRequestInterface $incomingRequest, string $authCode, array $params = [] ) | ||
| $incomingRequest | \Psr\Http\Message\ServerRequestInterface | |
| $authCode | string | |
| $params | array | |
#[\Override]
public function fetchAccessToken(ServerRequestInterface $incomingRequest, string $authCode, array $params = []): OAuthToken
{
if (empty($this->tokenUrl)) {
$this->tokenUrl = (string) $this->getConfigParam('token_endpoint');
}
if (!isset($params['nonce']) && $this->getValidateAuthNonce()) {
$nonce = $this->generateAuthNonce();
$this->setState('authNonce', $nonce);
$params['nonce'] = $nonce;
}
return parent::fetchAccessToken($incomingRequest, $authCode, $params);
}
Defined in: Yiisoft\Yii\AuthClient\OAuth2::fetchAccessTokenWithCodeVerifier()
Note: This function will be adapted later to accomodate the 'confidential client'.
See also https://docs.x.com/resources/fundamentals/authentication/oauth-2-0/authorization-code Used specifically for the X i.e. Twitter OAuth2.0 Authorization code with PKCE and public client i.e. client id included in request body; and NOT Confidential Client i.e. Client id not included in the request body.
| public Yiisoft\Yii\AuthClient\OAuthToken fetchAccessTokenWithCodeVerifier ( \Psr\Http\Message\ServerRequestInterface $incomingRequest, string $authCode, array $params = [] ) | ||
| $incomingRequest | \Psr\Http\Message\ServerRequestInterface | |
| $authCode | string | |
| $params | array | |
| throws | InvalidArgumentException | |
|---|---|---|
public function fetchAccessTokenWithCodeVerifier(
ServerRequestInterface $incomingRequest,
string $authCode,
array $params = [],
): OAuthToken {
if ($this->validateAuthState) {
/**
* @psalm-suppress MixedAssignment
*/
$authState = $this->getState('authState');
$queryParams = $incomingRequest->getQueryParams();
$bodyParams = $incomingRequest->getParsedBody();
/**
* @psalm-suppress MixedAssignment
*/
$incomingState = $queryParams['state'] ?? ($bodyParams['state'] ?? null);
if (is_string($incomingState)) {
if (strcmp($incomingState, (string)$authState) !== 0) {
throw new InvalidArgumentException('Invalid auth state parameter.');
}
}
if ($incomingState === null) {
throw new InvalidArgumentException('Invalid auth state parameter.');
}
if (empty($authState)) {
throw new InvalidArgumentException('Invalid auth state parameter.');
}
$this->removeState('authState');
}
$requestBody = [
'code' => $authCode,
'grant_type' => 'authorization_code',
'client_id' => $this->clientId,
'client_secret' => $this->clientSecret,
'redirect_uri' => $params['redirect_uri'] ?? '',
'code_verifier' => $params['code_verifier'] ?? '',
];
$request = $this->requestFactory
->createRequest('POST', $this->tokenUrl)
->withHeader('Content-Type', 'application/x-www-form-urlencoded');
$request->getBody()->write(http_build_query($requestBody));
try {
$response = $this->httpClient->sendRequest($request);
$body = $response->getBody()->getContents();
if (strlen($body) > 0) {
$output = (array) json_decode($body, true);
} else {
$output = [];
}
} catch (\Throwable $e) {
$output = [];
}
$token = new OAuthToken();
/**
* @var string $key
* @var string $value
*/
foreach ($output as $key => $value) {
$token->setParam($key, $value);
}
return $token;
}
Generates the auth nonce value.
| protected string generateAuthNonce ( ) | ||
| return | string |
Auth nonce value. |
|---|---|---|
| throws | Exception | |
protected function generateAuthNonce(): string
{
return Random::string();
}
Defined in: Yiisoft\Yii\AuthClient\OAuth2::generateAuthState()
Generates the auth state value.
| protected string generateAuthState ( ) | ||
| return | string |
Auth state value. |
|---|---|---|
protected function generateAuthState(): string
{
$baseString = static::class . '-' . time();
$sessionId = $this->session->getId();
if (null !== $sessionId) {
if ($this->session->isActive()) {
$baseString .= '-' . $sessionId;
}
}
return hash('sha256', uniqid($baseString, true));
}
Defined in: Yiisoft\Yii\AuthClient\OAuth::getAccessToken()
| public Yiisoft\Yii\AuthClient\OAuthToken|null getAccessToken ( ) | ||
| return | Yiisoft\Yii\AuthClient\OAuthToken|null |
Auth token instance. |
|---|---|---|
public function getAccessToken(): ?OAuthToken
{
if (!is_object($this->accessToken)) {
$this->accessToken = $this->restoreAccessToken();
}
return $this->accessToken;
}
| public string getButtonClass ( ) |
#[\Override]
public function getButtonClass(): string
{
return '';
}
Defined in: Yiisoft\Yii\AuthClient\OAuth2::getClientId()
| public string getClientId ( ) |
#[\Override]
public function getClientId(): string
{
return $this->clientId;
}
Defined in: Yiisoft\Yii\AuthClient\OAuth2::getClientSecret()
| public string getClientSecret ( ) |
public function getClientSecret(): string
{
return $this->clientSecret;
}
Returns particular configuration parameter value.
| public mixed getConfigParam ( string $name ) | ||
| $name | string |
Configuration parameter name. |
| return | mixed |
Configuration parameter value. |
|---|---|---|
| throws | Yiisoft\Yii\AuthClient\Exception\InvalidConfigException | |
| throws | \Psr\SimpleCache\InvalidArgumentException | |
public function getConfigParam(string $name): mixed
{
$params = $this->getConfigParams();
/**
* @psalm-suppress PossiblyInvalidArrayOffset
*/
return $params[$name];
}
| public array|string getConfigParams ( ) | ||
| return | array|string |
OpenID provider configuration parameters. |
|---|---|---|
| throws | Yiisoft\Yii\AuthClient\Exception\InvalidConfigException | |
| throws | \Psr\SimpleCache\InvalidArgumentException | |
public function getConfigParams(): array|string
{
if (empty($this->configParams)) {
$cacheKey = $this->configParamsCacheKeyPrefix . $this->getName();
if (empty($configParams = (array) $this->cache->get($cacheKey))) {
$configParams = $this->discoverConfig();
}
$this->configParams = $configParams;
$this->cache->set($cacheKey, $configParams);
}
return $this->configParams;
}
Defined in: Yiisoft\Yii\AuthClient\OAuth::getDefaultScope()
| protected string getDefaultScope ( ) |
protected function getDefaultScope(): string
{
return '';
}
| protected \Jose\Component\Core\JWKSet|null getJwkSet ( ) |
protected function getJwkSet(): ?JWKSet
{
$jwkSet = $this->jwkSet;
if (!($this->jwkSet instanceof JWKSet)) {
$cacheKey = $this->configParamsCacheKeyPrefix . 'jwkSet';
/** @var mixed $jwkSetRaw */
$jwkSetRaw = $this->cache->get($cacheKey);
/** @var JWKSet|null $jwkSet */
$jwkSet = $jwkSetRaw instanceof JWKSet ? $jwkSetRaw : null;
if ($jwkSet === null) {
/** @var mixed $jwksUriRaw */
$jwksUriRaw = $this->getConfigParam('jwks_uri');
$jwksUri = is_string($jwksUriRaw) ? $jwksUriRaw : '';
$request = $this->createRequest('GET', $jwksUri);
$response = $this->sendRequest($request);
/** @var mixed $jsonBody */
$jsonBody = Json::decode($response->getBody()->getContents());
$jsonBody = is_array($jsonBody) ? $jsonBody : [];
$jwkSet = JWKFactory::createFromValues($jsonBody);
}
$this->cache->set($cacheKey, $jwkSet);
}
return $jwkSet instanceof JWKSet ? $jwkSet : null;
}
Return JWSLoader that validate the JWS token.
| protected \Jose\Component\Signature\JWSLoader getJwsLoader ( ) | ||
| return | \Jose\Component\Signature\JWSLoader |
To do token validation. |
|---|---|---|
| throws | Yiisoft\Yii\AuthClient\Exception\InvalidConfigException |
on invalid algorithm provide in configuration. |
protected function getJwsLoader(): JWSLoader
{
if (!($this->jwsLoader instanceof JWSLoader)) {
$algorithms = [];
/** @var string $algorithm */
foreach ($this->allowedJwsAlgorithms as $algorithm) {
$class = '\Jose\Component\Signature\Algorithm\\' . $algorithm;
if (!class_exists($class)) {
throw new InvalidConfigException("Algorithm class $class doesn't exist");
}
/**
* @psalm-suppress MixedMethodCall new $class()
*/
$algorithms[] = new $class();
}
/**
* @psalm-suppress ArgumentTypeCoercion
*/
$algorithmManager = new AlgorithmManager($algorithms);
$compactSerializer = new CompactSerializer();
/** @psalm-var string[] $this->allowedJwsAlgorithms */
$checker = new AlgorithmChecker($this->allowedJwsAlgorithms);
$this->jwsLoader = new JWSLoader(
new JWSSerializerManager([$compactSerializer]),
new JWSVerifier($algorithmManager),
new HeaderCheckerManager(
[new AlgorithmChecker($checker)],
[new JWSTokenSupport()]
)
);
}
return $this->jwsLoader;
}
| public string getName ( ) |
#[\Override]
public function getName(): string
{
/**
* Note 1: Change OpenIdConnect::class to OAuth, Google,
* Note 2: Keep 'oidc' unchanged
* Related logic: app's config/web/di/yii-auth-client
* `@var array $paramsClients['oidc']`
* `$openidconnectClient = $paramsClients['oidc'];`
*
* Related logic: app's config/common/params [yiisoft/yii-auth-client] =>
* [
* 'oidc' => [
* 'class' => 'Yiisoft\Yii\AuthClient\Client\OpenIdConnect::class',
* 'issuerUrl' => 'dev-0yporhwwkgkdmu1g.uk.auth0.com',
* 'clientId' => $_ENV['OIDC_API_CLIENT_ID'] ?? '',
* 'clientSecret' => $_ENV['OIDC_API_CLIENT_SECRET'] ?? '',
* 'returnUrl' => $_ENV['OIDC_API_CLIENT_RETURN_URL'] ?? '',
* ],
*/
return 'oidc';
}
| public array getNormalizeUserAttributeMap ( ) | ||
| return | array |
Normalize user attribute map. |
|---|---|---|
public function getNormalizeUserAttributeMap(): array
{
if (empty($this->normalizeUserAttributeMap)) {
$this->normalizeUserAttributeMap = $this->defaultNormalizeUserAttributeMap();
}
return $this->normalizeUserAttributeMap;
}
| public string getOauth2ReturnUrl ( ) |
public function getOauth2ReturnUrl(): string
{
return $this->returnUrl;
}
| public \Psr\Http\Message\RequestFactoryInterface getRequestFactory ( ) |
public function getRequestFactory(): RequestFactoryInterface
{
return $this->requestFactory;
}
Defined in: Yiisoft\Yii\AuthClient\OAuth::getReturnUrl()
| public string getReturnUrl ( \Psr\Http\Message\ServerRequestInterface $request ) | ||
| $request | \Psr\Http\Message\ServerRequestInterface | |
| return | string |
Return URL. |
|---|---|---|
public function getReturnUrl(ServerRequestInterface $request): string
{
if ($this->returnUrl === '') {
$this->returnUrl = $this->defaultReturnUrl($request);
}
return $this->returnUrl;
}
Defined in: Yiisoft\Yii\AuthClient\OAuth::getScope()
| public string getScope ( ) |
public function getScope(): string
{
if ($this->scope === null) {
return $this->getDefaultScope();
}
return $this->scope;
}
Defined in: Yiisoft\Yii\AuthClient\OAuth2::getSessionAuthState()
Compare a callback query parameter 'state' with the saved Auth Client's 'authState' parameter in order to prevent CSRF attacks
Use: Typically used in a AuthController's callback function specifically for an Identity Provider e.g. Facebook
| public mixed getSessionAuthState ( ) |
public function getSessionAuthState(): mixed
{
/**
* @see src\AuthClient protected function getState('authState')
*/
return $this->getState('authState');
}
Defined in: Yiisoft\Yii\AuthClient\AuthClient::getState()
Returns persistent state value.
| protected mixed getState ( string $key ) | ||
| $key | string |
State key. |
| return | mixed |
State value. |
|---|---|---|
protected function getState(string $key): mixed
{
return $this->stateStorage->get($this->getStateKeyPrefix() . $key);
}
Defined in: Yiisoft\Yii\AuthClient\AuthClient::getStateKeyPrefix()
Returns session key prefix, which is used to store internal states.
| protected string getStateKeyPrefix ( ) | ||
| return | string |
Session key prefix. |
|---|---|---|
protected function getStateKeyPrefix(): string
{
return static::class . '_' . $this->getName() . '_';
}
| public string getTitle ( ) |
#[\Override]
public function getTitle(): string
{
return 'Open Id Connect';
}
Defined in: Yiisoft\Yii\AuthClient\OAuth2::getTokenUrl()
| public string getTokenUrl ( ) |
public function getTokenUrl(): string
{
return $this->tokenUrl;
}
| public boolean getValidateAuthNonce ( ) | ||
| return | boolean |
Whether to use and validate auth 'nonce' parameter in authentication flow. |
|---|---|---|
| throws | Yiisoft\Yii\AuthClient\Exception\InvalidConfigException | |
| throws | \Psr\SimpleCache\InvalidArgumentException | |
public function getValidateAuthNonce(): bool
{
if ($this->validateAuthNonce === null) {
$this->validateAuthNonce = $this->validateJws && in_array(
'nonce',
(array) $this->getConfigParam('claims_supported'),
true
);
}
return $this->validateAuthNonce;
}
| public array getViewOptions ( ) | ||
| return | array |
View options in format: optionName => optionValue |
|---|---|---|
#[\Override]
public function getViewOptions(): array
{
if (empty($this->viewOptions)) {
$this->viewOptions = $this->defaultViewOptions();
}
return $this->viewOptions;
}
| public \Yiisoft\Factory\Factory getYiisoftFactory ( ) |
public function getYiisoftFactory(): YiisoftFactory
{
return $this->factory;
}
| protected array initUserAttributes ( ) |
protected function initUserAttributes(): array
{
return $this->api((array) $this->getConfigParam('userinfo_endpoint'), 'GET');
}
Decrypts/validates JWS, returning related data.
| protected array loadJws ( string $jws ) | ||
| $jws | string |
Raw JWS input. |
| return | array |
JWS underlying data. |
|---|---|---|
| throws | Yiisoft\Yii\AuthClient\Exception\ClientException |
on invalid JWS signature. |
protected function loadJws(string $jws): array
{
try {
$jwsLoader = $this->getJwsLoader();
$signature = null;
$jwsVerified = $jwsLoader->loadAndVerifyWithKeySet($jws, $this->getJwkSet(), $signature);
return (array) Json::decode($jwsVerified->getPayload(), true);
} catch (Exception $e) {
throw new ClientException('Loading JWS: Exception: ' . $e->getMessage(), $e->getCode());
}
}
| public Yiisoft\Yii\AuthClient\OAuthToken refreshAccessToken ( Yiisoft\Yii\AuthClient\OAuthToken $token ) | ||
| $token | Yiisoft\Yii\AuthClient\OAuthToken | |
#[\Override]
public function refreshAccessToken(OAuthToken $token): OAuthToken
{
if (strlen($this->tokenUrl) == 0) {
$this->tokenUrl = (string) $this->getConfigParam('token_endpoint');
}
return parent::refreshAccessToken($token);
}
Defined in: Yiisoft\Yii\AuthClient\AuthClient::removeState()
Removes persistent state value.
| protected void removeState ( string $key ) | ||
| $key | string |
State key. |
protected function removeState(string $key): void
{
$this->stateStorage->remove($this->getStateKeyPrefix() . $key);
}
Defined in: Yiisoft\Yii\AuthClient\OAuth::restoreAccessToken()
Restores access token.
| protected Yiisoft\Yii\AuthClient\OAuthToken|null restoreAccessToken ( ) |
protected function restoreAccessToken(): ?OAuthToken
{
/**
* @psalm-suppress MixedAssignment $token
*/
if (($token = $this->getState('token')) instanceof OAuthToken) {
if ($token->getIsExpired() && $this->autoRefreshAccessToken) {
return $this->refreshAccessToken($token);
}
return $token;
}
return null;
}
Defined in: Yiisoft\Yii\AuthClient\OAuth::saveAccessToken()
Saves token as persistent state.
| protected $this saveAccessToken ( Yiisoft\Yii\AuthClient\OAuthToken|null $token = null ) | ||
| $token | Yiisoft\Yii\AuthClient\OAuthToken|null |
Auth token to be saved. |
| return | $this |
The object itself. |
|---|---|---|
protected function saveAccessToken(OAuthToken $token = null): self
{
return $this->setState('token', $token);
}
Defined in: Yiisoft\Yii\AuthClient\AuthClient::sendRequest()
| protected \Psr\Http\Message\ResponseInterface sendRequest ( \Psr\Http\Message\RequestInterface $request ) | ||
| $request | \Psr\Http\Message\RequestInterface | |
protected function sendRequest(RequestInterface $request): ResponseInterface
{
return $this->httpClient->sendRequest($request);
}
Defined in: Yiisoft\Yii\AuthClient\OAuth::setAccessToken()
Sets access token to be used.
| public void setAccessToken ( array|Yiisoft\Yii\AuthClient\OAuthToken $token ) | ||
| $token | array|Yiisoft\Yii\AuthClient\OAuthToken |
Access token or its configuration. |
public function setAccessToken(array|OAuthToken $token): void
{
if (is_array($token) && !empty($token)) {
/**
* @psalm-suppress MixedAssignment $newToken
*/
$newToken = $this->createToken($token);
/**
* @psalm-suppress MixedAssignment $this->accessToken
*/
$this->accessToken = $newToken;
/**
* @psalm-suppress MixedArgument $newToken
*/
$this->saveAccessToken($newToken);
}
if ($token instanceof OAuthToken) {
$this->accessToken = $token;
$this->saveAccessToken($token);
}
}
Defined in: Yiisoft\Yii\AuthClient\OAuth::setAuthUrl()
| public void setAuthUrl ( string $authUrl ) | ||
| $authUrl | string | |
public function setAuthUrl(string $authUrl): void
{
$this->authUrl = $authUrl;
}
Defined in: Yiisoft\Yii\AuthClient\OAuth2::setClientId()
| public void setClientId ( string $clientId ) | ||
| $clientId | string | |
public function setClientId(string $clientId): void
{
$this->clientId = $clientId;
}
Defined in: Yiisoft\Yii\AuthClient\OAuth2::setClientSecret()
| public void setClientSecret ( string $clientSecret ) | ||
| $clientSecret | string | |
public function setClientSecret(string $clientSecret): void
{
$this->clientSecret = $clientSecret;
}
| public void setIssuerUrl ( string $url ) | ||
| $url | string | |
public function setIssuerUrl(string $url): void
{
$this->issuerUrl = rtrim($url, '/');
}
| public void setOauth2ReturnUrl ( string $returnUrl ) | ||
| $returnUrl | string | |
public function setOauth2ReturnUrl(string $returnUrl): void
{
$this->returnUrl = $returnUrl;
}
| public void setRequestFactory ( \Psr\Http\Message\RequestFactoryInterface $requestFactory ) | ||
| $requestFactory | \Psr\Http\Message\RequestFactoryInterface | |
public function setRequestFactory(RequestFactoryInterface $requestFactory): void
{
$this->requestFactory = $requestFactory;
}
Defined in: Yiisoft\Yii\AuthClient\OAuth::setReturnUrl()
| public void setReturnUrl ( string $returnUrl ) | ||
| $returnUrl | string |
Return URL |
public function setReturnUrl(string $returnUrl): void
{
$this->returnUrl = $returnUrl;
}
Defined in: Yiisoft\Yii\AuthClient\AuthClient::setState()
Sets persistent state.
| protected $this setState ( string $key, mixed $value ) | ||
| $key | string |
State key. |
| $value | mixed |
State value |
| return | $this |
The object itself |
|---|---|---|
protected function setState(string $key, $value): self
{
$this->stateStorage->set($this->getStateKeyPrefix() . $key, $value);
return $this;
}
Defined in: Yiisoft\Yii\AuthClient\OAuth2::setTokenUrl()
| public void setTokenUrl ( string $tokenUrl ) | ||
| $tokenUrl | string | |
public function setTokenUrl(string $tokenUrl): void
{
$this->tokenUrl = $tokenUrl;
}
| public void setValidateAuthNonce ( boolean $validateAuthNonce ) | ||
| $validateAuthNonce | boolean |
Whether to use and validate auth 'nonce' parameter in authentication flow. |
public function setValidateAuthNonce($validateAuthNonce): void
{
$this->validateAuthNonce = $validateAuthNonce;
}
| public void setYiisoftFactory ( \Yiisoft\Factory\Factory $factory ) | ||
| $factory | \Yiisoft\Factory\Factory | |
public function setYiisoftFactory(YiisoftFactory $factory): void
{
$this->factory = $factory;
}
Validates the claims data received from OpenID provider.
| protected void validateClaims ( array $claims ) | ||
| $claims | array |
Claims data. |
| throws | Yiisoft\Yii\AuthClient\Exception\ClientException |
on invalid claims. |
|---|---|---|
protected function validateClaims(array $claims): void
{
$iss = isset($claims['iss']) ? (string) $claims['iss'] : '';
$issuerUrl = $this->issuerUrl;
if (!isset($claims['iss']) || strcmp(rtrim($iss, '/'), rtrim($issuerUrl, '/')) !== 0) {
throw new ClientException('Invalid "iss"', 400);
}
if (!isset($claims['aud']) || (strcmp((string) $claims['aud'], $this->clientId) !== 0)) {
throw new ClientException('Invalid "aud"', 400);
}
}
| public self withValidateAuthState ( ) |
public function withValidateAuthState(): self
{
$new = clone $this;
$new->validateAuthState = true;
return $new;
}
| public self withoutValidateAuthState ( ) |
public function withoutValidateAuthState(): self
{
$new = clone $this;
$new->validateAuthState = false;
return $new;
}
Signup or Login in order to comment.