Class yii\authclient\OpenIdConnect
| Inheritance | yii\authclient\OpenIdConnect » yii\authclient\OAuth2 » yii\authclient\BaseOAuth » yii\authclient\BaseClient » yii\base\Component |
|---|---|
| Implements | yii\authclient\ClientInterface |
| Available since extension's version | 2.1.3 |
| Source Code | https://github.com/yiisoft/yii2-authclient/blob/master/src/OpenIdConnect.php |
OpenIdConnect serves as a client for the OpenIdConnect flow.
Application configuration example:
'components' => [
'authClientCollection' => [
'class' => 'yii\authclient\Collection',
'clients' => [
'google' => [
'class' => 'yii\authclient\OpenIdConnect',
'issuerUrl' => 'https://accounts.google.com',
'clientId' => 'google_client_id',
'clientSecret' => 'google_client_secret',
'name' => 'google',
'title' => 'Google OpenID Connect',
],
],
]
// ...
]
This class requires spomky-labs/jose library to be installed for JWS verification. This can be done via composer:
composer require --prefer-dist "spomky-labs/jose:~5.0.6"
Note: if you are using well-trusted OpenIdConnect provider, you may disable $validateJws, making installation of
spomky-labs/jose library redundant, however it is not recommended as it violates the protocol specification.
See also:
Public Properties
Public Methods
Protected Methods
Property Details
JWS algorithms, which are allowed to be used.
These are used by spomky-labs/jose library for JWS validation/decryption.
Make sure spomky-labs/jose supports the particular algorithm before adding it here.
'HS256',
'HS384',
'HS512',
'ES256',
'ES384',
'ES512',
'RS256',
'RS384',
'RS512',
'PS256',
'PS384',
'PS512',
]
The cache object, null - if not enabled. Note that the type of this property
differs in getter and setter. See getCache() and setCache() for details.
OpenID provider configuration parameters. This property is read-only.
The prefix for the key used to store $configParams data in cache. Actual cache key will be formed addition $id value to it.
See also $cache.
OpenID Issuer (provider) base URL, e.g. https://example.com.
Whether to use and validate auth 'nonce' parameter in authentication flow.
Whether to validate/decrypt JWS received with Auth token.
Note: this functionality requires spomky-labs/jose composer package to be installed.
You can disable this option in case of usage of trusted OpenIDConnect provider, however this violates
the protocol rules, so you are doing it on your own risk.
Method Details
Defined in: yii\authclient\BaseOAuth::api()
Performs request to the OAuth API returning response data.
You may use createApiRequest() method instead, gaining more control over request execution.
See also createApiRequest().
| public api( string $apiSubUrl, string $method = 'GET', array|string $data = [], array $headers = [] ): array | ||
| $apiSubUrl | string |
API sub URL, which will be append to $apiBaseUrl, or absolute API URL. |
| $method | string |
Request method. |
| $data | array|string |
Request data or content. |
| $headers | array |
Additional request headers. |
| return | array |
API response data. |
|---|---|---|
public function api($apiSubUrl, $method = 'GET', $data = [], $headers = [])
{
$request = $this->createApiRequest()
->setMethod($method)
->setUrl($apiSubUrl)
->addHeaders($headers);
if (!empty($data)) {
if (is_array($data)) {
$request->setData($data);
} else {
$request->setContent($data);
}
}
return $this->sendRequest($request);
}
Applies access token to the HTTP request instance.
| public applyAccessTokenToRequest( mixed $request, mixed $accessToken ): mixed | ||
| $request | mixed |
HTTP request instance. |
| $accessToken | mixed |
Access token instance. |
public function applyAccessTokenToRequest($request, $accessToken)
{
// OpenID Connect requires bearer token auth for the user info endpoint
$request->getHeaders()->set('Authorization', 'Bearer ' . $accessToken->getToken());
}
Applies client credentials (e.g. $clientId and $clientSecret) to the HTTP request instance.
This method should be invoked before sending any HTTP request, which requires client credentials.
| protected applyClientCredentialsToRequest( mixed $request ): mixed | ||
| $request | mixed |
HTTP request instance. |
protected function applyClientCredentialsToRequest($request)
{
$supportedAuthMethods = $this->getConfigParam('token_endpoint_auth_methods_supported');
if (in_array('client_secret_basic', $supportedAuthMethods)) {
$request->addHeaders([
'Authorization' => 'Basic ' . base64_encode($this->clientId . ':' . $this->clientSecret)
]);
} elseif (in_array('client_secret_post', $supportedAuthMethods)) {
$request->addData([
'client_id' => $this->clientId,
'client_secret' => $this->clientSecret,
]);
} elseif (in_array('client_secret_jwt', $supportedAuthMethods)) {
$header = [
'typ' => 'JWT',
'alg' => 'HS256',
];
$payload = [
'iss' => $this->clientId,
'sub' => $this->clientId,
'aud' => $this->tokenUrl,
'jti' => $this->generateAuthNonce(),
'iat' => time(),
'exp' => time() + 3600,
];
$signatureBaseString = base64_encode(Json::encode($header)) . '.' . base64_encode(Json::encode($payload));
$signatureMethod = new HmacSha(['algorithm' => 'sha256']);
$signature = $signatureMethod->generateSignature($signatureBaseString, $this->clientSecret);
$assertion = $signatureBaseString . '.' . $signature;
$request->addData([
'assertion' => $assertion,
]);
} else {
throw new InvalidConfigException('Unable to authenticate request: none of following auth methods is suported: ' . implode(', ', $supportedAuthMethods));
}
}
Defined in: yii\authclient\OAuth2::authenticateClient()
Authenticate OAuth client directly at the provider without third party (user) involved, using 'client_credentials' grant type.
| public authenticateClient( array $params = [] ): yii\authclient\OAuthToken | ||
| $params | array |
Additional request params. |
| return | yii\authclient\OAuthToken |
Access token. |
|---|---|---|
public function authenticateClient($params = [])
{
$defaultParams = [
'grant_type' => 'client_credentials',
];
if (!empty($this->scope)) {
$defaultParams['scope'] = $this->scope;
}
$request = $this->createRequest()
->setMethod('POST')
->setUrl($this->tokenUrl)
->setData(array_merge($defaultParams, $params));
$this->applyClientCredentialsToRequest($request);
$response = $this->sendRequest($request);
$token = $this->createToken(['params' => $response]);
$this->setAccessToken($token);
return $token;
}
Defined in: yii\authclient\OAuth2::authenticateUser()
Authenticates user directly by 'username/password' pair, using 'password' grant type.
| public authenticateUser( string $username, string $password, array $params = [] ): yii\authclient\OAuthToken | ||
| $username | string |
User name. |
| $password | string |
User password. |
| $params | array |
Additional request params. |
| return | yii\authclient\OAuthToken |
Access token. |
|---|---|---|
public function authenticateUser($username, $password, $params = [])
{
$defaultParams = [
'grant_type' => 'password',
'username' => $username,
'password' => $password,
];
if (!empty($this->scope)) {
$defaultParams['scope'] = $this->scope;
}
$request = $this->createRequest()
->setMethod('POST')
->setUrl($this->tokenUrl)
->setData(array_merge($defaultParams, $params));
$this->applyClientCredentialsToRequest($request);
$response = $this->sendRequest($request);
$token = $this->createToken(['params' => $response]);
$this->setAccessToken($token);
return $token;
}
Defined in: yii\authclient\OAuth2::authenticateUserJwt()
Authenticates user directly using JSON Web Token (JWT).
See also https://tools.ietf.org/html/rfc7515.
| public authenticateUserJwt( string $username, yii\authclient\signature\BaseMethod|array $signature = null, array $options = [], array $params = [] ): yii\authclient\OAuthToken | ||
| $username | string | |
| $signature | yii\authclient\signature\BaseMethod|array |
Signature method or its array configuration. If empty - $signatureMethod will be used. |
| $options | array |
Additional options. Valid options are:
|
| $params | array |
Additional request params. |
| return | yii\authclient\OAuthToken |
Access token. |
|---|---|---|
public function authenticateUserJwt($username, $signature = null, $options = [], $params = [])
{
if (empty($signature)) {
$signatureMethod = $this->getSignatureMethod();
} elseif (is_object($signature)) {
$signatureMethod = $signature;
} else {
$signatureMethod = $this->createSignatureMethod($signature);
}
$header = isset($options['header']) ? $options['header'] : [];
$payload = isset($options['payload']) ? $options['payload'] : [];
$header = array_merge([
'typ' => 'JWT'
], $header);
if (!isset($header['alg'])) {
$signatureName = $signatureMethod->getName();
if (preg_match('/^([a-z])[a-z]*\-([a-z])[a-z]*([0-9]+)$/is', $signatureName, $matches)) {
// convert 'RSA-SHA256' to 'RS256' :
$signatureName = $matches[1] . $matches[2] . $matches[3];
}
$header['alg'] = $signatureName;
}
$payload = array_merge([
'iss' => $username,
'scope' => $this->scope,
'aud' => $this->tokenUrl,
'iat' => time(),
], $payload);
if (!isset($payload['exp'])) {
$payload['exp'] = $payload['iat'] + 3600;
}
$signatureBaseString = base64_encode(Json::encode($header)) . '.' . base64_encode(Json::encode($payload));
$signatureKey = isset($options['signatureKey']) ? $options['signatureKey'] : $this->clientSecret;
$signature = $signatureMethod->generateSignature($signatureBaseString, $signatureKey);
$assertion = $signatureBaseString . '.' . $signature;
$request = $this->createRequest()
->setMethod('POST')
->setUrl($this->tokenUrl)
->setData(array_merge([
'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer',
'assertion' => $assertion,
], $params));
$response = $this->sendRequest($request);
$token = $this->createToken(['params' => $response]);
$this->setAccessToken($token);
return $token;
}
Defined in: yii\authclient\BaseOAuth::beforeApiRequestSend()
Handles Request::EVENT_BEFORE_SEND event.
Applies $accessToken to the request.
| public beforeApiRequestSend( \yii\httpclient\RequestEvent $event ): mixed | ||
| $event | \yii\httpclient\RequestEvent |
Event instance. |
| throws | \yii\base\Exception |
on invalid access token. |
|---|---|---|
public function beforeApiRequestSend($event)
{
$accessToken = $this->getAccessToken();
if (!is_object($accessToken) || !$accessToken->getIsValid()) {
throw new Exception('Invalid access token.');
}
$this->applyAccessTokenToRequest($event->request, $accessToken);
}
Composes user authorization URL.
| public buildAuthUrl( array $params = [] ): string | ||
| $params | array |
Additional auth GET params. |
| return | string |
Authorization URL. |
|---|---|---|
public function buildAuthUrl(array $params = [])
{
if ($this->authUrl === null) {
$this->authUrl = $this->getConfigParam('authorization_endpoint');
}
return parent::buildAuthUrl($params);
}
Defined in: yii\authclient\BaseOAuth::composeUrl()
Composes URL from base URL and GET params.
| protected composeUrl( string $url, array $params = [] ): string | ||
| $url | string |
Base URL. |
| $params | array |
GET params. |
| return | string |
Composed URL. |
|---|---|---|
protected function composeUrl($url, array $params = [])
{
if (!empty($params)) {
if (strpos($url, '?') === false) {
$url .= '?';
} else {
$url .= '&';
}
$url .= http_build_query($params, '', '&', PHP_QUERY_RFC3986);
}
return $url;
}
Defined in: yii\authclient\BaseOAuth::createApiRequest()
Creates an HTTP request for the API call.
The created request will be automatically processed adding access token parameters and signature before sending. You may use createRequest() to gain full control over request composition and execution.
See also createRequest().
| public createApiRequest( ): \yii\httpclient\Request | ||
| return | \yii\httpclient\Request |
HTTP request instance. |
|---|---|---|
public function createApiRequest()
{
$request = $this->createRequest();
$request->on(Request::EVENT_BEFORE_SEND, [$this, 'beforeApiRequestSend']);
return $request;
}
Defined in: yii\authclient\BaseOAuth::createHttpClient()
Creates HTTP client instance from reference or configuration.
| protected createHttpClient( mixed $reference ): \yii\httpclient\Client | ||
| $reference | mixed |
Component name or array configuration. |
| return | \yii\httpclient\Client |
HTTP client instance. |
|---|---|---|
protected function createHttpClient($reference)
{
$httpClient = parent::createHttpClient($reference);
$httpClient->baseUrl = $this->apiBaseUrl;
return $httpClient;
}
Defined in: yii\authclient\BaseClient::createRequest()
Creates HTTP request instance.
| public createRequest( ): \yii\httpclient\Request | ||
| return | \yii\httpclient\Request |
HTTP request instance. |
|---|---|---|
public function createRequest()
{
return $this->getHttpClient()
->createRequest()
->addOptions($this->defaultRequestOptions())
->addOptions($this->getRequestOptions());
}
Defined in: yii\authclient\BaseOAuth::createSignatureMethod()
Creates signature method instance from its configuration.
| protected createSignatureMethod( array $signatureMethodConfig ): yii\authclient\signature\BaseMethod | ||
| $signatureMethodConfig | array |
Signature method configuration. |
| return | yii\authclient\signature\BaseMethod |
Signature method instance. |
|---|---|---|
protected function createSignatureMethod(array $signatureMethodConfig)
{
if (!array_key_exists('class', $signatureMethodConfig)) {
$signatureMethodConfig['class'] = signature\HmacSha1::className();
}
return Yii::createObject($signatureMethodConfig);
}
Creates token from its configuration.
| protected createToken( array $tokenConfig = [] ): yii\authclient\OAuthToken | ||
| $tokenConfig | array |
Token configuration. |
| return | yii\authclient\OAuthToken |
Token instance. |
|---|---|---|
protected function createToken(array $tokenConfig = [])
{
if ($this->validateJws) {
$jwsData = $this->loadJws($tokenConfig['params']['id_token']);
$this->validateClaims($jwsData);
$tokenConfig['params'] = array_merge($tokenConfig['params'], $jwsData);
if ($this->getValidateAuthNonce()) {
$authNonce = $this->getState('authNonce');
if (!isset($jwsData['nonce']) || empty($authNonce) || strcmp($jwsData['nonce'], $authNonce) !== 0) {
throw new HttpException(400, 'Invalid auth nonce');
} else {
$this->removeState('authNonce');
}
}
}
return parent::createToken($tokenConfig);
}
Defined in: yii\authclient\BaseClient::defaultName()
Generates service name.
| protected defaultName( ): string | ||
| return | string |
Service name. |
|---|---|---|
protected function defaultName()
{
return Inflector::camel2id(StringHelper::basename(get_class($this)));
}
Defined in: yii\authclient\BaseClient::defaultNormalizeUserAttributeMap()
Returns the default $normalizeUserAttributeMap value.
Particular client may override this method in order to provide specific default map.
| protected defaultNormalizeUserAttributeMap( ): array | ||
| return | array |
Normalize attribute map. |
|---|---|---|
protected function defaultNormalizeUserAttributeMap()
{
return [];
}
Defined in: yii\authclient\BaseOAuth::defaultRequestOptions()
Returns default HTTP request options.
| protected defaultRequestOptions( ): array | ||
| return | array |
HTTP request options. |
|---|---|---|
protected function defaultRequestOptions()
{
return [
'userAgent' => Yii::$app->name . ' OAuth ' . $this->version . ' Client',
'timeout' => 30,
'sslVerifyPeer' => false,
];
}
Composes default $returnUrl value.
| protected defaultReturnUrl( ): string | ||
| return | string |
Return URL. |
|---|---|---|
protected function defaultReturnUrl()
{
$params = Yii::$app->getRequest()->getQueryParams();
// OAuth2 specifics :
unset($params['code']);
unset($params['state']);
// OpenIdConnect specifics :
unset($params['nonce']);
unset($params['authuser']);
unset($params['session_state']);
unset($params['prompt']);
$params[0] = Yii::$app->controller->getRoute();
return Yii::$app->getUrlManager()->createAbsoluteUrl($params);
}
Defined in: yii\authclient\BaseClient::defaultTitle()
Generates service title.
| protected defaultTitle( ): string | ||
| return | string |
Service title. |
|---|---|---|
protected function defaultTitle()
{
return StringHelper::basename(get_class($this));
}
Defined in: yii\authclient\BaseClient::defaultViewOptions()
Returns the default $viewOptions value.
Particular client may override this method in order to provide specific default view options.
| protected defaultViewOptions( ): array | ||
| return | array |
List of default $viewOptions |
|---|---|---|
protected function defaultViewOptions()
{
return [];
}
Discovers OpenID Provider configuration parameters.
| protected discoverConfig( ): array | ||
| return | array |
OpenID Provider configuration parameters. |
|---|---|---|
| throws | yii\authclient\InvalidResponseException |
on failure. |
protected function discoverConfig()
{
$request = $this->createRequest();
$configUrl = rtrim($this->issuerUrl, '/') . '/.well-known/openid-configuration';
$request->setMethod('GET')
->setUrl($configUrl);
$response = $this->sendRequest($request);
return $response;
}
Fetches access token from authorization code.
| public fetchAccessToken( mixed $authCode, array $params = [] ): yii\authclient\OAuthToken | ||
| $authCode | mixed |
Authorization code, usually comes at GET parameter 'code'. |
| $params | array |
Additional request params. |
| return | yii\authclient\OAuthToken |
Access token. |
|---|---|---|
| throws | \yii\web\HttpException |
on invalid auth state in case enableStateValidation is enabled. |
public function fetchAccessToken($authCode, array $params = [])
{
if ($this->tokenUrl === null) {
$this->tokenUrl = $this->getConfigParam('token_endpoint');
}
if (!isset($params['nonce']) && $this->getValidateAuthNonce()) {
$nonce = $this->generateAuthNonce();
$this->setState('authNonce', $nonce);
$params['nonce'] = $nonce;
}
return parent::fetchAccessToken($authCode, $params);
}
Generates the auth nonce value.
| protected generateAuthNonce( ): string | ||
| return | string |
Auth nonce value. |
|---|---|---|
protected function generateAuthNonce()
{
return Yii::$app->security->generateRandomString();
}
Defined in: yii\authclient\OAuth2::generateAuthState()
Generates the auth state value.
| protected generateAuthState( ): string | ||
| return | string |
Auth state value. |
|---|---|---|
protected function generateAuthState()
{
$baseString = get_class($this) . '-' . time();
if (Yii::$app->has('session')) {
$baseString .= '-' . Yii::$app->session->getId();
}
return hash('sha256', uniqid($baseString, true));
}
Defined in: yii\authclient\BaseOAuth::getAccessToken()
| public getAccessToken( ): yii\authclient\OAuthToken | ||
| return | yii\authclient\OAuthToken |
Auth token instance. |
|---|---|---|
public function getAccessToken()
{
if (!is_object($this->_accessToken)) {
$this->_accessToken = $this->restoreAccessToken();
}
return $this->_accessToken;
}
| public getCache( ): \yii\caching\Cache|null | ||
| return | \yii\caching\Cache|null |
The cache object, |
|---|---|---|
public function getCache()
{
if ($this->_cache !== null && !is_object($this->_cache)) {
$this->_cache = Instance::ensure($this->_cache, Cache::className());
}
return $this->_cache;
}
Returns particular configuration parameter value.
| public getConfigParam( string $name ): mixed | ||
| $name | string |
Configuration parameter name. |
| return | mixed |
Configuration parameter value. |
|---|---|---|
public function getConfigParam($name)
{
$params = $this->getConfigParams();
return $params[$name];
}
| public getConfigParams( ): array | ||
| return | array |
OpenID provider configuration parameters. |
|---|---|---|
public function getConfigParams()
{
if ($this->_configParams === null) {
$cache = $this->getCache();
$cacheKey = $this->configParamsCacheKeyPrefix . $this->getId();
if ($cache === null || ($configParams = $cache->get($cacheKey)) === false) {
$configParams = $this->discoverConfig();
}
$this->_configParams = $configParams;
if ($cache !== null) {
$cache->set($cacheKey, $configParams);
}
}
return $this->_configParams;
}
Defined in: yii\authclient\BaseClient::getHttpClient()
Returns HTTP client.
| public getHttpClient( ): \yii\httpclient\Client | ||
| return | \yii\httpclient\Client |
Internal HTTP client. |
|---|---|---|
public function getHttpClient()
{
if (!is_object($this->_httpClient)) {
$this->_httpClient = $this->createHttpClient($this->_httpClient);
}
return $this->_httpClient;
}
Defined in: yii\authclient\BaseClient::getId()
| public getId( ): string | ||
| return | string |
Service id |
|---|---|---|
public function getId()
{
if (empty($this->_id)) {
$this->_id = $this->getName();
}
return $this->_id;
}
Defined in: yii\authclient\BaseClient::getName()
| public getName( ): string | ||
| return | string |
Service name. |
|---|---|---|
public function getName()
{
if ($this->_name === null) {
$this->_name = $this->defaultName();
}
return $this->_name;
}
| public getNormalizeUserAttributeMap( ): array | ||
| return | array |
Normalize user attribute map. |
|---|---|---|
public function getNormalizeUserAttributeMap()
{
if ($this->_normalizeUserAttributeMap === null) {
$this->_normalizeUserAttributeMap = $this->defaultNormalizeUserAttributeMap();
}
return $this->_normalizeUserAttributeMap;
}
Defined in: yii\authclient\BaseClient::getRequestOptions()
| public getRequestOptions( ): array | ||
| return | array |
HTTP request options. |
|---|---|---|
public function getRequestOptions()
{
return $this->_requestOptions;
}
Defined in: yii\authclient\BaseOAuth::getReturnUrl()
| public getReturnUrl( ): string | ||
| return | string |
Return URL. |
|---|---|---|
public function getReturnUrl()
{
if ($this->_returnUrl === null) {
$this->_returnUrl = $this->defaultReturnUrl();
}
return $this->_returnUrl;
}
Defined in: yii\authclient\BaseOAuth::getSignatureMethod()
| public getSignatureMethod( ): yii\authclient\signature\BaseMethod | ||
| return | yii\authclient\signature\BaseMethod |
Signature method instance. |
|---|---|---|
public function getSignatureMethod()
{
if (!is_object($this->_signatureMethod)) {
$this->_signatureMethod = $this->createSignatureMethod($this->_signatureMethod);
}
return $this->_signatureMethod;
}
Defined in: yii\authclient\BaseClient::getState()
Returns persistent state value.
| protected getState( string $key ): mixed | ||
| $key | string |
State key. |
| return | mixed |
State value. |
|---|---|---|
protected function getState($key)
{
return $this->getStateStorage()->get($this->getStateKeyPrefix() . $key);
}
Defined in: yii\authclient\BaseClient::getStateKeyPrefix()
Returns session key prefix, which is used to store internal states.
| protected getStateKeyPrefix( ): string | ||
| return | string |
Session key prefix. |
|---|---|---|
protected function getStateKeyPrefix()
{
return get_class($this) . '_' . $this->getId() . '_';
}
Defined in: yii\authclient\BaseClient::getStateStorage()
| public getStateStorage( ): yii\authclient\StateStorageInterface | ||
| return | yii\authclient\StateStorageInterface |
Stage storage. |
|---|---|---|
public function getStateStorage()
{
if (!is_object($this->_stateStorage)) {
$this->_stateStorage = Yii::createObject($this->_stateStorage);
}
return $this->_stateStorage;
}
Defined in: yii\authclient\BaseClient::getTitle()
| public getTitle( ): string | ||
| return | string |
Service title. |
|---|---|---|
public function getTitle()
{
if ($this->_title === null) {
$this->_title = $this->defaultTitle();
}
return $this->_title;
}
Defined in: yii\authclient\BaseClient::getUserAttributes()
| public getUserAttributes( ): array | ||
| return | array |
List of user attributes |
|---|---|---|
public function getUserAttributes()
{
if ($this->_userAttributes === null) {
$this->_userAttributes = $this->normalizeUserAttributes($this->initUserAttributes());
}
return $this->_userAttributes;
}
| public getValidateAuthNonce( ): boolean | ||
| return | boolean |
Whether to use and validate auth 'nonce' parameter in authentication flow. |
|---|---|---|
public function getValidateAuthNonce()
{
if ($this->_validateAuthNonce === null) {
$this->_validateAuthNonce = $this->validateJws && in_array('nonce', $this->getConfigParam('claims_supported'));
}
return $this->_validateAuthNonce;
}
Defined in: yii\authclient\BaseClient::getViewOptions()
| public getViewOptions( ): array | ||
| return | array |
View options in format: optionName => optionValue |
|---|---|---|
public function getViewOptions()
{
if ($this->_viewOptions === null) {
$this->_viewOptions = $this->defaultViewOptions();
}
return $this->_viewOptions;
}
Initializes authenticated user attributes.
| protected initUserAttributes( ): array | ||
| return | array |
Auth user attributes. |
|---|---|---|
protected function initUserAttributes()
{
return $this->api($this->getConfigParam('userinfo_endpoint'), 'GET');
}
Decrypts/validates JWS, returning related data.
| protected loadJws( string $jws ): array | ||
| $jws | string |
Raw JWS input. |
| return | array |
JWS underlying data. |
|---|---|---|
| throws | \yii\web\HttpException |
on invalid JWS signature. |
protected function loadJws($jws)
{
try {
$jwkSet = JWKFactory::createFromJKU($this->getConfigParam('jwks_uri'));
$loader = new Loader();
return $loader->loadAndVerifySignatureUsingKeySet($jws, $jwkSet, $this->allowedJwsAlgorithms)->getPayload();
} catch (\Exception $e) {
$message = YII_DEBUG ? 'Unable to verify JWS: ' . $e->getMessage() : 'Invalid JWS';
throw new HttpException(400, $message, $e->getCode(), $e);
}
}
Defined in: yii\authclient\BaseClient::normalizeUserAttributes()
Normalize given user attributes according to $normalizeUserAttributeMap.
| protected normalizeUserAttributes( array $attributes ): array | ||
| $attributes | array |
Raw attributes. |
| return | array |
Normalized attributes. |
|---|---|---|
| throws | \yii\base\InvalidConfigException |
on incorrect normalize attribute map. |
protected function normalizeUserAttributes($attributes)
{
foreach ($this->getNormalizeUserAttributeMap() as $normalizedName => $actualName) {
if (is_scalar($actualName)) {
if (array_key_exists($actualName, $attributes)) {
$attributes[$normalizedName] = $attributes[$actualName];
}
} else {
if (is_callable($actualName)) {
$attributes[$normalizedName] = call_user_func($actualName, $attributes);
} elseif (is_array($actualName)) {
$haystack = $attributes;
$searchKeys = $actualName;
$isFound = true;
while (($key = array_shift($searchKeys)) !== null) {
if (is_array($haystack) && array_key_exists($key, $haystack)) {
$haystack = $haystack[$key];
} else {
$isFound = false;
break;
}
}
if ($isFound) {
$attributes[$normalizedName] = $haystack;
}
} else {
throw new InvalidConfigException('Invalid actual name "' . gettype($actualName) . '" specified at "' . get_class($this) . '::normalizeUserAttributeMap"');
}
}
}
return $attributes;
}
Gets new auth token to replace expired one.
| public refreshAccessToken( yii\authclient\OAuthToken $token ): yii\authclient\OAuthToken | ||
| $token | yii\authclient\OAuthToken |
Expired auth token. |
| return | yii\authclient\OAuthToken |
New auth token. |
|---|---|---|
public function refreshAccessToken(OAuthToken $token)
{
if ($this->tokenUrl === null) {
$this->tokenUrl = $this->getConfigParam('token_endpoint');
}
return parent::refreshAccessToken($token);
}
Defined in: yii\authclient\BaseClient::removeState()
Removes persistent state value.
| protected removeState( string $key ): boolean | ||
| $key | string |
State key. |
| return | boolean |
Success. |
|---|---|---|
protected function removeState($key)
{
return $this->getStateStorage()->remove($this->getStateKeyPrefix() . $key);
}
Defined in: yii\authclient\BaseOAuth::restoreAccessToken()
Restores access token.
| protected restoreAccessToken( ): yii\authclient\OAuthToken | ||
| return | yii\authclient\OAuthToken |
Auth token. |
|---|---|---|
protected function restoreAccessToken()
{
$token = $this->getState('token');
if (is_object($token)) {
/* @var $token OAuthToken */
if ($token->getIsExpired() && $this->autoRefreshAccessToken) {
$token = $this->refreshAccessToken($token);
}
}
return $token;
}
Defined in: yii\authclient\BaseOAuth::saveAccessToken()
Saves token as persistent state.
| protected saveAccessToken( yii\authclient\OAuthToken|null $token ): $this | ||
| $token | yii\authclient\OAuthToken|null |
Auth token to be saved. |
| return | $this |
The object itself. |
|---|---|---|
protected function saveAccessToken($token)
{
return $this->setState('token', $token);
}
Defined in: yii\authclient\BaseOAuth::sendRequest()
Sends the given HTTP request, returning response data.
| protected sendRequest( \yii\httpclient\Request $request ): array | ||
| $request | \yii\httpclient\Request |
HTTP request to be sent. |
| return | array |
Response data. |
|---|---|---|
| throws | yii\authclient\InvalidResponseException |
on invalid remote response. |
protected function sendRequest($request)
{
$response = $request->send();
if (!$response->getIsOk()) {
throw new InvalidResponseException($response, 'Request failed with code: ' . $response->getStatusCode() . ', message: ' . $response->getContent());
}
return $response->getData();
}
Defined in: yii\authclient\BaseOAuth::setAccessToken()
Sets access token to be used.
| public setAccessToken( array|yii\authclient\OAuthToken $token ): mixed | ||
| $token | array|yii\authclient\OAuthToken |
Access token or its configuration. |
public function setAccessToken($token)
{
if (!is_object($token) && $token !== null) {
$token = $this->createToken($token);
}
$this->_accessToken = $token;
$this->saveAccessToken($token);
}
Sets up a component to be used for caching.
This can be one of the following:
- an application component ID (e.g.
cache) - a configuration array
- a \yii\caching\Cache object
When null is passed, it means caching is not enabled.
| public setCache( \yii\caching\Cache|array|string|null $cache ): mixed | ||
| $cache | \yii\caching\Cache|array|string|null |
The cache object or the ID of the cache application component. |
public function setCache($cache)
{
$this->_cache = $cache;
}
Defined in: yii\authclient\BaseOAuth::setHttpClient()
Sets HTTP client to be used.
| public setHttpClient( mixed $httpClient ): mixed | ||
| $httpClient | mixed |
Internal HTTP client. |
public function setHttpClient($httpClient)
{
if (is_object($httpClient)) {
$httpClient = clone $httpClient;
$httpClient->baseUrl = $this->apiBaseUrl;
}
parent::setHttpClient($httpClient);
}
Defined in: yii\authclient\BaseClient::setId()
| public setId( string $id ): mixed | ||
| $id | string |
Service id. |
public function setId($id)
{
$this->_id = $id;
}
Defined in: yii\authclient\BaseClient::setName()
| public setName( string $name ): mixed | ||
| $name | string |
Service name. |
public function setName($name)
{
$this->_name = $name;
}
| public setNormalizeUserAttributeMap( array $normalizeUserAttributeMap ): mixed | ||
| $normalizeUserAttributeMap | array |
Normalize user attribute map. |
public function setNormalizeUserAttributeMap($normalizeUserAttributeMap)
{
$this->_normalizeUserAttributeMap = $normalizeUserAttributeMap;
}
Defined in: yii\authclient\BaseClient::setRequestOptions()
| public setRequestOptions( array $options ): mixed | ||
| $options | array |
HTTP request options. |
public function setRequestOptions(array $options)
{
$this->_requestOptions = $options;
}
Defined in: yii\authclient\BaseOAuth::setReturnUrl()
| public setReturnUrl( string $returnUrl ): mixed | ||
| $returnUrl | string |
Return URL |
public function setReturnUrl($returnUrl)
{
$this->_returnUrl = $returnUrl;
}
Defined in: yii\authclient\BaseOAuth::setSignatureMethod()
Set signature method to be used.
| public setSignatureMethod( array|yii\authclient\signature\BaseMethod $signatureMethod ): mixed | ||
| $signatureMethod | array|yii\authclient\signature\BaseMethod |
Signature method instance or its array configuration. |
| throws | \yii\base\InvalidParamException |
on wrong argument. |
|---|---|---|
public function setSignatureMethod($signatureMethod)
{
if (!is_object($signatureMethod) && !is_array($signatureMethod)) {
throw new InvalidParamException('"' . get_class($this) . '::signatureMethod" should be instance of "\yii\autclient\signature\BaseMethod" or its array configuration. "' . gettype($signatureMethod) . '" has been given.');
}
$this->_signatureMethod = $signatureMethod;
}
Defined in: yii\authclient\BaseClient::setState()
Sets persistent state.
| protected setState( string $key, mixed $value ): $this | ||
| $key | string |
State key. |
| $value | mixed |
State value |
| return | $this |
The object itself |
|---|---|---|
protected function setState($key, $value)
{
$this->getStateStorage()->set($this->getStateKeyPrefix() . $key, $value);
return $this;
}
Defined in: yii\authclient\BaseClient::setStateStorage()
| public setStateStorage( yii\authclient\StateStorageInterface|array|string $stateStorage ): mixed | ||
| $stateStorage | yii\authclient\StateStorageInterface|array|string |
Stage storage to be used. |
public function setStateStorage($stateStorage)
{
$this->_stateStorage = $stateStorage;
}
Defined in: yii\authclient\BaseClient::setTitle()
| public setTitle( string $title ): mixed | ||
| $title | string |
Service title. |
public function setTitle($title)
{
$this->_title = $title;
}
Defined in: yii\authclient\BaseClient::setUserAttributes()
| public setUserAttributes( array $userAttributes ): mixed | ||
| $userAttributes | array |
List of user attributes |
public function setUserAttributes($userAttributes)
{
$this->_userAttributes = $this->normalizeUserAttributes($userAttributes);
}
| public setValidateAuthNonce( boolean $validateAuthNonce ): mixed | ||
| $validateAuthNonce | boolean |
Whether to use and validate auth 'nonce' parameter in authentication flow. |
public function setValidateAuthNonce($validateAuthNonce)
{
$this->_validateAuthNonce = $validateAuthNonce;
}
Defined in: yii\authclient\BaseClient::setViewOptions()
| public setViewOptions( array $viewOptions ): mixed | ||
| $viewOptions | array |
View options in format: optionName => optionValue |
public function setViewOptions($viewOptions)
{
$this->_viewOptions = $viewOptions;
}