Class yii\authclient\OpenIdConnect

Inheritanceyii\authclient\OpenIdConnect » yii\authclient\OAuth2 » yii\authclient\BaseOAuth » yii\authclient\BaseClient » yii\base\Component
Implementsyii\authclient\ClientInterface
Available since version2.1.3

OpenIdConnect serves as a client for the OpenIdConnect flow.

Application configuration example:

'components' => [
    'authClientCollection' => [
        'class' => 'yii\authclient\Collection',
        'clients' => [
            'google' => [
                'class' => 'yii\authclient\OpenIdConnect',
                'issuerUrl' => 'https://accounts.google.com',
                'clientId' => 'google_client_id',
                'clientSecret' => 'google_client_secret',
                'name' => 'google',
                'title' => 'Google OpenID Connect',
            ],
        ],
    ]
    // ...
]

This class requires spomky-labs/jose library to be installed for JWS verification. This can be done via composer:

composer require --prefer-dist "spomky-labs/jose:~5.0.6"

Note: if you are using well-trusted OpenIdConnect provider, you may disable $validateJws, making installation of spomky-labs/jose library redundant, however it is not recommended as it violates the protocol specification.

See also:

Public Properties

Hide inherited properties

PropertyTypeDescriptionDefined By
$allowedJwsAlgorithms array JWS algorithms, which are allowed to be used. yii\authclient\OpenIdConnect
$apiBaseUrl string API base URL. yii\authclient\BaseOAuth
$authUrl string Authorize URL. yii\authclient\BaseOAuth
$autoRefreshAccessToken boolean Whether to automatically perform 'refresh access token' request on expired access token. yii\authclient\BaseOAuth
$clientId string OAuth client ID. yii\authclient\OAuth2
$clientSecret string OAuth client secret. yii\authclient\OAuth2
$configParamsCacheKeyPrefix string The prefix for the key used to store \yii\authclient\configParams data in cache. yii\authclient\OpenIdConnect
$issuerUrl string OpenID Issuer (provider) base URL, e.g. `https://example. yii\authclient\OpenIdConnect
$scope string Auth request scope. yii\authclient\OpenIdConnect
$tokenUrl string Token request URL endpoint. yii\authclient\OAuth2
$validateAuthState boolean Whether to use and validate auth 'state' parameter in authentication flow. yii\authclient\OAuth2
$validateJws boolean Whether to validate/decrypt JWS received with Auth token. yii\authclient\OpenIdConnect
$version string Protocol version. yii\authclient\OAuth2

Public Methods

Hide inherited methods

MethodDescriptionDefined By
api() Performs request to the OAuth API returning response data. yii\authclient\BaseOAuth
applyAccessTokenToRequest() Applies access token to the HTTP request instance. yii\authclient\OAuth2
authenticateClient() Authenticate OAuth client directly at the provider without third party (user) involved, using 'client_credentials' grant type. yii\authclient\OAuth2
authenticateUser() Authenticates user directly by 'username/password' pair, using 'password' grant type. yii\authclient\OAuth2
authenticateUserJwt() Authenticates user directly using JSON Web Token (JWT). yii\authclient\OAuth2
beforeApiRequestSend() Handles \yii\httpclient\Request::EVENT_BEFORE_SEND event. yii\authclient\BaseOAuth
buildAuthUrl() Composes user authorization URL. yii\authclient\OpenIdConnect
createApiRequest() Creates an HTTP request for the API call. yii\authclient\BaseOAuth
createRequest() Creates HTTP request instance. yii\authclient\BaseClient
fetchAccessToken() Fetches access token from authorization code. yii\authclient\OpenIdConnect
getAccessToken() yii\authclient\BaseOAuth
getCache() yii\authclient\OpenIdConnect
getConfigParam() Returns particular configuration parameter value. yii\authclient\OpenIdConnect
getConfigParams() yii\authclient\OpenIdConnect
getHttpClient() Returns HTTP client. yii\authclient\BaseClient
getId() yii\authclient\ClientInterface
getName() yii\authclient\ClientInterface
getNormalizeUserAttributeMap() yii\authclient\BaseClient
getRequestOptions() yii\authclient\BaseClient
getReturnUrl() yii\authclient\BaseOAuth
getSignatureMethod() yii\authclient\BaseOAuth
getStateStorage() yii\authclient\BaseClient
getTitle() yii\authclient\ClientInterface
getUserAttributes() yii\authclient\ClientInterface
getValidateAuthNonce() yii\authclient\OpenIdConnect
getViewOptions() yii\authclient\ClientInterface
refreshAccessToken() Gets new auth token to replace expired one. yii\authclient\OpenIdConnect
setAccessToken() Sets access token to be used. yii\authclient\BaseOAuth
setCache() Sets up a component to be used for caching. yii\authclient\OpenIdConnect
setHttpClient() Sets HTTP client to be used. yii\authclient\BaseOAuth
setId() yii\authclient\ClientInterface
setName() yii\authclient\ClientInterface
setNormalizeUserAttributeMap() yii\authclient\BaseClient
setRequestOptions() yii\authclient\BaseClient
setReturnUrl() yii\authclient\BaseOAuth
setSignatureMethod() Set signature method to be used. yii\authclient\BaseOAuth
setStateStorage() yii\authclient\BaseClient
setTitle() yii\authclient\ClientInterface
setUserAttributes() yii\authclient\BaseClient
setValidateAuthNonce() yii\authclient\OpenIdConnect
setViewOptions() yii\authclient\BaseClient

Protected Methods

Hide inherited methods

MethodDescriptionDefined By
applyClientCredentialsToRequest() Applies client credentials (e.g. $clientId and $clientSecret) to the HTTP request instance. yii\authclient\OpenIdConnect
composeUrl() Composes URL from base URL and GET params. yii\authclient\BaseOAuth
createHttpClient() Creates HTTP client instance from reference or configuration. yii\authclient\BaseOAuth
createSignatureMethod() Creates signature method instance from its configuration. yii\authclient\BaseOAuth
createToken() Creates token from its configuration. yii\authclient\OpenIdConnect
defaultName() Generates service name. yii\authclient\BaseClient
defaultNormalizeUserAttributeMap() Returns the default \yii\authclient\normalizeUserAttributeMap value. yii\authclient\BaseClient
defaultRequestOptions() Returns default HTTP request options. yii\authclient\BaseOAuth
defaultReturnUrl() Composes default \yii\authclient\returnUrl value. yii\authclient\OpenIdConnect
defaultTitle() Generates service title. yii\authclient\BaseClient
defaultViewOptions() Returns the default \yii\authclient\viewOptions value. yii\authclient\BaseClient
discoverConfig() Discovers OpenID Provider configuration parameters. yii\authclient\OpenIdConnect
generateAuthNonce() Generates the auth nonce value. yii\authclient\OpenIdConnect
generateAuthState() Generates the auth state value. yii\authclient\OAuth2
getState() Returns persistent state value. yii\authclient\BaseClient
getStateKeyPrefix() Returns session key prefix, which is used to store internal states. yii\authclient\BaseClient
initUserAttributes() Initializes authenticated user attributes. yii\authclient\OpenIdConnect
loadJws() Decrypts/validates JWS, returning related data. yii\authclient\OpenIdConnect
normalizeUserAttributes() Normalize given user attributes according to \yii\authclient\normalizeUserAttributeMap. yii\authclient\BaseClient
removeState() Removes persistent state value. yii\authclient\BaseClient
restoreAccessToken() Restores access token. yii\authclient\BaseOAuth
saveAccessToken() Saves token as persistent state. yii\authclient\BaseOAuth
sendRequest() Sends the given HTTP request, returning response data. yii\authclient\BaseOAuth
setState() Sets persistent state. yii\authclient\BaseClient

Property Details

$allowedJwsAlgorithms public property

JWS algorithms, which are allowed to be used. These are used by spomky-labs/jose library for JWS validation/decryption. Make sure spomky-labs/jose supports the particular algorithm before adding it here.

public array $allowedJwsAlgorithms = ['HS256''HS384''HS512''ES256''ES384''ES512''RS256''RS384''RS512''PS256''PS384''PS512']
$configParamsCacheKeyPrefix public property

The prefix for the key used to store \yii\authclient\configParams data in cache. Actual cache key will be formed addition \yii\authclient\id value to it.

See also \yii\authclient\cache.

public string $configParamsCacheKeyPrefix 'config-params-'
$issuerUrl public property

OpenID Issuer (provider) base URL, e.g. https://example.com.

public string $issuerUrl null
$scope public property

Auth request scope.

public string $scope 'openid'
$validateJws public property

Whether to validate/decrypt JWS received with Auth token. Note: this functionality requires spomky-labs/jose composer package to be installed. You can disable this option in case of usage of trusted OpenIDConnect provider, however this violates the protocol rules, so you are doing it on your own risk.

public boolean $validateJws true

Method Details

applyClientCredentialsToRequest() protected method

Applies client credentials (e.g. $clientId and $clientSecret) to the HTTP request instance.

This method should be invoked before sending any HTTP request, which requires client credentials.

protected void applyClientCredentialsToRequest ( $request )
$request \yii\httpclient\Request

HTTP request instance.

buildAuthUrl() public method

Composes user authorization URL.

public string buildAuthUrl ( array $params = [] )
$params array

Additional auth GET params.

return string

Authorization URL.

createToken() protected method

Creates token from its configuration.

protected yii\authclient\OAuthToken createToken ( array $tokenConfig = [] )
$tokenConfig array

Token configuration.

return yii\authclient\OAuthToken

Token instance.

defaultReturnUrl() protected method

Composes default \yii\authclient\returnUrl value.

protected string defaultReturnUrl ( )
return string

Return URL.

discoverConfig() protected method

Discovers OpenID Provider configuration parameters.

protected array discoverConfig ( )
return array

OpenID Provider configuration parameters.

throws yii\authclient\InvalidResponseException

on failure.

fetchAccessToken() public method

Fetches access token from authorization code.

public yii\authclient\OAuthToken fetchAccessToken ( $authCode, array $params = [] )
$authCode string

Authorization code, usually comes at GET parameter 'code'.

$params array

Additional request params.

return yii\authclient\OAuthToken

Access token.

throws \yii\web\HttpException

on invalid auth state in case \yii\authclient\enableStateValidation is enabled.

generateAuthNonce() protected method

Generates the auth nonce value.

protected string generateAuthNonce ( )
return string

Auth nonce value.

getCache() public method

public \yii\caching\Cache|null getCache ( )
return \yii\caching\Cache|null

The cache object, null - if not enabled.

getConfigParam() public method

Returns particular configuration parameter value.

public mixed getConfigParam ( $name )
$name string

Configuration parameter name.

return mixed

Configuration parameter value.

getConfigParams() public method

public array getConfigParams ( )
return array

OpenID provider configuration parameters.

getValidateAuthNonce() public method

public boolean getValidateAuthNonce ( )
return boolean

Whether to use and validate auth 'nonce' parameter in authentication flow.

initUserAttributes() protected method

Initializes authenticated user attributes.

protected array initUserAttributes ( )
return array

Auth user attributes.

loadJws() protected method

Decrypts/validates JWS, returning related data.

protected array loadJws ( $jws )
$jws string

Raw JWS input.

return array

JWS underlying data.

throws \yii\web\HttpException

on invalid JWS signature.

refreshAccessToken() public method

Gets new auth token to replace expired one.

public yii\authclient\OAuthToken refreshAccessToken ( yii\authclient\OAuthToken $token )
$token yii\authclient\OAuthToken

Expired auth token.

return yii\authclient\OAuthToken

New auth token.

setCache() public method

Sets up a component to be used for caching.

This can be one of the following:

  • an application component ID (e.g. cache)
  • a configuration array
  • a \yii\caching\Cache object

When null is passed, it means caching is not enabled.

public void setCache ( $cache )
$cache \yii\caching\Cache|array|string|null

The cache object or the ID of the cache application component.

setValidateAuthNonce() public method

public void setValidateAuthNonce ( $validateAuthNonce )
$validateAuthNonce boolean

Whether to use and validate auth 'nonce' parameter in authentication flow.