PHPackages archipro/silverstripe-wellknown - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Utility & Helpers](/categories/utility) 4. / 5. archipro/silverstripe-wellknown ActiveSilverstripe-vendormodule[Utility & Helpers](/categories/utility) archipro/silverstripe-wellknown =============================== Silverstripe CMS module for managing .well-known directory endpoints 0.0.0(7mo ago)028.4k↓16.3%BSD-3-ClausePHPPHP ^8.1CI passing Since Oct 17Pushed 7mo agoCompare [ Source](https://github.com/archiprocode/silverstripe-well-known)[ Packagist](https://packagist.org/packages/archipro/silverstripe-wellknown)[ RSS](/packages/archipro-silverstripe-wellknown/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (1)Dependencies (5)Versions (2)Used By (0) Silverstripe Well-Known Module ============================== [](#silverstripe-well-known-module) A Silverstripe CMS module for managing `.well-known/` directory endpoints. Comes with native providers forJSON Web Key Sets (JWKS) and security.txt files. Custom providers can be implemented with by implementing the [`WellKnownProvider`](src/Contracts/WellKnownProvider.php) interface. Requirements ------------ [](#requirements) - PHP 8.1 or higher - Silverstripe CMS 5.0 or higher Installation ------------ [](#installation) Install via Composer: ``` composer require archipro/silverstripe-wellknown ``` Configuration ------------- [](#configuration) ### Basic Setup [](#basic-setup) By default, no providers are registered. You can register providers via the YML config with Injector. ``` # _config/wellknown.yml SilverStripe\Core\Injector\Injector: Archipro\SilverstripeWellKnown\Controllers\WellKnownController: properties: providers: - '%$Archipro\SilverstripeWellKnown\Providers\SecurityProvider' Archipro\SilverstripeWellKnown\Providers\SecurityProvider: properties: contact: 'mailto:security@example.com' expires: '2025-12-31T23:59:59Z' ``` ### Cache Configuration [](#cache-configuration) There's a pre-defined cache. But you can customise it with the Injector. ``` # _config/cache.yml SilverStripe\Core\Injector\Injector: Psr\SimpleCache\CacheInterface.WellKnown: factory: SilverStripe\Core\Cache\CacheFactory constructor: namespace: 'WellKnown' defaultLifetime: 3600 ``` Built-in Providers ------------------ [](#built-in-providers) ### JSON Web Key Set (JWKS) Provider [](#json-web-key-set-jwks-provider) Serves JSON Web Key Sets at `/.well-known/jwks.json`: ``` SilverStripe\Core\Injector\Injector: Archipro\SilverstripeWellKnown\Providers\JsonWebKeySetProvider: properties: keys: - '%$YourCustomJsonWebKey' ``` Your "keys" must implement the [`JsonWebKey`](src/Contracts/JsonWebKey.php)interface. Since this is likely to be very specific to your exact use case, no native implementation is provided. ### Security Provider [](#security-provider) Serves security.txt files at `/.well-known/security.txt` per RFC 9116: ``` SilverStripe\Core\Injector\Injector: Archipro\SilverstripeWellKnown\Providers\SecurityProvider: properties: contact: 'mailto:security@example.com' expires: '2025-12-31T23:59:59Z' encryption: 'https://example.com/pgp-key.txt' acknowledgments: 'https://example.com/hall-of-fame.html' preferredLanguages: 'en, fr' canonical: 'https://example.com/.well-known/security.txt' policy: 'https://example.com/security-policy.html' hiring: 'https://example.com/jobs.html' ``` ### OpenID Configuration Provider [](#openid-configuration-provider) Serves OpenID Connect Discovery metadata at `/.well-known/openid-configuration`: This is a minimal implementation designed to allow third parties to validate JWTs by pointing them to your JWKS endpoint. It implements a subset of the OpenID Connect Discovery specification (OpenID Connect Discovery 1.0). ``` SilverStripe\Core\Injector\Injector: Archipro\SilverstripeWellKnown\Providers\OpenIdConfigurationProvider: constructor: issuer: 'https://api.archipro.co.nz' jwksUri: 'https://api.archipro.co.nz/.well-known/jwks.json' responseTypesSupported: ['token'] subjectTypesSupported: ['public'] idTokenSigningAlgValuesSupported: ['RS256'] # Register the provider Archipro\SilverstripeWellKnown\Controllers\WellKnownController: properties: providers: - '%$Archipro\SilverstripeWellKnown\Providers\JsonWebKeySetProvider' - '%$Archipro\SilverstripeWellKnown\Providers\SecurityProvider' - '%$Archipro\SilverstripeWellKnown\Providers\OpenIdConfigurationProvider' ``` **Supported Fields:** - `issuer` - The authorization server's issuer identifier (typically your API base URL) - `jwksUri` - URL to your JWKS endpoint - `responseTypesSupported` - Array of OAuth 2.0 response types supported - `subjectTypesSupported` - Array of subject identifier types supported - `idTokenSigningAlgValuesSupported` - Array of JWS signing algorithms supported All fields are optional and configured via constructor parameters through the Injector. Creating Custom Providers ------------------------- [](#creating-custom-providers) ### 1. Implement the WellKnownProvider Interface [](#1-implement-the-wellknownprovider-interface) ```