PHPackages                             autisid/oidc-client - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. autisid/oidc-client

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

autisid/oidc-client
===================

OpenID Connect client

1.0.2(3y ago)0135Apache-2.0PHPPHP &gt;=8.0

Since Feb 3Pushed 3y ago1 watchersCompare

[ Source](https://github.com/autisid/oidc-client)[ Packagist](https://packagist.org/packages/autisid/oidc-client)[ RSS](/packages/autisid-oidc-client/feed)WikiDiscussions master Synced 2d ago

READMEChangelog (3)Dependencies (8)Versions (4)Used By (0)

PHP OpenID Connect Basic Client
===============================

[](#php-openid-connect-basic-client)

A simple library that allows an application to authenticate a user through the basic OpenID Connect flow. This library hopes to encourage OpenID Connect use by making it simple enough for a developer with little knowledge of the OpenID Connect protocol to setup authentication.

This package is a complete refactor of [JuliusPC/OpenID-Connect-PHP](https://github.com/JuliusPC/OpenID-Connect-PHP).

Supported Specifications
------------------------

[](#supported-specifications)

- [OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-core-1_0.html)
- [OpenID Connect Discovery 1.0](https://openid.net/specs/openid-connect-discovery-1_0.html) ([finding the issuer is missing](https://github.com/jumbojett/OpenID-Connect-PHP/issues/2))
- [OpenID Connect RP-Initiated Logout 1.0 - draft 01](https://openid.net/specs/openid-connect-rpinitiated-1_0.html)
- [OpenID Connect Dynamic Client Registration 1.0](https://openid.net/specs/openid-connect-registration-1_0.html)
- [RFC 6749: The OAuth 2.0 Authorization Framework](https://tools.ietf.org/html/rfc6749)
- [RFC 7009: OAuth 2.0 Token Revocation](https://tools.ietf.org/html/rfc7009)
- [RFC 7636: Proof Key for Code Exchange by OAuth Public Clients](https://tools.ietf.org/html/rfc7636)
- [RFC 7662: OAuth 2.0 Token Introspection](https://tools.ietf.org/html/rfc7662)
- [Draft: OAuth 2.0 Authorization Server Issuer Identifier in Authorization Response](https://tools.ietf.org/html/draft-ietf-oauth-iss-auth-resp-00)

Requirements
------------

[](#requirements)

1. PHP 8.1+
2. JSON extension
3. MBString extension
4. (Optional) One between GMP or BCMath extension to allow faster cipher key operations (for JWT; see [here](https://web-token.spomky-labs.com/introduction/pre-requisite) for more information)

Install
-------

[](#install)

Install using composer:

```
composer require autisid/oidc-client-php
```

Examples
--------

[](#examples)

### Example 1: Basic Client

[](#example-1-basic-client)

This example uses the Authorization Code flow and will also use PKCE if the OpenID Provider announces it in his Discovery document. If you are not sure, which flow you should choose: This one is the way to go. It is the most secure and versatile.

```
use Autisid\OpenIDConnect\Client;

$oidc = (new Client())
    ->providerUrl('https://id.example.com')
    ->clientId('ClientIDHere')
    ->clientSecret('ClientSecretHere')
$oidc->authenticate();
$name = $oidc->getUserInfo()->given_name;
```

[See OpenID Connect spec for available user attributes](https://openid.net/specs/openid-connect-basic-1_0-15.html#id_res)

### Example 2: Dynamic Registration

[](#example-2-dynamic-registration)

```
use Autisid\OpenIDConnect\Client;

$oidc = (new Client())
    ->providerUrl('https://id.example.com')

$oidc->register();
[$client_id, $client_secret] = $oidc->getClientCredentials();

// Be sure to add logic to store the client id and client secret
```

### Example 3: Network and Security

[](#example-3-network-and-security)

You should always use HTTPS for your application. If you are using a self-signed certificate, you can disable the SSL verification by calling the `verifySsl` method on the client and, if you have it, set a custom certificate with `certPath` method (this works only if verifySsl is set to false).

You can also setup a proxy via the `httpProxy`.

```
use Autisid\OpenIDConnect\Client;

$oidc = (new Client())
    ->providerUrl('https://id.example.com')
    ->clientId('ClientIDHere')
    ->clientSecret('ClientSecretHere')
    ->httpProxy('http://proxy.example.com:8080')
    ->certPath('path/to/cert.pem')
    ->verifySsl(false)
```

### Example 4: Implicit flow

[](#example-4-implicit-flow)

> Reference: [https://openid.net/specs/openid-connect-core-1\_0.html#ImplicitFlowAuth](https://openid.net/specs/openid-connect-core-1_0.html#ImplicitFlowAuth)

The implicit flow should be considered a legacy flow and not used if authorization code grant can be used. Due to its disadvantages and poor security, the implicit flow will be obsoleted with the upcoming OAuth 2.1 standard. See Example 1 for alternatives.

```
use Autisid\OpenIDConnect\Client;
use Autisid\OpenIDConnect\ResponseType;

$oidc = (new Client())
    ->providerUrl('https://id.example.com')
    ->clientId('ClientIDHere')
    ->clientSecret('ClientSecretHere')
    ->responseType(ResponseType::ID_TOKEN)
    ->allowImplicitFlow(true)
$oidc->authenticate();
$sub = $oidc->getUserInfo()->sub;
```

### Example 5: Introspection of an access token

[](#example-5-introspection-of-an-access-token)

> Reference:

```
use Autisid\OpenIDConnect\Client;

$oidc = (new Client())
    ->providerUrl('https://id.example.com')
    ->clientId('ClientIDHere')
    ->clientSecret('ClientSecretHere')

$data = $oidc->introspectToken('an.access-token.as.given');
if (!$data->get('active')) {
    // the token is no longer usable
}
```

### Example 6: PKCE Client

[](#example-6-pkce-client)

PKCE is already configured and used in most scenarios in Example 1. This example shows you how to explicitly set the Code Challenge Method in the initial config. This enables PKCE in case your OpenID Provider doesn’t announce support for it in the discovery document, but supports it anyway.

```
use Autisid\OpenIDConnect\Client;
use Autisid\OpenIDConnect\CodeChallengeMethod;

$oidc = (new Client())
    ->providerUrl('https://id.example.com')
    ->clientId('ClientIDHere')
    ->clientSecret('ClientSecretHere')
    // for some reason we want to set S256 explicitly as Code Challenge Method
    // maybe your OP doesn’t announce support for PKCE in its discovery document.
    ->codeChallengeMethod(CodeChallengeMethod::S256)

$oidc->authenticate();
$name = $oidc->getUserInfo()->given_name;
```

### Example 7: Token endpoint authentication method

[](#example-7-token-endpoint-authentication-method)

By default, only `client_secret_basic` is enabled on client side which was the only supported for a long time. Recently `client_secret_jwt` and `private_key_jwt` have been added, but they remain disabled until explicitly enabled.

```
use Autisid\OpenIDConnect\Client;
use Autisid\OpenIDConnect\TokenEndpointAuthMethod;

$oidc = (new Client())
    ->providerUrl('https://id.example.com')
    ->clientId('ClientIDHere')
    ->clientSecret('ClientSecretHere')
    ->endpoints(options: [
        'token_endpoint_auth_methods_supported' => [
            TokenEndpointAuthMethod::CLIENT_SECRET_BASIC,
            TokenEndpointAuthMethod::CLIENT_SECRET_JWT,
            TokenEndpointAuthMethod::PRIVATE_KEY_JWT,
        ],
    ]);
```

**Note: A JWT generator is not included in this library yet.**

Development Environments
------------------------

[](#development-environments)

Sometimes you may need to disable SSL security on your development systems. You can do it by calling the `verify` method with the `false` parameter. Note: This is not recommended on production systems.

```
use Autisid\OpenIDConnect\Client;

$oidc = (new Client())
    ->providerUrl('https://id.example.com')
    ->clientId('ClientIDHere')
    ->clientSecret('ClientSecretHere')
    ->verifySsl(false)
```

### Todo

[](#todo)

- Dynamic registration does not support registration auth tokens and endpoints

Contributing
------------

[](#contributing)

- All pull requests, once merged, should be added to the CHANGELOG.md file.

###  Health Score

25

—

LowBetter than 35% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity10

Limited adoption so far

Community4

Small or concentrated contributor base

Maturity53

Maturing project, gaining track record

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~19 days

Total

3

Last Release

1208d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/057e49c704ab9dc13ac3fe84ab050c5c53f5dde66679e6504cfa8d2b78bd70d6?d=identicon)[autisid](/maintainers/autisid)

---

Tags

clientSSOoauth 2OpenID Connectoidcrfc7636rfc6749RFC7009RFC7662

###  Code Quality

TestsPHPUnit

Code StylePHP CS Fixer

### Embed Badge

![Health badge](/badges/autisid-oidc-client/health.svg)

```
[![Health](https://phpackages.com/badges/autisid-oidc-client/health.svg)](https://phpackages.com/packages/autisid-oidc-client)
```

###  Alternatives

[league/oauth2-server

A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants. This library will allow you to secure your API with OAuth and allow your applications users to approve apps that want to access their data from your API.

6.7k147.0M289](/packages/league-oauth2-server)[scheb/2fa

Two-factor authentication for Symfony applications (please use scheb/2fa-bundle to install)

585684.2k1](/packages/scheb-2fa)[jeremy379/laravel-openid-connect

OpenID Connect support to the PHP League's OAuth2 Server. Compatible with Laravel Passport.

59437.0k9](/packages/jeremy379-laravel-openid-connect)[drenso/symfony-oidc-bundle

OpenID connect bundle for Symfony

95753.5k3](/packages/drenso-symfony-oidc-bundle)[amocrm/amocrm-api-library

amoCRM API Client

185798.9k6](/packages/amocrm-amocrm-api-library)[scheb/2fa-trusted-device

Extends scheb/2fa-bundle with trusted devices support

365.8M34](/packages/scheb-2fa-trusted-device)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
