PHPackages                             juliuspc/openid-connect-php - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. juliuspc/openid-connect-php

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

juliuspc/openid-connect-php
===========================

OpenID Connect client

v1.2.0(2y ago)714.5k↓47.8%2[8 issues](https://github.com/JuliusPC/OpenID-Connect-PHP/issues)Apache-2.0PHPPHP &gt;=7.3

Since Mar 4Pushed 2y ago3 watchersCompare

[ Source](https://github.com/JuliusPC/OpenID-Connect-PHP)[ Packagist](https://packagist.org/packages/juliuspc/openid-connect-php)[ RSS](/packages/juliuspc-openid-connect-php/feed)WikiDiscussions main Synced 2d ago

READMEChangelog (6)Dependencies (5)Versions (25)Used By (0)

PHP OpenID Connect Client
=========================

[](#php-openid-connect-client)

A simple library that allows an application to authenticate a user through the basic OpenID Connect flow. This library hopes to encourage OpenID Connect use by making it simple enough for a developer with little knowledge of the OpenID Connect protocol to setup authentication.

This library is a fork of [jumbojett/OpenID-Connect-PHP](https://github.com/jumbojett/OpenID-Connect-PHP), which seems to be discontinued. For progress being made on fixing bugs of the original library [see this wiki page](https://github.com/JuliusPC/OpenID-Connect-PHP/wiki/Progress-on-fixing-upstream-issues).

Supported Specifications
------------------------

[](#supported-specifications)

- [OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-core-1_0.html)
- [OpenID Connect Discovery 1.0](https://openid.net/specs/openid-connect-discovery-1_0.html) ([finding the issuer is missing](https://github.com/jumbojett/OpenID-Connect-PHP/issues/2))
- [OpenID Connect RP-Initiated Logout 1.0 - draft 01](https://openid.net/specs/openid-connect-rpinitiated-1_0.html)
- [OpenID Connect Dynamic Client Registration 1.0](https://openid.net/specs/openid-connect-registration-1_0.html)
- [RFC 6749: The OAuth 2.0 Authorization Framework](https://tools.ietf.org/html/rfc6749)
- [RFC 7009: OAuth 2.0 Token Revocation](https://tools.ietf.org/html/rfc7009)
- [RFC 7636: Proof Key for Code Exchange by OAuth Public Clients](https://tools.ietf.org/html/rfc7636)
- [RFC 7662: OAuth 2.0 Token Introspection](https://tools.ietf.org/html/rfc7662)
- [RFC 8693: OAuth 2.0 Token Exchange](https://tools.ietf.org/html/rfc8693)
- [Draft: OAuth 2.0 Authorization Server Issuer Identifier in Authorization Response](https://tools.ietf.org/html/draft-ietf-oauth-iss-auth-resp-00)

Requirements
------------

[](#requirements)

1. PHP 7.3 or greater
2. JSON extension

Install
-------

[](#install)

1. Install library using composer

```
composer require juliuspc/openid-connect-php

```

2. Include composer autoloader

```
require __DIR__ . '/vendor/autoload.php';
```

Example 1: Basic Client
-----------------------

[](#example-1-basic-client)

This example uses the Authorization Code flow and will also use PKCE if the OpenID Provider announces it in his Discovery document. If you are not sure, which flow you should choose: This one is the way to go. It is the most secure and versatile flow.

```
use JuliusPC\OpenIDConnect\Client;

$oidc = new Client('https://id.example.com',
                                'ClientIDHere',
                                'ClientSecretHere');
$oidc->authenticate();
$name = $oidc->requestUserInfo('given_name');
```

[See OpenID Connect spec for available user attributes](https://openid.net/specs/openid-connect-basic-1_0-15.html#id_res)

Example 2: Dynamic Registration
-------------------------------

[](#example-2-dynamic-registration)

```
use JuliusPC\OpenIDConnect\Client;

$oidc = new Client("https://id.example.com");

$oidc->register();
$client_id = $oidc->getClientID();
$client_secret = $oidc->getClientSecret();

// Be sure to add logic to store the client id and client secret
```

Example 3: Network and Security
-------------------------------

[](#example-3-network-and-security)

```
// Configure a proxy
$oidc->setHttpProxy("http://my.proxy.example.net:80/");

// Configure a cert
// If we omit this, the OS’ default cert bundle will be used
$oidc->setCertPath("/path/to/my.cert");
```

Example 4: Request Client Credentials Token
-------------------------------------------

[](#example-4-request-client-credentials-token)

```
use JuliusPC\OpenIDConnect\Client;

$oidc = new Client('https://id.example.com',
                                'ClientIDHere',
                                'ClientSecretHere');
$oidc->providerConfigParam(array('token_endpoint'=>'https://id.example.com/connect/token'));
$oidc->addScope('my_scope');

// this assumes success (to validate check if the access_token property is there and a valid JWT) :
$clientCredentialsToken = $oidc->requestClientCredentialsToken()->access_token;
```

Example 5: Basic client for Implicit Flow
-----------------------------------------

[](#example-5-basic-client-for-implicit-flow)

The [Implicit Flow](https://openid.net/specs/openid-connect-core-1_0.html#ImplicitFlowAuth) should be considered a legacy flow and not used if authorization code grant can be used. Due to its disadvantages and poor security, the implicit flow will be obsoleted with the upcoming OAuth 2.1 standard. See Example 1 for alternatives.

```
use JuliusPC\OpenIDConnect\Client;

$oidc = new Client('https://id.example.com',
                                'ClientIDHere',
                                'ClientSecretHere');
$oidc->setResponseTypes(array('id_token'));
$oidc->addScope(array('openid'));
$oidc->setAllowImplicitFlow(true);
$oidc->addAuthParam(array('response_mode' => 'form_post'));
$oidc->authenticate();
$sub = $oidc->getVerifiedClaims('sub');
```

Example 6: Introspection of an access token
-------------------------------------------

[](#example-6-introspection-of-an-access-token)

Introspection as defined in [RFC 7662](https://tools.ietf.org/html/rfc7662) is intended to get information about the token without needing to parse it. Especially in case of so called reference token, which are random strings and do not contain information.

```
use JuliusPC\OpenIDConnect\Client;

$oidc = new Client('https://id.example.com',
                                'ClientIDHere',
                                'ClientSecretHere');
$data = $oidc->introspectToken('an.access-token.as.given');
if (!$data->active) {
    // the token is no longer usable
}
```

Example 7: PKCE Client
----------------------

[](#example-7-pkce-client)

PKCE is already configured used in most szenarios in Example 1. This example shows two special things:

1. You may omit the client secret, if your OpenID Provider allows you to do so and if it is really needed for your use case. This is a rare use case, since PHP applications are typically confidential OAuth clients and thus don’t leak a client secret.
2. Explicitly setting the Code Challenge Method via `setCodeChallengeMethod()`. This enables PKCE in case your OpenID Provider doesn’t announce support for it in the discovery document, but supports it anyway.

```
use JuliusPC\OpenIDConnect\Client;

$oidc = new Client('https://id.example.com',
                                'ClientIDHere',
                                'ClientSecret'); // you may obmit the client secret
// for some reason we want to set S256 explicitly as Code Challenge Method
// maybe your OP doesn’t announce support for PKCE in its discovery document
$oidc->setCodeChallengeMethod('S256');
$oidc->authenticate();
$name = $oidc->requestUserInfo('given_name');
```

Development Environments
------------------------

[](#development-environments)

In some cases you may need to disable TLS certificate validation on on your development systems. Note: This is **not** recommended on production systems.

```
$oidc->setVerifyPeer(false);
```

Unit Tests
----------

[](#unit-tests)

Run the unit tests:

`./vendor/bin/phpunit tests`

Generate a code coverage report (open html/index.html in a browser to view results):

`XDEBUG_MODE=coverage ./vendor/bin/phpunit --coverage-html html tests/`

Note: You may need to install [Xdebug](https://xdebug.org/) to make this work.

Todo
----

[](#todo)

- Dynamic registration does not support registration auth tokens and endpoints
- improving tests and test coverage of this library

Contributing
------------

[](#contributing)

- All pull requests, once merged, should be added to the CHANGELOG.md file.

###  Health Score

33

—

LowBetter than 72% of packages

Maintenance0

Infrequent updates — may be unmaintained

Popularity32

Limited adoption so far

Community23

Small or concentrated contributor base

Maturity68

Established project with proven stability

 Bus Factor1

Top contributor holds 50% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~161 days

Recently: every ~252 days

Total

19

Last Release

870d ago

Major Versions

v0.9.2 → v1.0.02021-04-19

PHP version history (3 changes)0.1.0PHP &gt;=5.2

0.3.0PHP &gt;=5.4

v1.2.0PHP &gt;=7.3

### Community

Maintainers

![](https://www.gravatar.com/avatar/7614db1251cf4bd34fdec7a7c329c57a126969af8ca87cb462b977034a367099?d=identicon)[JuliusPC](/maintainers/JuliusPC)

---

Top Contributors

[![jumbojett](https://avatars.githubusercontent.com/u/410057?v=4)](https://github.com/jumbojett "jumbojett (176 commits)")[![JuliusPC](https://avatars.githubusercontent.com/u/15018932?v=4)](https://github.com/JuliusPC "JuliusPC (64 commits)")[![DeepDiver1975](https://avatars.githubusercontent.com/u/1005065?v=4)](https://github.com/DeepDiver1975 "DeepDiver1975 (15 commits)")[![rasodu](https://avatars.githubusercontent.com/u/13222196?v=4)](https://github.com/rasodu "rasodu (9 commits)")[![radenui](https://avatars.githubusercontent.com/u/9445250?v=4)](https://github.com/radenui "radenui (9 commits)")[![kenguest](https://avatars.githubusercontent.com/u/234118?v=4)](https://github.com/kenguest "kenguest (7 commits)")[![morcs](https://avatars.githubusercontent.com/u/555420?v=4)](https://github.com/morcs "morcs (6 commits)")[![guss77](https://avatars.githubusercontent.com/u/381782?v=4)](https://github.com/guss77 "guss77 (5 commits)")[![baru](https://avatars.githubusercontent.com/u/688602?v=4)](https://github.com/baru "baru (5 commits)")[![jdreed](https://avatars.githubusercontent.com/u/4193101?v=4)](https://github.com/jdreed "jdreed (5 commits)")[![nikosev](https://avatars.githubusercontent.com/u/29930145?v=4)](https://github.com/nikosev "nikosev (4 commits)")[![corentingi](https://avatars.githubusercontent.com/u/3458976?v=4)](https://github.com/corentingi "corentingi (4 commits)")[![adambartholomew](https://avatars.githubusercontent.com/u/324503?v=4)](https://github.com/adambartholomew "adambartholomew (3 commits)")[![bobvandevijver](https://avatars.githubusercontent.com/u/1835343?v=4)](https://github.com/bobvandevijver "bobvandevijver (3 commits)")[![JTubex](https://avatars.githubusercontent.com/u/5894935?v=4)](https://github.com/JTubex "JTubex (3 commits)")[![lordelph](https://avatars.githubusercontent.com/u/444004?v=4)](https://github.com/lordelph "lordelph (3 commits)")[![n0nag0n](https://avatars.githubusercontent.com/u/2322095?v=4)](https://github.com/n0nag0n "n0nag0n (3 commits)")[![seth-xdam](https://avatars.githubusercontent.com/u/22687020?v=4)](https://github.com/seth-xdam "seth-xdam (3 commits)")[![stijnster](https://avatars.githubusercontent.com/u/27271?v=4)](https://github.com/stijnster "stijnster (3 commits)")[![mpospisil](https://avatars.githubusercontent.com/u/19650653?v=4)](https://github.com/mpospisil "mpospisil (2 commits)")

---

Tags

clientSSOoauth 2OpenID Connectoidcrfc7636rfc6749RFC7009RFC7662

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/juliuspc-openid-connect-php/health.svg)

```
[![Health](https://phpackages.com/badges/juliuspc-openid-connect-php/health.svg)](https://phpackages.com/packages/juliuspc-openid-connect-php)
```

###  Alternatives

[aws/aws-sdk-php

AWS SDK for PHP - Use Amazon Web Services in your PHP project

6.3k543.5M2.6k](/packages/aws-aws-sdk-php)[google/auth

Google Auth Library for PHP

1.4k294.2M219](/packages/google-auth)[civicrm/civicrm-core

Open source constituent relationship management for non-profits, NGOs and advocacy organizations.

751291.4k43](/packages/civicrm-civicrm-core)[eslazarev/wildberries-sdk

Wildberries OpenAPI clients (generated).

273.0k](/packages/eslazarev-wildberries-sdk)[shopware/platform

The Shopware e-commerce core

3.4k1.5M3](/packages/shopware-platform)[shopware/core

Shopware platform is the core for all Shopware ecommerce products.

585.6M572](/packages/shopware-core)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
