PHPackages leondg/oidc-client - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. leondg/oidc-client ActiveLibrary[Authentication & Authorization](/categories/authentication) leondg/oidc-client ================== 1.0.0(2mo ago)1514MITPHPPHP ^7.4 || ^8.0CI failing Since Feb 25Pushed 2mo ago2 watchersCompare [ Source](https://github.com/leondg/oidc-client)[ Packagist](https://packagist.org/packages/leondg/oidc-client)[ RSS](/packages/leondg-oidc-client/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (3)Dependencies (8)Versions (6)Used By (0) OpenID Connect (OIDC) Client ============================ [](#openid-connect-oidc-client) [![Latest Version on Packagist](https://camo.githubusercontent.com/c4e19cc71a038873d5fce16f589c404ad0f23b5323ce9ae9006182fcc1edb4be/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6c656f6e64672f6f6964632d636c69656e742e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/leondg/oidc-client)[![Software License](https://camo.githubusercontent.com/55c0218c8f8009f06ad4ddae837ddd05301481fcf0dff8e0ed9dadda8780713e/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d627269676874677265656e2e7376673f7374796c653d666c61742d737175617265)](LICENSE)[![Tests](https://github.com/leondg/oidc-client/workflows/Tests/badge.svg)](https://github.com/leondg/oidc-client/actions) A modern, robust OpenID Connect (OIDC) client for PHP, built on top of [The PHP League's OAuth 2.0 Client](https://oauth2-client.thephpleague.com/). This package automates OIDC discovery and provides seamless integration with any PSR-16 compatible cache. Features -------- [](#features) - **Automated Discovery:** Automatically fetch and parse OIDC configuration from `.well-known/openid-configuration`. - **Full Specification Support:** Support for over 30 metadata fields including logout, introspection, and revocation. - **Secure ID Token Validation:** Built-in JWT verification using JWKS and standard claim checks (`iss`, `aud`, `exp`, `nonce`). - **PSR-16 Caching:** Seamlessly cache discovery documents to eliminate redundant network requests. - **PKCE & Nonce:** Native support for Proof Key for Code Exchange and Nonce to prevent replay attacks. - **Efficient Resource Owner:** Initialize user profiles directly from ID Token claims without extra UserInfo API calls. - **Type-Safe:** Fully type-hinted and compatible with PHP ^7.4 || ^8.0. - **Extensible:** Based on `GenericProvider`, allowing for custom collaborator injection. Installation ------------ [](#installation) Install the package via Composer: ``` composer require leondg/oidc-client ``` Usage ----- [](#usage) ### Basic Example [](#basic-example) ``` use Leondg\Oidc\Client\Provider\WellKnownConfig; use Leondg\Oidc\Client\Provider\OpenIDConnectProvider; $discoverUri = 'https://auth.example.com/v2'; $clientId = 'your-client-id'; $clientSecret = 'your-client-secret'; $redirectUri = 'https://mywebsite.example.com/'; $scopes = ['openid', 'profile', 'email']; // 1. Fetch OIDC Configuration $config = WellKnownConfig::create($discoverUri); // 2. Initialize the Provider $provider = new OpenIDConnectProvider( $config, $clientId, $clientSecret, $redirectUri, $scopes ); // 3. Get Authorization URL (with Nonce) $nonce = bin2hex(random_bytes(16)); $_SESSION['oidc_nonce'] = $nonce; $authUrl = $provider->getAuthorizationUrl([ 'nonce' => $nonce ]); ``` ### Validating ID Tokens [](#validating-id-tokens) OIDC requires the validation of the ID Token (JWT) returned by the provider. This package handles signature verification (via JWKS) and standard claim checks (`iss`, `aud`, `exp`, `nonce`). You can also provide a `leeway` (in seconds) to account for clock skew between servers: ``` try { $idToken = $_POST['id_token']; // Or from token response $nonce = $_SESSION['oidc_nonce']; // Validate with 60 seconds leeway for clock skew $claims = $provider->validateIdToken($idToken, $nonce, 60); echo "Welcome, " . $claims->sub; } catch (\Exception $e) { // Token is invalid die($e->getMessage()); } ``` ### Efficient Resource Owner Retrieval [](#efficient-resource-owner-retrieval) In OIDC, the ID Token often contains all the user information you need. You can initialize the `OpenIDConnectResourceOwner` directly from the validated claims, avoiding an unnecessary network request to the UserInfo endpoint: ``` $claims = $provider->validateIdToken($idToken, $nonce); $user = $provider->getResourceOwnerFromIdToken($claims); echo $user->getEmail(); echo $user->getName(); ``` ### Logout (RP-Initiated) [](#logout-rp-initiated) Generate a logout URL for the user: ``` $logoutUrl = $provider->getLogoutUrl([ 'id_token_hint' => $idToken, 'post_logout_redirect_uri' => 'https://mywebsite.example.com/logout-callback' ]); // Redirect the user to $logoutUrl header('Location: ' . $logoutUrl); ``` ### With Caching (Recommended) [](#with-caching-recommended) To avoid fetching the OIDC configuration on every request, you can pass any PSR-16 `CacheInterface` implementation: ``` // Assuming $cache is an instance of Psr\SimpleCache\CacheInterface $config = WellKnownConfig::create($discoverUri, $cache, 3600); ``` ### With PKCE [](#with-pkce) ``` $provider = new OpenIDConnectProvider( $config, $clientId, $clientSecret, $redirectUri, $scopes, OpenIDConnectProvider::PKCE_METHOD_S256 ); ``` Testing ------- [](#testing) The package includes a comprehensive test suite. You can run the tests using PHPUnit: ``` composer test ``` Static Analysis --------------- [](#static-analysis) We use PHPStan for static analysis to ensure code quality: ``` composer analyze ``` License ------- [](#license) The MIT License (MIT). Please see [License File](LICENSE) for more information. ### Health Score 42 — FairBetter than 90% of packages Maintenance84 Actively maintained with recent releases Popularity15 Limited adoption so far Community8 Small or concentrated contributor base Maturity50 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~182 days Total 5 Last Release 84d ago Major Versions 0.2.0 → 1.0.02026-02-23 ### Community Maintainers ![](https://www.gravatar.com/avatar/7a908351f934c5bee7b44d1894a7c0e9dc8e33a4a0a1a2566d4bc69584177f4a?d=identicon)[leondg](/maintainers/leondg) --- Top Contributors [![leondg](https://avatars.githubusercontent.com/u/8178853?v=4)](https://github.com/leondg "leondg (16 commits)") ### Code Quality TestsPHPUnit Static AnalysisPHPStan Code StylePHP CS Fixer Type Coverage Yes ### Embed Badge ![Health badge](/badges/leondg-oidc-client/health.svg) ``` [![Health](https://phpackages.com/badges/leondg-oidc-client/health.svg)](https://phpackages.com/packages/leondg-oidc-client) ``` ### Alternatives [shopware/platform The Shopware e-commerce core 3.3k1.5M3](/packages/shopware-platform)[thenetworg/oauth2-azure Azure Active Directory OAuth 2.0 Client Provider for The PHP League OAuth2-Client 2509.6M48](/packages/thenetworg-oauth2-azure)[stevenmaguire/oauth2-keycloak Keycloak OAuth 2.0 Client Provider for The PHP League OAuth2-Client 2275.9M27](/packages/stevenmaguire-oauth2-keycloak)[web-auth/webauthn-lib FIDO2/Webauthn Support For PHP 1195.3M72](/packages/web-auth-webauthn-lib)[patrickbussmann/oauth2-apple Sign in with Apple OAuth 2.0 Client Provider for The PHP League OAuth2-Client 1132.5M6](/packages/patrickbussmann-oauth2-apple)[civicrm/civicrm-core Open source constituent relationship management for non-profits, NGOs and advocacy organizations. 728272.9k20](/packages/civicrm-civicrm-core) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)