PHPackages                             ronvanderheijden/openid-connect - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. ronvanderheijden/openid-connect

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

ronvanderheijden/openid-connect
===============================

OpenID Connect support to the PHP League's OAuth2 Server. Compatible with Laravel Passport.

1.2.1(1y ago)61755.5k—8.6%17[3 issues](https://github.com/ronvanderheijden/openid-connect/issues)[2 PRs](https://github.com/ronvanderheijden/openid-connect/pulls)MITPHPPHP ^7.4|^8.0

Since Mar 16Pushed 1y ago2 watchersCompare

[ Source](https://github.com/ronvanderheijden/openid-connect)[ Packagist](https://packagist.org/packages/ronvanderheijden/openid-connect)[ Docs](https://github.com/ronvanderheijden/openid-connect)[ RSS](/packages/ronvanderheijden-openid-connect/feed)WikiDiscussions main Synced 1mo ago

READMEChangelog (9)Dependencies (10)Versions (11)Used By (0)

OpenID Connect
==============

[](#openid-connect)

OpenID Connect support to the PHP League's OAuth2 Server.

**Compatible with [Laravel Passport](https://laravel.com/docs/8.x/passport)!**

Requirements
------------

[](#requirements)

- Requires PHP version `^7.4|^8.0`.
- [lcobucci/jwt](https://github.com/lcobucci/jwt) version `^4.0`.
- [league/oauth2-server](https://github.com/thephpleague/oauth2-server) `^8.2`.

Installation
------------

[](#installation)

```
composer require ronvanderheijden/openid-connect
```

Keys
----

[](#keys)

To sign and encrypt the tokens, we need a private and a public key.

```
mkdir -m 700 -p tmp

openssl genrsa -out tmp/private.key 2048
openssl rsa -in tmp/private.key -pubout -out tmp/public.key

chmod 600 tmp/private.key
chmod 644 tmp/public.key
```

Example
-------

[](#example)

I recommend to [read this](https://oauth2.thephpleague.com/authorization-server/auth-code-grant/) first.

To enable OpenID Connect, follow these simple steps

```
$privateKeyPath = 'tmp/private.key';

$currentRequestService = new CurrentRequestService();
$currentRequestService->setRequest(ServerRequestFactory::fromGlobals());

// create the response_type
$responseType = new IdTokenResponse(
    new IdentityRepository(),
    new ClaimExtractor(),
    Configuration::forSymmetricSigner(
        new Sha256(),
        InMemory::file($privateKeyPath),
    ),
    $currentRequestService,
    $encryptionKey,
);

$server = new \League\OAuth2\Server\AuthorizationServer(
    $clientRepository,
    $accessTokenRepository,
    $scopeRepository,
    $privateKeyPath,
    $encryptionKey,
    // add the response_type
    $responseType,
);
```

Now when calling the `/authorize` endpoint, provide the `openid` scope to get an `id_token`.
Provide more scopes (e.g. `openid profile email`) to receive additional claims in the `id_token`.

For a complete implementation, visit [the OAuth2 Server example](https://github.com/ronvanderheijden/openid-connect/tree/main/example).

Nonce support
-------------

[](#nonce-support)

To prevent replay attacks, some clients can provide a "nonce" in the authorization request. If a client does so, the server MUST include back a `nonce` claim in the `id_token`.

To enable this feature, when registering an AuthCodeGrant, you need to use the `\OpenIDConnect\Grant\AuthCodeGrant`instead of `\League\OAuth2\Server\Grant\AuthCodeGrant`.

> !\[NOTE\] If you are using Laravel, the `AuthCodeGrant` is already registered for you by the service provider.

Laravel Passport
----------------

[](#laravel-passport)

You can use this package with Laravel Passport in 2 simple steps.

### 1.) add the service provider

[](#1-add-the-service-provider)

```
# config/app.php
'providers' => [
    /*
     * Package Service Providers...
     */
    OpenIDConnect\Laravel\PassportServiceProvider::class,
],
```

### 2.) create an entity

[](#2-create-an-entity)

Create an entity class in `app/Entities/` named `IdentityEntity` or `UserEntity`. This entity is used to collect the claims.

```
# app/Entities/IdentityEntity.php
namespace App\Entities;

use League\OAuth2\Server\Entities\Traits\EntityTrait;
use OpenIDConnect\Claims\Traits\WithClaims;
use OpenIDConnect\Interfaces\IdentityEntityInterface;

class IdentityEntity implements IdentityEntityInterface
{
    use EntityTrait;
    use WithClaims;

    /**
     * The user to collect the additional information for
     */
    protected User $user;

    /**
     * The identity repository creates this entity and provides the user id
     * @param mixed $identifier
     */
    public function setIdentifier($identifier): void
    {
        $this->identifier = $identifier;
        $this->user = User::findOrFail($identifier);
    }

    /**
     * When building the id_token, this entity's claims are collected
     */
    public function getClaims(): array
    {
        return [
            'email' => $this->user->email,
        ];
    }
}
```

### Publishing the config

[](#publishing-the-config)

In case you want to change the default scopes, add custom claim sets or change the repositories, you can publish the openid config using:

```
php artisan vendor:publish --tag=openid
```

### Discovery and JWKS

[](#discovery-and-jwks)

The Laravel Passport integration also provides:

- a discovery endpoint at `/.well-known/openid-configuration`.
- a JWKS endpoint at `/oauth/jwks`.

Those 2 endpoints are automatically added to the Laravel routes and can be disabled from the config (using the `openid.routes.discovery` and `openid.routes.jwks` keys).

Laravel Passport does not provide a `userinfo` endpoint by default. If you provide one, you can add it to the discovery document by naming the route `openid.userinfo`.

```
Route::get('/oauth/userinfo', 'YourController@userinfo')->middleware('xxx')->name('openid.userinfo');
```

Support
-------

[](#support)

Found a bug? Got a feature request? [Create an issue](https://github.com/ronvanderheijden/openid-connect/issues).

License
-------

[](#license)

OpenID Connect is open source and licensed under [the MIT licence](https://github.com/ronvanderheijden/openid-connect/blob/master/LICENSE.txt).

###  Health Score

46

—

FairBetter than 93% of packages

Maintenance32

Infrequent updates — may be unmaintained

Popularity53

Moderate usage in the ecosystem

Community17

Small or concentrated contributor base

Maturity64

Established project with proven stability

 Bus Factor1

Top contributor holds 55.2% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~153 days

Recently: every ~303 days

Total

9

Last Release

665d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/49e3179e6d067ba83ad78d957e50c79ea34fcc27a8f1debe27f53e34ec3bdfe9?d=identicon)[ronvanderheijden](/maintainers/ronvanderheijden)

---

Top Contributors

[![ronvanderheijden](https://avatars.githubusercontent.com/u/4101322?v=4)](https://github.com/ronvanderheijden "ronvanderheijden (16 commits)")[![moufmouf](https://avatars.githubusercontent.com/u/1290952?v=4)](https://github.com/moufmouf "moufmouf (11 commits)")[![ben-power](https://avatars.githubusercontent.com/u/16776374?v=4)](https://github.com/ben-power "ben-power (1 commits)")[![DellanX](https://avatars.githubusercontent.com/u/31318348?v=4)](https://github.com/DellanX "DellanX (1 commits)")

---

Tags

laraveloauth2passportOpenIdOpenID Connectoidc

###  Code Quality

TestsPHPUnit

Code StyleECS

### Embed Badge

![Health badge](/badges/ronvanderheijden-openid-connect/health.svg)

```
[![Health](https://phpackages.com/badges/ronvanderheijden-openid-connect/health.svg)](https://phpackages.com/packages/ronvanderheijden-openid-connect)
```

###  Alternatives

[jeremy379/laravel-openid-connect

OpenID Connect support to the PHP League's OAuth2 Server. Compatible with Laravel Passport.

55342.3k2](/packages/jeremy379-laravel-openid-connect)[simplesamlphp/simplesamlphp-module-oidc

A SimpleSAMLphp module adding support for the OpenID Connect protocol

5016.9k1](/packages/simplesamlphp-simplesamlphp-module-oidc)[facile-it/php-openid-client

OpenID (OIDC) Client

42592.7k7](/packages/facile-it-php-openid-client)[benbjurstrom/passport-custom-jwt-claims

Customize JWT claims in Laravel Passport access tokens

341.8k](/packages/benbjurstrom-passport-custom-jwt-claims)[authlete/authlete-laravel

Authlete Library for Laravel

4226.0k](/packages/authlete-authlete-laravel)[maicol07/laravel-oidc-client

OpenID Connect Client for Laravel

251.1k](/packages/maicol07-laravel-oidc-client)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)