PHPackages steverhoades/oauth2-openid-connect-server - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. steverhoades/oauth2-openid-connect-server ActiveLibrary[Authentication & Authorization](/categories/authentication) steverhoades/oauth2-openid-connect-server ========================================= An OpenID Connect Server that sites on The PHP League's OAuth2 Server v3.0.1(1y ago)2097.8M↓12.9%38[8 issues](https://github.com/steverhoades/oauth2-openid-connect-server/issues)[1 PRs](https://github.com/steverhoades/oauth2-openid-connect-server/pulls)10MITPHPPHP >=7.4CI failing Since Oct 14Pushed 1y ago19 watchersCompare [ Source](https://github.com/steverhoades/oauth2-openid-connect-server)[ Packagist](https://packagist.org/packages/steverhoades/oauth2-openid-connect-server)[ RSS](/packages/steverhoades-oauth2-openid-connect-server/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (10)Dependencies (4)Versions (21)Used By (10) OAuth 2.0 OpenID Connect Server =============================== [](#oauth-20-openid-connect-server) [![Build Status](https://camo.githubusercontent.com/855a6423ba3ca9d457c1d3ba42bac3ffa0780b5ced69adfef0cba8f9b4cf191c/68747470733a2f2f7472617669732d63692e6f72672f737465766572686f616465732f6f61757468322d6f70656e69642d636f6e6e6563742d7365727665722e7376673f6272616e63683d6d6173746572)](https://travis-ci.org/steverhoades/oauth2-openid-connect-server) [![Code Coverage](https://camo.githubusercontent.com/a1c27a50a40a98ae06662a9e84aa85dfb19960e870396a9a328e3d05e193042d/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f737465766572686f616465732f6f61757468322d6f70656e69642d636f6e6e6563742d7365727665722f6261646765732f636f7665726167652e706e673f623d6d6173746572)](https://scrutinizer-ci.com/g/steverhoades/oauth2-openid-connect-server/?branch=master) [![Scrutinizer Code Quality](https://camo.githubusercontent.com/a84154dcbb6c47b9bf4e039dfbf8c500f2fc04fd9701765cd46d2dbbe1ee1fd6/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f737465766572686f616465732f6f61757468322d6f70656e69642d636f6e6e6563742d7365727665722f6261646765732f7175616c6974792d73636f72652e706e673f623d6d6173746572)](https://scrutinizer-ci.com/g/steverhoades/oauth2-openid-connect-server/?branch=master) This implements the OpenID Connect specification on top of The PHP League's [OAuth2 Server](https://github.com/thephpleague/oauth2-server). Requirements ------------ [](#requirements) - Requires PHP version 7.4 or greater. - [league/oauth2-server](https://github.com/thephpleague/oauth2-server) 8.4.2 or greater. Note: league/oauth2-server version may have a higher PHP requirement. Usage ----- [](#usage) The following classes will need to be configured and passed to the AuthorizationServer in order to provide OpenID Connect functionality. 1. IdentityRepository. This MUST implement the OpenIDConnectServer\\Repositories\\IdentityProviderInterface and return the identity of the user based on the return value of $accessToken->getUserIdentifier(). 1. The IdentityRepository MUST return a UserEntity that implements the following interfaces 1. OpenIDConnectServer\\Entities\\ClaimSetInterface 2. League\\OAuth2\\Server\\Entities\\UserEntityInterface. 2. ClaimSet. ClaimSet is a way to associate claims to a given scope. 3. ClaimExtractor. The ClaimExtractor takes an array of ClaimSets and in addition provides default claims for the OpenID Connect specified scopes of: profile, email, phone and address. 4. IdTokenResponse. This class must be passed to the AuthorizationServer during construction and is responsible for adding the id\_token to the response. 5. ScopeRepository. The getScopeEntityByIdentifier($identifier) method must return a ScopeEntity for the `openid` scope in order to enable support. See examples. ### Example Configuration [](#example-configuration) ``` // Init Repositories $clientRepository = new ClientRepository(); $scopeRepository = new ScopeRepository(); $accessTokenRepository = new AccessTokenRepository(); $authCodeRepository = new AuthCodeRepository(); $refreshTokenRepository = new RefreshTokenRepository(); $privateKeyPath = 'file://' . __DIR__ . '/../private.key'; $publicKeyPath = 'file://' . __DIR__ . '/../public.key'; // OpenID Connect Response Type $responseType = new IdTokenResponse(new IdentityRepository(), new ClaimExtractor()); // Setup the authorization server $server = new \League\OAuth2\Server\AuthorizationServer( $clientRepository, $accessTokenRepository, $scopeRepository, $privateKey, $publicKey, $responseType ); $grant = new \League\OAuth2\Server\Grant\AuthCodeGrant( $authCodeRepository, $refreshTokenRepository, new \DateInterval('PT10M') // authorization codes will expire after 10 minutes ); $grant->setRefreshTokenTTL(new \DateInterval('P1M')); // refresh tokens will expire after 1 month // Enable the authentication code grant on the server $server->enableGrantType( $grant, new \DateInterval('PT1H') // access tokens will expire after 1 hour ); return $server; ``` After the server has been configured it should be used as described in the [OAuth2 Server documentation](https://oauth2.thephpleague.com/). UserEntity ---------- [](#userentity) In order for this library to work properly you will need to add your IdentityProvider to the IdTokenResponse object. This will be used internally to lookup a UserEntity by it's identifier. Additionally your UserEntity must implement the ClaimSetInterface which includes a single method getClaims(). The getClaims() method should return a list of attributes as key/value pairs that can be returned if the proper scope has been defined. ``` use League\OAuth2\Server\Entities\Traits\EntityTrait; use League\OAuth2\Server\Entities\UserEntityInterface; use OpenIDConnectServer\Entities\ClaimSetInterface; class UserEntity implements UserEntityInterface, ClaimSetInterface { use EntityTrait; protected $attributes; public function getClaims() { return $this->attributes; } } ``` ClaimSets --------- [](#claimsets) A ClaimSet is a scope that defines a list of claims. ``` // Example of the profile ClaimSet $claimSet = new ClaimSetEntity('profile', [ 'name', 'family_name', 'given_name', 'middle_name', 'nickname', 'preferred_username', 'profile', 'picture', 'website', 'gender', 'birthdate', 'zoneinfo', 'locale', 'updated_at' ]); ``` As you can see from the above, profile lists a set of claims that can be extracted from our UserEntity if the profile scope is included with the authorization request. ### Adding Custom ClaimSets [](#adding-custom-claimsets) At some point you will likely want to include your own group of custom claims. To do this you will need to create a ClaimSetEntity, give it a scope (the value you will include in the scope parameter of your OAuth2 request) and the list of claims it supports. ``` $extractor = new ClaimExtractor(); // Create your custom scope $claimSet = new ClaimSetEntity('company', [ 'company_name', 'company_phone', 'company_address' ]); // Add it to the ClaimExtract (this is what you pass to IdTokenResponse, see configuration above) $extractor->addClaimSet($claimSet); ``` Now, when you pass the company scope with your request it will attempt to locate those properties from your UserEntity::getClaims(). Install ------- [](#install) Via Composer ``` $ composer require steverhoades/oauth2-openid-connect-server ``` Testing ------- [](#testing) To run the unit tests you will need to require league/oauth2-server from the source as this repository utilizes some of their existing test infrastructure. ``` $ composer require league/oauth2-server --prefer-source ``` Run PHPUnit from the root directory: ``` $ vendor/bin/phpunit ``` License ------- [](#license) The MIT License (MIT). Please see [License File](https://github.com/steverhoades/oauth2-openid-connect-client/blob/master/LICENSE) for more information. ### Health Score 54 — FairBetter than 97% of packages Maintenance34 Infrequent updates — may be unmaintained Popularity63 Solid adoption and visibility Community36 Small or concentrated contributor base Maturity72 Established project with proven stability Bus Factor1 Top contributor holds 57% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~181 days Recently: every ~154 days Total 17 Last Release 599d ago Major Versions v0.3.0 → v1.0.02018-05-21 v1.3.0 → v2.0.02021-04-03 v2.6.1 → v3.0.02024-09-24 ### Community Maintainers ![](https://www.gravatar.com/avatar/a55929c1962074212d523f8a014504d12e7271ff17b52fcfc33dbc37c616a58e?d=identicon)[SteveRhoades](/maintainers/SteveRhoades) --- Top Contributors [![steverhoades](https://avatars.githubusercontent.com/u/1146668?v=4)](https://github.com/steverhoades "steverhoades (61 commits)")[![tjveldhuizen](https://avatars.githubusercontent.com/u/779998?v=4)](https://github.com/tjveldhuizen "tjveldhuizen (10 commits)")[![stof](https://avatars.githubusercontent.com/u/439401?v=4)](https://github.com/stof "stof (7 commits)")[![Richard87](https://avatars.githubusercontent.com/u/5749715?v=4)](https://github.com/Richard87 "Richard87 (6 commits)")[![BusterNeece](https://avatars.githubusercontent.com/u/6744885?v=4)](https://github.com/BusterNeece "BusterNeece (5 commits)")[![fpicalausa](https://avatars.githubusercontent.com/u/2117814?v=4)](https://github.com/fpicalausa "fpicalausa (4 commits)")[![sgomez](https://avatars.githubusercontent.com/u/580701?v=4)](https://github.com/sgomez "sgomez (4 commits)")[![takamichi](https://avatars.githubusercontent.com/u/1865622?v=4)](https://github.com/takamichi "takamichi (3 commits)")[![xterr](https://avatars.githubusercontent.com/u/619509?v=4)](https://github.com/xterr "xterr (1 commits)")[![DarthLegiON](https://avatars.githubusercontent.com/u/11365194?v=4)](https://github.com/DarthLegiON "DarthLegiON (1 commits)")[![daserzw](https://avatars.githubusercontent.com/u/604473?v=4)](https://github.com/daserzw "daserzw (1 commits)")[![drjosephbaxter](https://avatars.githubusercontent.com/u/7721889?v=4)](https://github.com/drjosephbaxter "drjosephbaxter (1 commits)")[![francislavoie](https://avatars.githubusercontent.com/u/2111701?v=4)](https://github.com/francislavoie "francislavoie (1 commits)")[![rhertogh](https://avatars.githubusercontent.com/u/1292337?v=4)](https://github.com/rhertogh "rhertogh (1 commits)")[![ajimoti](https://avatars.githubusercontent.com/u/26599467?v=4)](https://github.com/ajimoti "ajimoti (1 commits)") ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/steverhoades-oauth2-openid-connect-server/health.svg) ``` [![Health](https://phpackages.com/badges/steverhoades-oauth2-openid-connect-server/health.svg)](https://phpackages.com/packages/steverhoades-oauth2-openid-connect-server) ``` ### Alternatives [tymon/jwt-auth JSON Web Token Authentication for Laravel and Lumen 11.5k49.1M350](/packages/tymon-jwt-auth)[php-open-source-saver/jwt-auth JSON Web Token Authentication for Laravel and Lumen 8359.8M53](/packages/php-open-source-saver-jwt-auth)[scheb/2fa Two-factor authentication for Symfony applications (please use scheb/2fa-bundle to install) 578630.7k1](/packages/scheb-2fa)[jeremy379/laravel-openid-connect OpenID Connect support to the PHP League's OAuth2 Server. Compatible with Laravel Passport. 55342.3k2](/packages/jeremy379-laravel-openid-connect)[patrickbussmann/oauth2-apple Sign in with Apple OAuth 2.0 Client Provider for The PHP League OAuth2-Client 1132.5M6](/packages/patrickbussmann-oauth2-apple)[nl.idaas/openid-server OpenID Connect server for PHP 47129.2k1](/packages/nlidaas-openid-server) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)