Class yii\authclient\OpenIdConnect

All Classes | Properties | Methods

Inheritance	yii\authclient\OpenIdConnect » yii\authclient\OAuth2 » yii\authclient\BaseOAuth » yii\authclient\BaseClient » yii\base\Component » yii\base\BaseObject
Implements	yii\authclient\ClientInterface, yii\base\Configurable
Available since version	2.1.3
Source Code	https://github.com/yiisoft/yii2-authclient/blob/master/OpenIdConnect.php

OpenIdConnect serves as a client for the OpenIdConnect flow.

Application configuration example:

'components' => [
    'authClientCollection' => [
        'class' => 'yii\authclient\Collection',
        'clients' => [
            'google' => [
                'class' => 'yii\authclient\OpenIdConnect',
                'issuerUrl' => 'https://accounts.google.com',
                'clientId' => 'google_client_id',
                'clientSecret' => 'google_client_secret',
                'name' => 'google',
                'title' => 'Google OpenID Connect',
            ],
        ],
    ]
    // ...
]

This class requires web-token/jwt-checker,web-token/jwt-key-mgmt, web-token/jwt-signature, web-token/jwt-signature-algorithm-hmac, web-token/jwt-signature-algorithm-ecdsa and web-token/jwt-signature-algorithm-rsa libraries to be installed for JWS verification. This can be done via composer:

composer require --prefer-dist "web-token/jwt-checker:>=1.0 <3.0" "web-token/jwt-signature:>=1.0 <3.0"
"web-token/jwt-signature:>=1.0 <3.0" "web-token/jwt-signature-algorithm-hmac:>=1.0 <3.0"
"web-token/jwt-signature-algorithm-ecdsa:>=1.0 <3.0" "web-token/jwt-signature-algorithm-rsa:>=1.0 <3.0"

Note: if you are using well-trusted OpenIdConnect provider, you may disable $validateJws, making installation of web-token library redundant, however it is not recommended as it violates the protocol specification.

Public Properties

Hide inherited properties

Property	Type	Description	Defined By
$accessToken	yii\authclient\OAuthToken	Auth token instance. Note that the type of this property differs in getter and setter. See getAccessToken() and setAccessToken() for details.	yii\authclient\BaseOAuth
$allowedJwsAlgorithms	array	JWS algorithms, which are allowed to be used.	yii\authclient\OpenIdConnect
$apiBaseUrl	string	API base URL.	yii\authclient\BaseOAuth
$authUrl	string	Authorize URL.	yii\authclient\BaseOAuth
$autoRefreshAccessToken	boolean	Whether to automatically perform 'refresh access token' request on expired access token.	yii\authclient\BaseOAuth
$behaviors	yii\base\Behavior[]	List of behaviors attached to this component. This property is read-only.	yii\base\Component
$cache	yii\caching\Cache\|null	The cache object, `null` - if not enabled. Note that the type of this property differs in getter and setter. See getCache() and setCache() for details.	yii\authclient\OpenIdConnect
$clientId	string	OAuth client ID.	yii\authclient\OAuth2
$clientSecret	string	OAuth client secret.	yii\authclient\OAuth2
$configParams	array	OpenID provider configuration parameters. This property is read-only.	yii\authclient\OpenIdConnect
$configParamsCacheKeyPrefix	string	The prefix for the key used to store $configParams data in cache.	yii\authclient\OpenIdConnect
$enablePkce	boolean	Whether to enable proof key for code exchange (PKCE) support and add a `code_challenge` and `code_verifier` to the auth request.	yii\authclient\OAuth2
$httpClient	yii\httpclient\Client	Internal HTTP client. Note that the type of this property differs in getter and setter. See getHttpClient() and setHttpClient() for details.	yii\authclient\BaseClient
$id	string	Service id.	yii\authclient\BaseClient
$issuerUrl	string	OpenID Issuer (provider) base URL, e.g. `https://example.	yii\authclient\OpenIdConnect
$name	string	Service name.	yii\authclient\BaseClient
$normalizeUserAttributeMap	array	Normalize user attribute map.	yii\authclient\BaseClient
$parametersToKeepInReturnUrl	array	List of the parameters to keep in default return url.	yii\authclient\BaseOAuth
$requestOptions	array	HTTP request options. This property is read-only.	yii\authclient\BaseClient
$returnUrl	string	Return URL.	yii\authclient\BaseOAuth
$scope	string	Auth request scope.	yii\authclient\OpenIdConnect
$signatureMethod	yii\authclient\signature\BaseMethod	Signature method instance. Note that the type of this property differs in getter and setter. See getSignatureMethod() and setSignatureMethod() for details.	yii\authclient\BaseOAuth
$stateStorage	yii\authclient\StateStorageInterface	Stage storage. Note that the type of this property differs in getter and setter. See getStateStorage() and setStateStorage() for details.	yii\authclient\BaseClient
$title	string	Service title.	yii\authclient\BaseClient
$tokenUrl	string	Token request URL endpoint.	yii\authclient\OAuth2
$userAttributes	array	List of user attributes.	yii\authclient\BaseClient
$validateAuthNonce	boolean	Whether to use and validate auth 'nonce' parameter in authentication flow.	yii\authclient\OpenIdConnect
$validateAuthState	boolean	Whether to use and validate auth 'state' parameter in authentication flow.	yii\authclient\OAuth2
$validateJws	boolean	Whether to validate/decrypt JWS received with Auth token.	yii\authclient\OpenIdConnect
$version	string	Protocol version.	yii\authclient\BaseOAuth
$viewOptions	array	View options in format: optionName => optionValue.	yii\authclient\BaseClient

Public Methods

Hide inherited methods

Method	Description	Defined By
__call()	Calls the named method which is not a class method.	yii\base\Component
__clone()	This method is called after the object is created by cloning an existing one.	yii\base\Component
__construct()	Constructor.	yii\base\BaseObject
__get()	Returns the value of a component property.	yii\base\Component
__isset()	Checks if a property is set, i.e. defined and not null.	yii\base\Component
__set()	Sets the value of a component property.	yii\base\Component
__unset()	Sets a component property to be null.	yii\base\Component
api()	Performs request to the OAuth API returning response data.	yii\authclient\BaseOAuth
applyAccessTokenToRequest()	Applies access token to the HTTP request instance.	yii\authclient\OpenIdConnect
attachBehavior()	Attaches a behavior to this component.	yii\base\Component
attachBehaviors()	Attaches a list of behaviors to the component.	yii\base\Component
authenticateClient()	Authenticate OAuth client directly at the provider without third party (user) involved, using 'client_credentials' grant type.	yii\authclient\OAuth2
authenticateUser()	Authenticates user directly by 'username/password' pair, using 'password' grant type.	yii\authclient\OAuth2
authenticateUserJwt()	Authenticates user directly using JSON Web Token (JWT).	yii\authclient\OAuth2
beforeApiRequestSend()	Handles yii\httpclient\Request::EVENT_BEFORE_SEND event.	yii\authclient\BaseOAuth
behaviors()	Returns a list of behaviors that this component should behave as.	yii\base\Component
buildAuthUrl()	Composes user authorization URL.	yii\authclient\OpenIdConnect
canGetProperty()	Returns a value indicating whether a property can be read.	yii\base\Component
canSetProperty()	Returns a value indicating whether a property can be set.	yii\base\Component
className()	Returns the fully qualified name of this class.	yii\base\BaseObject
createApiRequest()	Creates an HTTP request for the API call.	yii\authclient\BaseOAuth
createRequest()	Creates HTTP request instance.	yii\authclient\BaseClient
detachBehavior()	Detaches a behavior from the component.	yii\base\Component
detachBehaviors()	Detaches all behaviors from the component.	yii\base\Component
ensureBehaviors()	Makes sure that the behaviors declared in behaviors() are attached to this component.	yii\base\Component
fetchAccessToken()	Fetches access token from authorization code.	yii\authclient\OpenIdConnect
getAccessToken()		yii\authclient\BaseOAuth
getBehavior()	Returns the named behavior object.	yii\base\Component
getBehaviors()	Returns all behaviors attached to this component.	yii\base\Component
getCache()		yii\authclient\OpenIdConnect
getConfigParam()	Returns particular configuration parameter value.	yii\authclient\OpenIdConnect
getConfigParams()		yii\authclient\OpenIdConnect
getHttpClient()	Returns HTTP client.	yii\authclient\BaseClient
getId()		yii\authclient\ClientInterface
getName()		yii\authclient\ClientInterface
getNormalizeUserAttributeMap()		yii\authclient\BaseClient
getRequestOptions()		yii\authclient\BaseClient
getReturnUrl()		yii\authclient\BaseOAuth
getSignatureMethod()		yii\authclient\BaseOAuth
getStateStorage()		yii\authclient\BaseClient
getTitle()		yii\authclient\ClientInterface
getUserAttributes()		yii\authclient\ClientInterface
getValidateAuthNonce()		yii\authclient\OpenIdConnect
getViewOptions()		yii\authclient\ClientInterface
hasEventHandlers()	Returns a value indicating whether there is any handler attached to the named event.	yii\base\Component
hasMethod()	Returns a value indicating whether a method is defined.	yii\base\Component
hasProperty()	Returns a value indicating whether a property is defined for this component.	yii\base\Component
init()	Initializes the object.	yii\base\BaseObject
off()	Detaches an existing event handler from this component.	yii\base\Component
on()	Attaches an event handler to an event.	yii\base\Component
refreshAccessToken()	Gets new auth token to replace expired one.	yii\authclient\OpenIdConnect
setAccessToken()	Sets access token to be used.	yii\authclient\BaseOAuth
setCache()	Sets up a component to be used for caching.	yii\authclient\OpenIdConnect
setHttpClient()	Sets HTTP client to be used.	yii\authclient\BaseOAuth
setId()		yii\authclient\ClientInterface
setName()		yii\authclient\ClientInterface
setNormalizeUserAttributeMap()		yii\authclient\BaseClient
setRequestOptions()		yii\authclient\BaseClient
setReturnUrl()		yii\authclient\BaseOAuth
setSignatureMethod()	Set signature method to be used.	yii\authclient\BaseOAuth
setStateStorage()		yii\authclient\BaseClient
setTitle()		yii\authclient\ClientInterface
setUserAttributes()		yii\authclient\BaseClient
setValidateAuthNonce()		yii\authclient\OpenIdConnect
setViewOptions()		yii\authclient\BaseClient
trigger()	Triggers an event.	yii\base\Component

Protected Methods

Hide inherited methods

Method	Description	Defined By
applyClientCredentialsToRequest()	Applies client credentials (e.g. $clientId and $clientSecret) to the HTTP request instance.	yii\authclient\OpenIdConnect
composeUrl()	Composes URL from base URL and GET params.	yii\authclient\BaseOAuth
createHttpClient()	Creates HTTP client instance from reference or configuration.	yii\authclient\BaseOAuth
createSignatureMethod()	Creates signature method instance from its configuration.	yii\authclient\BaseOAuth
createToken()	Creates token from its configuration.	yii\authclient\OpenIdConnect
defaultName()	Generates service name.	yii\authclient\BaseClient
defaultNormalizeUserAttributeMap()	Returns the default $normalizeUserAttributeMap value.	yii\authclient\BaseClient
defaultRequestOptions()	Returns default HTTP request options.	yii\authclient\BaseOAuth
defaultReturnUrl()	Composes default $returnUrl value.	yii\authclient\BaseOAuth
defaultTitle()	Generates service title.	yii\authclient\BaseClient
defaultViewOptions()	Returns the default $viewOptions value.	yii\authclient\BaseClient
discoverConfig()	Discovers OpenID Provider configuration parameters.	yii\authclient\OpenIdConnect
generateAuthNonce()	Generates the auth nonce value.	yii\authclient\OpenIdConnect
generateAuthState()	Generates the auth state value.	yii\authclient\OAuth2
getJwkSet()	Return JwkSet, returning related data.	yii\authclient\OpenIdConnect
getJwsLoader()	Return JWSLoader that validate the JWS token.	yii\authclient\OpenIdConnect
getState()	Returns persistent state value.	yii\authclient\BaseClient
getStateKeyPrefix()	Returns session key prefix, which is used to store internal states.	yii\authclient\BaseClient
initUserAttributes()	Initializes authenticated user attributes.	yii\authclient\OpenIdConnect
loadJws()	Decrypts/validates JWS, returning related data.	yii\authclient\OpenIdConnect
normalizeUserAttributes()	Normalize given user attributes according to $normalizeUserAttributeMap.	yii\authclient\BaseClient
removeState()	Removes persistent state value.	yii\authclient\BaseClient
restoreAccessToken()	Restores access token.	yii\authclient\BaseOAuth
saveAccessToken()	Saves token as persistent state.	yii\authclient\BaseOAuth
sendRequest()	Sends the given HTTP request, returning response data.	yii\authclient\BaseOAuth
setState()	Sets persistent state.	yii\authclient\BaseClient
validateClaims()	Validates the claims data received from OpenID provider.	yii\authclient\OpenIdConnect

Property Details

$allowedJwsAlgorithms public property

JWS algorithms, which are allowed to be used. These are used by web-token library for JWS validation/decryption. Make sure to install web-token/jwt-signature-algorithm-hmac, web-token/jwt-signature-algorithm-ecdsa and web-token/jwt-signature-algorithm-rsa packages that support the particular algorithm before adding it here.

public array $allowedJwsAlgorithms = ['HS256', 'HS384', 'HS512', 'ES256', 'ES384', 'ES512', 'RS256', 'RS384', 'RS512', 'PS256', 'PS384', 'PS512']

$cache public property

The cache object, null - if not enabled. Note that the type of this property differs in getter and setter. See getCache() and setCache() for details.

public yii\caching\Cache|null $cache = null

$configParams public property

OpenID provider configuration parameters. This property is read-only.

public array $configParams = null

$configParamsCacheKeyPrefix public property

The prefix for the key used to store $configParams data in cache. Actual cache key will be formed addition $id value to it.

Method Details

applyAccessTokenToRequest() public method (available since version 2.1)

Applies access token to the HTTP request instance.

public void applyAccessTokenToRequest ( $request, $accessToken )
$request	yii\httpclient\Request	HTTP request instance.
$accessToken	yii\authclient\OAuthToken	Access token instance.

applyClientCredentialsToRequest() protected method (available since version 2.1.3)

Applies client credentials (e.g. $clientId and $clientSecret) to the HTTP request instance.

This method should be invoked before sending any HTTP request, which requires client credentials.

protected void applyClientCredentialsToRequest ( $request )
$request	yii\httpclient\Request	HTTP request instance.

buildAuthUrl() public method

Composes user authorization URL.

public string buildAuthUrl ( array $params = [] )
$params	array	Additional auth GET params.
return	string	Authorization URL.

createToken() protected method

Creates token from its configuration.

protected yii\authclient\OAuthToken createToken ( array $tokenConfig = [] )
$tokenConfig	array	Token configuration.
return	yii\authclient\OAuthToken	Token instance.

discoverConfig() protected method

Discovers OpenID Provider configuration parameters.

protected array discoverConfig ( )
return	array	OpenID Provider configuration parameters.
throws	yii\authclient\InvalidResponseException	on failure.

fetchAccessToken() public method

Fetches access token from authorization code.

public yii\authclient\OAuthToken fetchAccessToken ( $authCode, array $params = [] )
$authCode	string	Authorization code, usually comes at GET parameter 'code'.
$params	array	Additional request params.
return	yii\authclient\OAuthToken	Access token.
throws	yii\web\HttpException	on invalid auth state in case enableStateValidation is enabled.

generateAuthNonce() protected method

Generates the auth nonce value.

protected string generateAuthNonce ( )
return	string	Auth nonce value.

getCache() public method

public yii\caching\Cache\|null getCache ( )
return	yii\caching\Cache\|null	The cache object, `null` - if not enabled.

getConfigParam() public method

Returns particular configuration parameter value.

public mixed getConfigParam ( $name )
$name	string	Configuration parameter name.
return	mixed	Configuration parameter value.

getConfigParams() public method

public array getConfigParams ( )
return	array	OpenID provider configuration parameters.

getJwkSet() protected method

Return JwkSet, returning related data.

protected \yii\authclient\JWKSet getJwkSet ( )
return	\yii\authclient\JWKSet	Object represents a key set.
throws	yii\authclient\InvalidResponseException	on failure.

getJwsLoader() protected method

Return JWSLoader that validate the JWS token.

protected \Jose\Component\Signature\JWSLoader getJwsLoader ( )
return	\Jose\Component\Signature\JWSLoader	To do token validation.
throws	yii\base\InvalidConfigException	on invalid algorithm provide in configuration.

getValidateAuthNonce() public method

public boolean getValidateAuthNonce ( )
return	boolean	Whether to use and validate auth 'nonce' parameter in authentication flow.

initUserAttributes() protected method

Initializes authenticated user attributes.

protected array initUserAttributes ( )
return	array	Auth user attributes.

loadJws() protected method

Decrypts/validates JWS, returning related data.

protected array loadJws ( $jws )
$jws	string	Raw JWS input.
return	array	JWS underlying data.
throws	yii\web\HttpException	on invalid JWS signature.

refreshAccessToken() public method

Gets new auth token to replace expired one.

public yii\authclient\OAuthToken refreshAccessToken ( yii\authclient\OAuthToken $token )
$token	yii\authclient\OAuthToken	Expired auth token.
return	yii\authclient\OAuthToken	New auth token.

setCache() public method

Sets up a component to be used for caching.

This can be one of the following:

an application component ID (e.g. cache)
a configuration array
a yii\caching\Cache object

When null is passed, it means caching is not enabled.

public void setCache ( $cache )
$cache	yii\caching\Cache\|array\|string\|null	The cache object or the ID of the cache application component.

setValidateAuthNonce() public method

public void setValidateAuthNonce ( $validateAuthNonce )
$validateAuthNonce	boolean	Whether to use and validate auth 'nonce' parameter in authentication flow.

validateClaims() protected method (available since version 2.2.3)

Validates the claims data received from OpenID provider.

protected void validateClaims ( array $claims )
$claims	array	Claims data.
throws	yii\web\HttpException	on invalid claims.