Composer
首页 包列表 提交包 常见问题 关于

承接 ones/oidc 相关项目开发

从需求分析到上线部署,全程专人跟进,保证项目质量与交付效率

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

ones/oidc

最新稳定版本:0.1.1

Composer 安装命令:

composer require ones/oidc

包简介

ONES OIDC Authentication Library

README 文档

README

Installation

composer require ones/oidc

Usage

Setup

<?php

require_once __DIR__ . '/../vendor/autoload.php';

use ones\oidc\OnesOidc;

$loginHint = "some.user@onesid1.org";
$resourceUri = "https://my-service.com";

try {
    // Create an instance of OnesOidc
    $oidc = new OnesOidc();

    // Get device properties
    $deviceProps = $oidc->get_device_properties(
        '/etc/px-device-identity/device.yml',         // Update path as needed
        '/root/.local/share/px-device-identity/private.pem'     // Update path as needed
    );

    // Get OpenID configuration
    $openidInfo = $oidc->get_openid_info($deviceProps['host']);

    // CONTINUE WITH 
    // - CIBA AUTHENTICATION
    // - OR AUTHENTICATION

} catch (Exception $e) {
    echo "Error: " . $e->getMessage() . "\n";
    exit(1);
}

?>

CIBA Authentication

<?php

// CONTINUE FROM SETUP

$result = $oidc->user_ciba_auth(
    $loginHint,
    $deviceProps['clientId'],
    $deviceProps['privateKey'],
    $openidInfo['providerMetadata'],
    $openidInfo['providerJwks'],
    $resourceUri,
    "Please authorize this request",
    "openid profile"
);

// Print result
echo "CIBA Authentication Result:\n";
echo json_encode($result, JSON_PRETTY_PRINT) . "\n";

// Test consent flow
$consentSettings = [
    'ones_auth_consent_content_first_name' => true,
    'ones_auth_consent_content_last_name' => true,
    'ones_auth_consent_content_email' => true,
    'ones_auth_consent_content_phone_number' => true
];

$consentReason = 'Requesting access';

$consentResult = $oidc->user_consent_flow(
    $result['access_token_content']['sub'],
    $deviceProps['clientId'],
    $deviceProps['privateKey'],
    $openidInfo['providerMetadata'],
    $resourceUri,
    $deviceProps['host'],
    $consentSettings,
    $consentReason
);

// Print consent flow result
echo "\nConsent Flow Result:\n";
echo json_encode($consentResult, JSON_PRETTY_PRINT) . "\n";

?>

All options for consent fields are:

[
    'ones_auth_consent_content_first_name' => true,
    'ones_auth_consent_content_last_name' => true,
    'ones_auth_consent_content_localized_first_name' => true,
    'ones_auth_consent_content_localized_last_name' => true,
    'ones_auth_consent_content_identity_document_number' => true,
    'ones_auth_consent_content_identity_document_issue_date' => true,
    'ones_auth_consent_content_identity_document_expiry_date' => true,
    'ones_auth_consent_content_date_of_birth' => true,
    'ones_auth_consent_content_email' => true,
    'ones_auth_consent_content_phone_number' => true
]

QR Authentication

<?php

// CONTINUE FROM SETUP

$qrSession = $oidc->make_qr_auth_session(
    $deviceProps['host'],
    $deviceProps['clientId'],
    $deviceProps['privateKey'],
    $openidInfo['providerMetadata'],
);

// Generate QR code
echo "\nPlease scan the QR code using your mobile device.\n";
echo "Session ID:   " . $qrSession['sessionId'] . "\n";
echo "Callback URL: " . $qrSession['cbUrl'] . " \n\n";

$authRequestId = null;

// Poll QR auth session until completion or timeout
echo "Polling QR Auth Session...\n";
while (true) {
    $result = $oidc->poll_qr_auth_session(
        $qrSession['sessionId'],
        $deviceProps['clientId'],
        $deviceProps['privateKey'],
        $openidInfo['providerMetadata'],
        // $openidInfo['providerJwks'],
        $resourceUri,
        $deviceProps['host'],
        "Please authorize this request",
        "openid profile"
    );

    if ($result && isset($result['authRequestId'])) {
        $authRequestId = $result['authRequestId'];
        break;
    }

    sleep(3);
}

// Poll CIBA status
echo "Polling CIBA Status with Auth Request ID: $authRequestId...\n";
while (true) {
    $result = $oidc->check_ciba_status_loop(
        $openidInfo['providerMetadata'],
        $openidInfo['providerJwks'],
        $authRequestId,
        $deviceProps['clientId'],
        $deviceProps['privateKey']
    );

    // when access_token is set, break the loop
    if ($result && isset($result['access_token'])) {
        echo "CIBA Authentication Result:\n";
        break;
    }

    sleep(3);
}

?>

Testing

Setup environment:

guix shell php
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
php composer-setup.php
php -r "unlink('composer-setup.php');"
php composer.phar install

Run CIBA test:

export OIDC_LOGIN_HINT="some.user@onesid1.org" && export OIDC_RESOURCE_URI="https://my-service.com" && php tests/test.php

Run QR test:

# Without consent
OIDC_RESOURCE_URI="https://my-service.com" php tests/test_qr.php

# With consent
OIDC_RESOURCE_URI=<"https://my-service.com"> INCLUDE_CONSENT=1 php tests/test_qr.php

统计信息

  • 总下载量: 2
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 0
  • 点击次数: 0
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 0
  • Watchers: 0
  • Forks: 0
  • 开发语言: PHP
访问仓库

其他信息

  • 授权协议: MIT
  • 更新时间: 2025-02-01