Class yii\authclient\OpenIdConnect
| Inheritance | yii\authclient\OpenIdConnect » yii\authclient\OAuth2 » yii\authclient\BaseOAuth » yii\authclient\BaseClient » yii\base\Component |
|---|---|
| Implements | yii\authclient\ClientInterface |
| Available since extension's version | 2.1.3 |
| Source Code | https://github.com/yiisoft/yii2-authclient/blob/master/src/OpenIdConnect.php |
OpenIdConnect serves as a client for the OpenIdConnect flow.
Application configuration example:
'components' => [
'authClientCollection' => [
'class' => 'yii\authclient\Collection',
'clients' => [
'google' => [
'class' => 'yii\authclient\OpenIdConnect',
'issuerUrl' => 'https://accounts.google.com',
'clientId' => 'google_client_id',
'clientSecret' => 'google_client_secret',
'name' => 'google',
'title' => 'Google OpenID Connect',
],
],
]
// ...
]
This class requires spomky-labs/jose library to be installed for JWS verification. This can be done via composer:
composer require --prefer-dist "spomky-labs/jose:~5.0.6"
Note: if you are using well-trusted OpenIdConnect provider, you may disable $validateJws, making installation of
spomky-labs/jose library redundant, however it is not recommended as it violates the protocol specification.
See also:
Public Properties
Public Methods
Protected Methods
Property Details
JWS algorithms, which are allowed to be used.
These are used by spomky-labs/jose library for JWS validation/decryption.
Make sure spomky-labs/jose supports the particular algorithm before adding it here.
'HS256',
'HS384',
'HS512',
'ES256',
'ES384',
'ES512',
'RS256',
'RS384',
'RS512',
'PS256',
'PS384',
'PS512',
]
The cache object, null - if not enabled. Note that the type of this property
differs in getter and setter. See getCache() and setCache() for details.
OpenID provider configuration parameters. This property is read-only.
The prefix for the key used to store $configParams data in cache. Actual cache key will be formed addition $id value to it.
See also $cache.
OpenID Issuer (provider) base URL, e.g. https://example.com.
Whether to use and validate auth 'nonce' parameter in authentication flow.
Whether to validate/decrypt JWS received with Auth token.
Note: this functionality requires spomky-labs/jose composer package to be installed.
You can disable this option in case of usage of trusted OpenIDConnect provider, however this violates
the protocol rules, so you are doing it on your own risk.
Method Details
Defined in: yii\authclient\BaseOAuth::api()
Performs request to the OAuth API returning response data.
You may use createApiRequest() method instead, gaining more control over request execution.
See also createApiRequest().
| public array api ( $apiSubUrl, $method = 'GET', $data = [], $headers = [] ) | ||
| $apiSubUrl | string |
API sub URL, which will be append to $apiBaseUrl, or absolute API URL. |
| $method | string |
Request method. |
| $data | array|string |
Request data or content. |
| $headers | array |
Additional request headers. |
| return | array |
API response data. |
|---|---|---|
public function api($apiSubUrl, $method = 'GET', $data = [], $headers = [])
{
$request = $this->createApiRequest()
->setMethod($method)
->setUrl($apiSubUrl)
->addHeaders($headers);
if (!empty($data)) {
if (is_array($data)) {
$request->setData($data);
} else {
$request->setContent($data);
}
}
return $this->sendRequest($request);
}
Applies access token to the HTTP request instance.
| public void applyAccessTokenToRequest ( $request, $accessToken ) | ||
| $request | \yii\httpclient\Request |
HTTP request instance. |
| $accessToken | yii\authclient\OAuthToken |
Access token instance. |
public function applyAccessTokenToRequest($request, $accessToken)
{
// OpenID Connect requires bearer token auth for the user info endpoint
$request->getHeaders()->set('Authorization', 'Bearer ' . $accessToken->getToken());
}
Applies client credentials (e.g. $clientId and $clientSecret) to the HTTP request instance.
This method should be invoked before sending any HTTP request, which requires client credentials.
| protected void applyClientCredentialsToRequest ( $request ) | ||
| $request | \yii\httpclient\Request |
HTTP request instance. |
protected function applyClientCredentialsToRequest($request)
{
$supportedAuthMethods = $this->getConfigParam('token_endpoint_auth_methods_supported');
if (in_array('client_secret_basic', $supportedAuthMethods)) {
$request->addHeaders([
'Authorization' => 'Basic ' . base64_encode($this->clientId . ':' . $this->clientSecret)
]);
} elseif (in_array('client_secret_post', $supportedAuthMethods)) {
$request->addData([
'client_id' => $this->clientId,
'client_secret' => $this->clientSecret,
]);
} elseif (in_array('client_secret_jwt', $supportedAuthMethods)) {
$header = [
'typ' => 'JWT',
'alg' => 'HS256',
];
$payload = [
'iss' => $this->clientId,
'sub' => $this->clientId,
'aud' => $this->tokenUrl,
'jti' => $this->generateAuthNonce(),
'iat' => time(),
'exp' => time() + 3600,
];
$signatureBaseString = base64_encode(Json::encode($header)) . '.' . base64_encode(Json::encode($payload));
$signatureMethod = new HmacSha(['algorithm' => 'sha256']);
$signature = $signatureMethod->generateSignature($signatureBaseString, $this->clientSecret);
$assertion = $signatureBaseString . '.' . $signature;
$request->addData([
'assertion' => $assertion,
]);
} else {
throw new InvalidConfigException('Unable to authenticate request: none of following auth methods is suported: ' . implode(', ', $supportedAuthMethods));
}
}
Defined in: yii\authclient\OAuth2::authenticateClient()
Authenticate OAuth client directly at the provider without third party (user) involved, using 'client_credentials' grant type.
| public yii\authclient\OAuthToken authenticateClient ( $params = [] ) | ||
| $params | array |
Additional request params. |
| return | yii\authclient\OAuthToken |
Access token. |
|---|---|---|
public function authenticateClient($params = [])
{
$defaultParams = [
'grant_type' => 'client_credentials',
];
if (!empty($this->scope)) {
$defaultParams['scope'] = $this->scope;
}
$request = $this->createRequest()
->setMethod('POST')
->setUrl($this->tokenUrl)
->setData(array_merge($defaultParams, $params));
$this->applyClientCredentialsToRequest($request);
$response = $this->sendRequest($request);
$token = $this->createToken(['params' => $response]);
$this->setAccessToken($token);
return $token;
}
Defined in: yii\authclient\OAuth2::authenticateUser()
Authenticates user directly by 'username/password' pair, using 'password' grant type.
| public yii\authclient\OAuthToken authenticateUser ( $username, $password, $params = [] ) | ||
| $username | string |
User name. |
| $password | string |
User password. |
| $params | array |
Additional request params. |
| return | yii\authclient\OAuthToken |
Access token. |
|---|---|---|
public function authenticateUser($username, $password, $params = [])
{
$defaultParams = [
'grant_type' => 'password',
'username' => $username,
'password' => $password,
];
if (!empty($this->scope)) {
$defaultParams['scope'] = $this->scope;
}
$request = $this->createRequest()
->setMethod('POST')
->setUrl($this->tokenUrl)
->setData(array_merge($defaultParams, $params));
$this->applyClientCredentialsToRequest($request);
$response = $this->sendRequest($request);
$token = $this->createToken(['params' => $response]);
$this->setAccessToken($token);
return $token;
}
Defined in: yii\authclient\OAuth2::authenticateUserJwt()
Authenticates user directly using JSON Web Token (JWT).
See also https://tools.ietf.org/html/rfc7515.
| public yii\authclient\OAuthToken authenticateUserJwt ( $username, $signature = null, $options = [], $params = [] ) | ||
| $username | string | |
| $signature | yii\authclient\signature\BaseMethod|array |
Signature method or its array configuration. If empty - $signatureMethod will be used. |
| $options | array |
Additional options. Valid options are:
|
| $params | array |
Additional request params. |
| return | yii\authclient\OAuthToken |
Access token. |
|---|---|---|
public function authenticateUserJwt($username, $signature = null, $options = [], $params = [])
{
if (empty($signature)) {
$signatureMethod = $this->getSignatureMethod();
} elseif (is_object($signature)) {
$signatureMethod = $signature;
} else {
$signatureMethod = $this->createSignatureMethod($signature);
}
$header = isset($options['header']) ? $options['header'] : [];
$payload = isset($options['payload']) ? $options['payload'] : [];
$header = array_merge([
'typ' => 'JWT'
], $header);
if (!isset($header['alg'])) {
$signatureName = $signatureMethod->getName();
if (preg_match('/^([a-z])[a-z]*\-([a-z])[a-z]*([0-9]+)$/is', $signatureName, $matches)) {
// convert 'RSA-SHA256' to 'RS256' :
$signatureName = $matches[1] . $matches[2] . $matches[3];
}
$header['alg'] = $signatureName;
}
$payload = array_merge([
'iss' => $username,
'scope' => $this->scope,
'aud' => $this->tokenUrl,
'iat' => time(),
], $payload);
if (!isset($payload['exp'])) {
$payload['exp'] = $payload['iat'] + 3600;
}
$signatureBaseString = base64_encode(Json::encode($header)) . '.' . base64_encode(Json::encode($payload));
$signatureKey = isset($options['signatureKey']) ? $options['signatureKey'] : $this->clientSecret;
$signature = $signatureMethod->generateSignature($signatureBaseString, $signatureKey);
$assertion = $signatureBaseString . '.' . $signature;
$request = $this->createRequest()
->setMethod('POST')
->setUrl($this->tokenUrl)
->setData(array_merge([
'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer',
'assertion' => $assertion,
], $params));
$response = $this->sendRequest($request);
$token = $this->createToken(['params' => $response]);
$this->setAccessToken($token);
return $token;
}
Defined in: yii\authclient\BaseOAuth::beforeApiRequestSend()
Handles Request::EVENT_BEFORE_SEND event.
Applies $accessToken to the request.
| public void beforeApiRequestSend ( $event ) | ||
| $event | \yii\httpclient\RequestEvent |
Event instance. |
| throws | \yii\base\Exception |
on invalid access token. |
|---|---|---|
public function beforeApiRequestSend($event)
{
$accessToken = $this->getAccessToken();
if (!is_object($accessToken) || !$accessToken->getIsValid()) {
throw new Exception('Invalid access token.');
}
$this->applyAccessTokenToRequest($event->request, $accessToken);
}
Composes user authorization URL.
| public string buildAuthUrl ( array $params = [] ) | ||
| $params | array |
Additional auth GET params. |
| return | string |
Authorization URL. |
|---|---|---|
public function buildAuthUrl(array $params = [])
{
if ($this->authUrl === null) {
$this->authUrl = $this->getConfigParam('authorization_endpoint');
}
return parent::buildAuthUrl($params);
}
Defined in: yii\authclient\BaseOAuth::composeUrl()
Composes URL from base URL and GET params.
| protected string composeUrl ( $url, array $params = [] ) | ||
| $url | string |
Base URL. |
| $params | array |
GET params. |
| return | string |
Composed URL. |
|---|---|---|
protected function composeUrl($url, array $params = [])
{
if (!empty($params)) {
if (strpos($url, '?') === false) {
$url .= '?';
} else {
$url .= '&';
}
$url .= http_build_query($params, '', '&', PHP_QUERY_RFC3986);
}
return $url;
}
Defined in: yii\authclient\BaseOAuth::createApiRequest()
Creates an HTTP request for the API call.
The created request will be automatically processed adding access token parameters and signature before sending. You may use createRequest() to gain full control over request composition and execution.
See also createRequest().
| public \yii\httpclient\Request createApiRequest ( ) | ||
| return | \yii\httpclient\Request |
HTTP request instance. |
|---|---|---|
public function createApiRequest()
{
$request = $this->createRequest();
$request->on(Request::EVENT_BEFORE_SEND, [$this, 'beforeApiRequestSend']);
return $request;
}
Defined in: yii\authclient\BaseOAuth::createHttpClient()
Creates HTTP client instance from reference or configuration.
| protected \yii\httpclient\Client createHttpClient ( $reference ) | ||
| $reference | string|array |
Component name or array configuration. |
| return | \yii\httpclient\Client |
HTTP client instance. |
|---|---|---|
protected function createHttpClient($reference)
{
$httpClient = parent::createHttpClient($reference);
$httpClient->baseUrl = $this->apiBaseUrl;
return $httpClient;
}
Defined in: yii\authclient\BaseClient::createRequest()
Creates HTTP request instance.
| public \yii\httpclient\Request createRequest ( ) | ||
| return | \yii\httpclient\Request |
HTTP request instance. |
|---|---|---|
public function createRequest()
{
return $this->getHttpClient()
->createRequest()
->addOptions($this->defaultRequestOptions())
->addOptions($this->getRequestOptions());
}
Defined in: yii\authclient\BaseOAuth::createSignatureMethod()
Creates signature method instance from its configuration.
| protected yii\authclient\signature\BaseMethod createSignatureMethod ( array $signatureMethodConfig ) | ||
| $signatureMethodConfig | array |
Signature method configuration. |
| return | yii\authclient\signature\BaseMethod |
Signature method instance. |
|---|---|---|
protected function createSignatureMethod(array $signatureMethodConfig)
{
if (!array_key_exists('class', $signatureMethodConfig)) {
$signatureMethodConfig['class'] = signature\HmacSha1::className();
}
return Yii::createObject($signatureMethodConfig);
}
Creates token from its configuration.
| protected yii\authclient\OAuthToken createToken ( array $tokenConfig = [] ) | ||
| $tokenConfig | array |
Token configuration. |
| return | yii\authclient\OAuthToken |
Token instance. |
|---|---|---|
protected function createToken(array $tokenConfig = [])
{
if ($this->validateJws) {
$jwsData = $this->loadJws($tokenConfig['params']['id_token']);
$this->validateClaims($jwsData);
$tokenConfig['params'] = array_merge($tokenConfig['params'], $jwsData);
if ($this->getValidateAuthNonce()) {
$authNonce = $this->getState('authNonce');
if (!isset($jwsData['nonce']) || empty($authNonce) || strcmp($jwsData['nonce'], $authNonce) !== 0) {
throw new HttpException(400, 'Invalid auth nonce');
} else {
$this->removeState('authNonce');
}
}
}
return parent::createToken($tokenConfig);
}
Defined in: yii\authclient\BaseClient::defaultName()
Generates service name.
| protected string defaultName ( ) | ||
| return | string |
Service name. |
|---|---|---|
protected function defaultName()
{
return Inflector::camel2id(StringHelper::basename(get_class($this)));
}
Defined in: yii\authclient\BaseClient::defaultNormalizeUserAttributeMap()
Returns the default $normalizeUserAttributeMap value.
Particular client may override this method in order to provide specific default map.
| protected array defaultNormalizeUserAttributeMap ( ) | ||
| return | array |
Normalize attribute map. |
|---|---|---|
protected function defaultNormalizeUserAttributeMap()
{
return [];
}
Defined in: yii\authclient\BaseOAuth::defaultRequestOptions()
Returns default HTTP request options.
| protected array defaultRequestOptions ( ) | ||
| return | array |
HTTP request options. |
|---|---|---|
protected function defaultRequestOptions()
{
return [
'userAgent' => Yii::$app->name . ' OAuth ' . $this->version . ' Client',
'timeout' => 30,
'sslVerifyPeer' => false,
];
}
Composes default $returnUrl value.
| protected string defaultReturnUrl ( ) | ||
| return | string |
Return URL. |
|---|---|---|
protected function defaultReturnUrl()
{
$params = Yii::$app->getRequest()->getQueryParams();
// OAuth2 specifics :
unset($params['code']);
unset($params['state']);
// OpenIdConnect specifics :
unset($params['nonce']);
unset($params['authuser']);
unset($params['session_state']);
unset($params['prompt']);
$params[0] = Yii::$app->controller->getRoute();
return Yii::$app->getUrlManager()->createAbsoluteUrl($params);
}
Defined in: yii\authclient\BaseClient::defaultTitle()
Generates service title.
| protected string defaultTitle ( ) | ||
| return | string |
Service title. |
|---|---|---|
protected function defaultTitle()
{
return StringHelper::basename(get_class($this));
}
Defined in: yii\authclient\BaseClient::defaultViewOptions()
Returns the default $viewOptions value.
Particular client may override this method in order to provide specific default view options.
| protected array defaultViewOptions ( ) | ||
| return | array |
List of default $viewOptions |
|---|---|---|
protected function defaultViewOptions()
{
return [];
}
Discovers OpenID Provider configuration parameters.
| protected array discoverConfig ( ) | ||
| return | array |
OpenID Provider configuration parameters. |
|---|---|---|
| throws | yii\authclient\InvalidResponseException |
on failure. |
protected function discoverConfig()
{
$request = $this->createRequest();
$configUrl = rtrim($this->issuerUrl, '/') . '/.well-known/openid-configuration';
$request->setMethod('GET')
->setUrl($configUrl);
$response = $this->sendRequest($request);
return $response;
}
Fetches access token from authorization code.
| public yii\authclient\OAuthToken fetchAccessToken ( $authCode, array $params = [] ) | ||
| $authCode | string |
Authorization code, usually comes at GET parameter 'code'. |
| $params | array |
Additional request params. |
| return | yii\authclient\OAuthToken |
Access token. |
|---|---|---|
| throws | \yii\web\HttpException |
on invalid auth state in case enableStateValidation is enabled. |
public function fetchAccessToken($authCode, array $params = [])
{
if ($this->tokenUrl === null) {
$this->tokenUrl = $this->getConfigParam('token_endpoint');
}
if (!isset($params['nonce']) && $this->getValidateAuthNonce()) {
$nonce = $this->generateAuthNonce();
$this->setState('authNonce', $nonce);
$params['nonce'] = $nonce;
}
return parent::fetchAccessToken($authCode, $params);
}
Generates the auth nonce value.
| protected string generateAuthNonce ( ) | ||
| return | string |
Auth nonce value. |
|---|---|---|
protected function generateAuthNonce()
{
return Yii::$app->security->generateRandomString();
}
Defined in: yii\authclient\OAuth2::generateAuthState()
Generates the auth state value.
| protected string generateAuthState ( ) | ||
| return | string |
Auth state value. |
|---|---|---|
protected function generateAuthState()
{
$baseString = get_class($this) . '-' . time();
if (Yii::$app->has('session')) {
$baseString .= '-' . Yii::$app->session->getId();
}
return hash('sha256', uniqid($baseString, true));
}
Defined in: yii\authclient\BaseOAuth::getAccessToken()
| public yii\authclient\OAuthToken getAccessToken ( ) | ||
| return | yii\authclient\OAuthToken |
Auth token instance. |
|---|---|---|
public function getAccessToken()
{
if (!is_object($this->_accessToken)) {
$this->_accessToken = $this->restoreAccessToken();
}
return $this->_accessToken;
}
| public \yii\caching\Cache|null getCache ( ) | ||
| return | \yii\caching\Cache|null |
The cache object, |
|---|---|---|
public function getCache()
{
if ($this->_cache !== null && !is_object($this->_cache)) {
$this->_cache = Instance::ensure($this->_cache, Cache::className());
}
return $this->_cache;
}
Returns particular configuration parameter value.
| public mixed getConfigParam ( $name ) | ||
| $name | string |
Configuration parameter name. |
| return | mixed |
Configuration parameter value. |
|---|---|---|
public function getConfigParam($name)
{
$params = $this->getConfigParams();
return $params[$name];
}
| public array getConfigParams ( ) | ||
| return | array |
OpenID provider configuration parameters. |
|---|---|---|
public function getConfigParams()
{
if ($this->_configParams === null) {
$cache = $this->getCache();
$cacheKey = $this->configParamsCacheKeyPrefix . $this->getId();
if ($cache === null || ($configParams = $cache->get($cacheKey)) === false) {
$configParams = $this->discoverConfig();
}
$this->_configParams = $configParams;
if ($cache !== null) {
$cache->set($cacheKey, $configParams);
}
}
return $this->_configParams;
}
Defined in: yii\authclient\BaseClient::getHttpClient()
Returns HTTP client.
| public \yii\httpclient\Client getHttpClient ( ) | ||
| return | \yii\httpclient\Client |
Internal HTTP client. |
|---|---|---|
public function getHttpClient()
{
if (!is_object($this->_httpClient)) {
$this->_httpClient = $this->createHttpClient($this->_httpClient);
}
return $this->_httpClient;
}
Defined in: yii\authclient\BaseClient::getId()
| public string getId ( ) | ||
| return | string |
Service id |
|---|---|---|
public function getId()
{
if (empty($this->_id)) {
$this->_id = $this->getName();
}
return $this->_id;
}
Defined in: yii\authclient\BaseClient::getName()
| public string getName ( ) | ||
| return | string |
Service name. |
|---|---|---|
public function getName()
{
if ($this->_name === null) {
$this->_name = $this->defaultName();
}
return $this->_name;
}
| public array getNormalizeUserAttributeMap ( ) | ||
| return | array |
Normalize user attribute map. |
|---|---|---|
public function getNormalizeUserAttributeMap()
{
if ($this->_normalizeUserAttributeMap === null) {
$this->_normalizeUserAttributeMap = $this->defaultNormalizeUserAttributeMap();
}
return $this->_normalizeUserAttributeMap;
}
Defined in: yii\authclient\BaseClient::getRequestOptions()
| public array getRequestOptions ( ) | ||
| return | array |
HTTP request options. |
|---|---|---|
public function getRequestOptions()
{
return $this->_requestOptions;
}
Defined in: yii\authclient\BaseOAuth::getReturnUrl()
| public string getReturnUrl ( ) | ||
| return | string |
Return URL. |
|---|---|---|
public function getReturnUrl()
{
if ($this->_returnUrl === null) {
$this->_returnUrl = $this->defaultReturnUrl();
}
return $this->_returnUrl;
}
Defined in: yii\authclient\BaseOAuth::getSignatureMethod()
| public yii\authclient\signature\BaseMethod getSignatureMethod ( ) | ||
| return | yii\authclient\signature\BaseMethod |
Signature method instance. |
|---|---|---|
public function getSignatureMethod()
{
if (!is_object($this->_signatureMethod)) {
$this->_signatureMethod = $this->createSignatureMethod($this->_signatureMethod);
}
return $this->_signatureMethod;
}
Defined in: yii\authclient\BaseClient::getState()
Returns persistent state value.
| protected mixed getState ( $key ) | ||
| $key | string |
State key. |
| return | mixed |
State value. |
|---|---|---|
protected function getState($key)
{
return $this->getStateStorage()->get($this->getStateKeyPrefix() . $key);
}
Defined in: yii\authclient\BaseClient::getStateKeyPrefix()
Returns session key prefix, which is used to store internal states.
| protected string getStateKeyPrefix ( ) | ||
| return | string |
Session key prefix. |
|---|---|---|
protected function getStateKeyPrefix()
{
return get_class($this) . '_' . $this->getId() . '_';
}
Defined in: yii\authclient\BaseClient::getStateStorage()
| public yii\authclient\StateStorageInterface getStateStorage ( ) | ||
| return | yii\authclient\StateStorageInterface |
Stage storage. |
|---|---|---|
public function getStateStorage()
{
if (!is_object($this->_stateStorage)) {
$this->_stateStorage = Yii::createObject($this->_stateStorage);
}
return $this->_stateStorage;
}
Defined in: yii\authclient\BaseClient::getTitle()
| public string getTitle ( ) | ||
| return | string |
Service title. |
|---|---|---|
public function getTitle()
{
if ($this->_title === null) {
$this->_title = $this->defaultTitle();
}
return $this->_title;
}
Defined in: yii\authclient\BaseClient::getUserAttributes()
| public array getUserAttributes ( ) | ||
| return | array |
List of user attributes |
|---|---|---|
public function getUserAttributes()
{
if ($this->_userAttributes === null) {
$this->_userAttributes = $this->normalizeUserAttributes($this->initUserAttributes());
}
return $this->_userAttributes;
}
| public boolean getValidateAuthNonce ( ) | ||
| return | boolean |
Whether to use and validate auth 'nonce' parameter in authentication flow. |
|---|---|---|
public function getValidateAuthNonce()
{
if ($this->_validateAuthNonce === null) {
$this->_validateAuthNonce = $this->validateJws && in_array('nonce', $this->getConfigParam('claims_supported'));
}
return $this->_validateAuthNonce;
}
Defined in: yii\authclient\BaseClient::getViewOptions()
| public array getViewOptions ( ) | ||
| return | array |
View options in format: optionName => optionValue |
|---|---|---|
public function getViewOptions()
{
if ($this->_viewOptions === null) {
$this->_viewOptions = $this->defaultViewOptions();
}
return $this->_viewOptions;
}
Initializes authenticated user attributes.
| protected array initUserAttributes ( ) | ||
| return | array |
Auth user attributes. |
|---|---|---|
protected function initUserAttributes()
{
return $this->api($this->getConfigParam('userinfo_endpoint'), 'GET');
}
Decrypts/validates JWS, returning related data.
| protected array loadJws ( $jws ) | ||
| $jws | string |
Raw JWS input. |
| return | array |
JWS underlying data. |
|---|---|---|
| throws | \yii\web\HttpException |
on invalid JWS signature. |
protected function loadJws($jws)
{
try {
$jwkSet = JWKFactory::createFromJKU($this->getConfigParam('jwks_uri'));
$loader = new Loader();
return $loader->loadAndVerifySignatureUsingKeySet($jws, $jwkSet, $this->allowedJwsAlgorithms)->getPayload();
} catch (\Exception $e) {
$message = YII_DEBUG ? 'Unable to verify JWS: ' . $e->getMessage() : 'Invalid JWS';
throw new HttpException(400, $message, $e->getCode(), $e);
}
}
Defined in: yii\authclient\BaseClient::normalizeUserAttributes()
Normalize given user attributes according to $normalizeUserAttributeMap.
| protected array normalizeUserAttributes ( $attributes ) | ||
| $attributes | array |
Raw attributes. |
| return | array |
Normalized attributes. |
|---|---|---|
| throws | \yii\base\InvalidConfigException |
on incorrect normalize attribute map. |
protected function normalizeUserAttributes($attributes)
{
foreach ($this->getNormalizeUserAttributeMap() as $normalizedName => $actualName) {
if (is_scalar($actualName)) {
if (array_key_exists($actualName, $attributes)) {
$attributes[$normalizedName] = $attributes[$actualName];
}
} else {
if (is_callable($actualName)) {
$attributes[$normalizedName] = call_user_func($actualName, $attributes);
} elseif (is_array($actualName)) {
$haystack = $attributes;
$searchKeys = $actualName;
$isFound = true;
while (($key = array_shift($searchKeys)) !== null) {
if (is_array($haystack) && array_key_exists($key, $haystack)) {
$haystack = $haystack[$key];
} else {
$isFound = false;
break;
}
}
if ($isFound) {
$attributes[$normalizedName] = $haystack;
}
} else {
throw new InvalidConfigException('Invalid actual name "' . gettype($actualName) . '" specified at "' . get_class($this) . '::normalizeUserAttributeMap"');
}
}
}
return $attributes;
}
Gets new auth token to replace expired one.
| public yii\authclient\OAuthToken refreshAccessToken ( yii\authclient\OAuthToken $token ) | ||
| $token | yii\authclient\OAuthToken |
Expired auth token. |
| return | yii\authclient\OAuthToken |
New auth token. |
|---|---|---|
public function refreshAccessToken(OAuthToken $token)
{
if ($this->tokenUrl === null) {
$this->tokenUrl = $this->getConfigParam('token_endpoint');
}
return parent::refreshAccessToken($token);
}
Defined in: yii\authclient\BaseClient::removeState()
Removes persistent state value.
| protected boolean removeState ( $key ) | ||
| $key | string |
State key. |
| return | boolean |
Success. |
|---|---|---|
protected function removeState($key)
{
return $this->getStateStorage()->remove($this->getStateKeyPrefix() . $key);
}
Defined in: yii\authclient\BaseOAuth::restoreAccessToken()
Restores access token.
| protected yii\authclient\OAuthToken restoreAccessToken ( ) | ||
| return | yii\authclient\OAuthToken |
Auth token. |
|---|---|---|
protected function restoreAccessToken()
{
$token = $this->getState('token');
if (is_object($token)) {
/* @var $token OAuthToken */
if ($token->getIsExpired() && $this->autoRefreshAccessToken) {
$token = $this->refreshAccessToken($token);
}
}
return $token;
}
Defined in: yii\authclient\BaseOAuth::saveAccessToken()
Saves token as persistent state.
| protected $this saveAccessToken ( $token ) | ||
| $token | yii\authclient\OAuthToken|null |
Auth token to be saved. |
| return | $this |
The object itself. |
|---|---|---|
protected function saveAccessToken($token)
{
return $this->setState('token', $token);
}
Defined in: yii\authclient\BaseOAuth::sendRequest()
Sends the given HTTP request, returning response data.
| protected array sendRequest ( $request ) | ||
| $request | \yii\httpclient\Request |
HTTP request to be sent. |
| return | array |
Response data. |
|---|---|---|
| throws | yii\authclient\InvalidResponseException |
on invalid remote response. |
protected function sendRequest($request)
{
$response = $request->send();
if (!$response->getIsOk()) {
throw new InvalidResponseException($response, 'Request failed with code: ' . $response->getStatusCode() . ', message: ' . $response->getContent());
}
return $response->getData();
}
Defined in: yii\authclient\BaseOAuth::setAccessToken()
Sets access token to be used.
| public void setAccessToken ( $token ) | ||
| $token | array|yii\authclient\OAuthToken |
Access token or its configuration. |
public function setAccessToken($token)
{
if (!is_object($token) && $token !== null) {
$token = $this->createToken($token);
}
$this->_accessToken = $token;
$this->saveAccessToken($token);
}
Sets up a component to be used for caching.
This can be one of the following:
- an application component ID (e.g.
cache) - a configuration array
- a \yii\caching\Cache object
When null is passed, it means caching is not enabled.
| public void setCache ( $cache ) | ||
| $cache | \yii\caching\Cache|array|string|null |
The cache object or the ID of the cache application component. |
public function setCache($cache)
{
$this->_cache = $cache;
}
Defined in: yii\authclient\BaseOAuth::setHttpClient()
Sets HTTP client to be used.
| public void setHttpClient ( $httpClient ) | ||
| $httpClient | array|\yii\httpclient\Client |
Internal HTTP client. |
public function setHttpClient($httpClient)
{
if (is_object($httpClient)) {
$httpClient = clone $httpClient;
$httpClient->baseUrl = $this->apiBaseUrl;
}
parent::setHttpClient($httpClient);
}
Defined in: yii\authclient\BaseClient::setId()
| public void setId ( $id ) | ||
| $id | string |
Service id. |
public function setId($id)
{
$this->_id = $id;
}
Defined in: yii\authclient\BaseClient::setName()
| public void setName ( $name ) | ||
| $name | string |
Service name. |
public function setName($name)
{
$this->_name = $name;
}
| public void setNormalizeUserAttributeMap ( $normalizeUserAttributeMap ) | ||
| $normalizeUserAttributeMap | array |
Normalize user attribute map. |
public function setNormalizeUserAttributeMap($normalizeUserAttributeMap)
{
$this->_normalizeUserAttributeMap = $normalizeUserAttributeMap;
}
Defined in: yii\authclient\BaseClient::setRequestOptions()
| public void setRequestOptions ( array $options ) | ||
| $options | array |
HTTP request options. |
public function setRequestOptions(array $options)
{
$this->_requestOptions = $options;
}
Defined in: yii\authclient\BaseOAuth::setReturnUrl()
| public void setReturnUrl ( $returnUrl ) | ||
| $returnUrl | string |
Return URL |
public function setReturnUrl($returnUrl)
{
$this->_returnUrl = $returnUrl;
}
Defined in: yii\authclient\BaseOAuth::setSignatureMethod()
Set signature method to be used.
| public void setSignatureMethod ( $signatureMethod ) | ||
| $signatureMethod | array|yii\authclient\signature\BaseMethod |
Signature method instance or its array configuration. |
| throws | \yii\base\InvalidParamException |
on wrong argument. |
|---|---|---|
public function setSignatureMethod($signatureMethod)
{
if (!is_object($signatureMethod) && !is_array($signatureMethod)) {
throw new InvalidParamException('"' . get_class($this) . '::signatureMethod" should be instance of "\yii\autclient\signature\BaseMethod" or its array configuration. "' . gettype($signatureMethod) . '" has been given.');
}
$this->_signatureMethod = $signatureMethod;
}
Defined in: yii\authclient\BaseClient::setState()
Sets persistent state.
| protected $this setState ( $key, $value ) | ||
| $key | string |
State key. |
| $value | mixed |
State value |
| return | $this |
The object itself |
|---|---|---|
protected function setState($key, $value)
{
$this->getStateStorage()->set($this->getStateKeyPrefix() . $key, $value);
return $this;
}
Defined in: yii\authclient\BaseClient::setStateStorage()
| public void setStateStorage ( $stateStorage ) | ||
| $stateStorage | yii\authclient\StateStorageInterface|array|string |
Stage storage to be used. |
public function setStateStorage($stateStorage)
{
$this->_stateStorage = $stateStorage;
}
Defined in: yii\authclient\BaseClient::setTitle()
| public void setTitle ( $title ) | ||
| $title | string |
Service title. |
public function setTitle($title)
{
$this->_title = $title;
}
Defined in: yii\authclient\BaseClient::setUserAttributes()
| public void setUserAttributes ( $userAttributes ) | ||
| $userAttributes | array |
List of user attributes |
public function setUserAttributes($userAttributes)
{
$this->_userAttributes = $this->normalizeUserAttributes($userAttributes);
}
| public void setValidateAuthNonce ( $validateAuthNonce ) | ||
| $validateAuthNonce | boolean |
Whether to use and validate auth 'nonce' parameter in authentication flow. |
public function setValidateAuthNonce($validateAuthNonce)
{
$this->_validateAuthNonce = $validateAuthNonce;
}
Defined in: yii\authclient\BaseClient::setViewOptions()
| public void setViewOptions ( $viewOptions ) | ||
| $viewOptions | array |
View options in format: optionName => optionValue |
public function setViewOptions($viewOptions)
{
$this->_viewOptions = $viewOptions;
}