OpenIdConnect
extends OAuth2
in package
OpenIdConnect serves as a client for the OpenIdConnect flow.
Application configuration example:
'components' => [
'authClientCollection' => [
'class' => 'yii\authclient\Collection',
'clients' => [
'google' => [
'class' => 'yii\authclient\OpenIdConnect',
'issuerUrl' => 'https://accounts.google.com',
'clientId' => 'google_client_id',
'clientSecret' => 'google_client_secret',
'name' => 'google',
'title' => 'Google OpenID Connect',
],
],
]
// ...
]
This class requires web-token/jwt-checker,web-token/jwt-key-mgmt, web-token/jwt-signature, web-token/jwt-signature-algorithm-hmac,
web-token/jwt-signature-algorithm-ecdsa and web-token/jwt-signature-algorithm-rsa libraries to be installed for
JWS verification. This can be done via composer:
composer require --prefer-dist "web-token/jwt-checker:>=1.0 <3.0" "web-token/jwt-signature:>=1.0 <3.0"
"web-token/jwt-signature:>=1.0 <3.0" "web-token/jwt-signature-algorithm-hmac:>=1.0 <3.0"
"web-token/jwt-signature-algorithm-ecdsa:>=1.0 <3.0" "web-token/jwt-signature-algorithm-rsa:>=1.0 <3.0"
Note: if you are using well-trusted OpenIdConnect provider, you may disable [[validateJws]], making installation of
web-token library redundant, however it is not recommended as it violates the protocol specification.
Tags
Table of Contents
Constants
- ACCESS_TOKEN_LOCATION_BODY = 'body'
- Apply the access token to the request body
- ACCESS_TOKEN_LOCATION_HEADER = 'header'
- Apply the access token to the request header
Properties
- $accessToken : OAuthToken
- $accessTokenLocation : string
- $allowedJwsAlgorithms : array<string|int, mixed>
- $apiBaseUrl : string
- $authUrl : string
- $autoRefreshAccessToken : bool
- $behaviors : array<string|int, Behavior>
- $cache : Cache|null
- $clientId : string
- $clientSecret : string
- $configParams : array<string|int, mixed>
- $configParamsCacheKeyPrefix : string
- $defaultIdTokenClaims : array<string|int, mixed>
- $enablePkce : bool
- $httpClient : Client
- $id : string
- $issuerUrl : string
- $name : string
- $normalizeUserAttributeMap : array<string|int, mixed>
- $parametersToKeepInReturnUrl : array<string|int, mixed>
- $requestOptions : array<string|int, mixed>
- $returnUrl : string
- $scope : mixed
- {@inheritdoc}
- $signatureMethod : BaseMethod
- $stateStorage : StateStorageInterface
- $title : string
- $tokenUrl : string
- $userAttributes : array<string|int, mixed>
- $validateAuthNonce : bool
- $validateAuthState : bool
- $validateJws : bool
- $version : string
- $viewOptions : array<string|int, mixed>
- $_accessToken : OAuthToken|array<string|int, mixed>|null
- $_behaviors : array<string|int, Behavior>|null
- $_cache : Cache|string
- $_configParams : array<string|int, mixed>
- $_events : array<string|int, mixed>
- $_eventWildcards : array<string|int, mixed>
- $_httpClient : Client|array<string|int, mixed>|string
- $_id : string
- $_jwkSet : JWKSet
- $_jwsLoader : JWSLoader
- $_name : string
- $_normalizeUserAttributeMap : array<string|int, mixed>
- $_requestOptions : array<string|int, mixed>
- $_returnUrl : string
- $_signatureMethod : BaseMethod|array<string|int, mixed>
- $_stateStorage : StateStorageInterface|array<string|int, mixed>|string
- $_title : string
- $_userAttributes : array<string|int, mixed>
- $_validateAuthNonce : bool|null
- $_viewOptions : array<string|int, mixed>
- $cacheDuration : int
Methods
- __call() : mixed
- Calls the named method which is not a class method.
- __clone() : mixed
- This method is called after the object is created by cloning an existing one.
- __construct() : mixed
- Constructor.
- __get() : mixed
- Returns the value of a component property.
- __isset() : bool
- Checks if a property is set, i.e. defined and not null.
- __set() : mixed
- Sets the value of a component property.
- __unset() : mixed
- Sets a component property to be null.
- api() : array<string|int, mixed>
- Performs request to the OAuth API returning response data.
- applyAccessTokenToRequest() : mixed
- Applies access token to the HTTP request instance.
- attachBehavior() : Behavior
- Attaches a behavior to this component.
- attachBehaviors() : mixed
- Attaches a list of behaviors to the component.
- authenticateClient() : OAuthToken
- Authenticate OAuth client directly at the provider without third party (user) involved, using 'client_credentials' grant type.
- authenticateUser() : OAuthToken
- Authenticates user directly by 'username/password' pair, using 'password' grant type.
- authenticateUserJwt() : OAuthToken
- Authenticates user directly using JSON Web Token (JWT).
- beforeApiRequestSend() : mixed
- Handles [[Request::EVENT_BEFORE_SEND]] event.
- behaviors() : array<string|int, mixed>
- Returns a list of behaviors that this component should behave as.
- buildAuthUrl() : string
- Composes user authorization URL.
- canGetProperty() : bool
- Returns a value indicating whether a property can be read.
- canSetProperty() : bool
- Returns a value indicating whether a property can be set.
- className() : string
- Returns the fully qualified name of this class.
- createApiRequest() : Request
- Creates an HTTP request for the API call.
- createRequest() : Request
- Creates HTTP request instance.
- detachBehavior() : Behavior|null
- Detaches a behavior from the component.
- detachBehaviors() : mixed
- Detaches all behaviors from the component.
- ensureBehaviors() : mixed
- Makes sure that the behaviors declared in [[behaviors()]] are attached to this component.
- fetchAccessToken() : OAuthToken
- Fetches access token from authorization code.
- getAccessToken() : OAuthToken
- getBehavior() : Behavior|null
- Returns the named behavior object.
- getBehaviors() : array<string|int, Behavior>
- Returns all behaviors attached to this component.
- getCache() : Cache|null
- getConfigParam() : mixed
- Returns particular configuration parameter value.
- getConfigParams() : array<string|int, mixed>
- getHttpClient() : Client
- Returns HTTP client.
- getId() : string
- getName() : string
- getNormalizeUserAttributeMap() : array<string|int, mixed>
- getRequestOptions() : array<string|int, mixed>
- getReturnUrl() : string
- getSignatureMethod() : BaseMethod
- getStateStorage() : StateStorageInterface
- getTitle() : string
- getUserAttributes() : array<string|int, mixed>
- getValidateAuthNonce() : bool
- getViewOptions() : array<string|int, mixed>
- hasEventHandlers() : bool
- Returns a value indicating whether there is any handler attached to the named event.
- hasMethod() : bool
- Returns a value indicating whether a method is defined.
- hasProperty() : bool
- Returns a value indicating whether a property is defined for this component.
- init() : mixed
- Initializes the object.
- off() : bool
- Detaches an existing event handler from this component.
- on() : mixed
- Attaches an event handler to an event.
- refreshAccessToken() : OAuthToken
- Gets new auth token to replace expired one.
- setAccessToken() : mixed
- Sets access token to be used.
- setCache() : mixed
- Sets up a component to be used for caching.
- setConfigParams() : mixed
- Set the OpenID provider configuration manually, this will bypass the automatic discovery via the /.well-known/openid-configuration endpoint.
- setHttpClient() : mixed
- Sets HTTP client to be used.
- setId() : mixed
- setName() : mixed
- setNormalizeUserAttributeMap() : mixed
- setRequestOptions() : mixed
- setReturnUrl() : mixed
- setSignatureMethod() : mixed
- Set signature method to be used.
- setStateStorage() : mixed
- setTitle() : mixed
- setUserAttributes() : mixed
- setValidateAuthNonce() : mixed
- setViewOptions() : mixed
- trigger() : mixed
- Triggers an event.
- applyClientCredentialsToRequest() : mixed
- Applies client credentials (e.g. [[clientId]] and [[clientSecret]]) to the HTTP request instance.
- composeUrl() : string
- Composes URL from base URL and GET params.
- createHttpClient() : Client
- Creates HTTP client instance from reference or configuration.
- createSignatureMethod() : BaseMethod
- Creates signature method instance from its configuration.
- createToken() : OAuthToken
- Creates token from its configuration.
- defaultName() : string
- Generates service name.
- defaultNormalizeUserAttributeMap() : array<string|int, mixed>
- Returns the default [[normalizeUserAttributeMap]] value.
- defaultRequestOptions() : array<string|int, mixed>
- Returns default HTTP request options.
- defaultReturnUrl() : string
- Composes default [[returnUrl]] value.
- defaultTitle() : string
- Generates service title.
- defaultViewOptions() : array<string|int, mixed>
- Returns the default [[viewOptions]] value.
- discoverConfig() : array<string|int, mixed>
- Discovers OpenID Provider configuration parameters.
- generateAuthNonce() : string
- Generates the auth nonce value.
- generateAuthState() : string
- Generates the auth state value.
- getJwkSet() : JWKSet
- Return JwkSet, returning related data.
- getJwsLoader() : JWSLoader
- Return JWSLoader that validate the JWS token.
- getState() : mixed
- Returns persistent state value.
- getStateKeyPrefix() : string
- Returns session key prefix, which is used to store internal states.
- initUserAttributes() : array<string|int, mixed>
- Initializes authenticated user attributes.
- loadJws() : array<string|int, mixed>
- Decrypts/validates JWS, returning related data.
- normalizeUserAttributes() : array<string|int, mixed>
- Normalize given user attributes according to [[normalizeUserAttributeMap]].
- removeState() : bool
- Removes persistent state value.
- restoreAccessToken() : OAuthToken
- Restores access token.
- saveAccessToken() : $this
- Saves token as persistent state.
- sendRequest() : array<string|int, mixed>|string|null
- Sends the given HTTP request, returning response data.
- setState() : $this
- Sets persistent state.
- validateClaims() : mixed
- Validates the claims data received from OpenID provider.
- attachBehaviorInternal() : Behavior
- Attaches a behavior to this component.
Constants
ACCESS_TOKEN_LOCATION_BODY
Apply the access token to the request body
public
mixed
ACCESS_TOKEN_LOCATION_BODY
= 'body'
Tags
ACCESS_TOKEN_LOCATION_HEADER
Apply the access token to the request header
public
mixed
ACCESS_TOKEN_LOCATION_HEADER
= 'header'
Tags
Properties
$accessToken
public
OAuthToken
$accessToken
Auth token instance. Note that the type of this property differs in getter and setter. See [[getAccessToken()]] and [[setAccessToken()]] for details.
$accessTokenLocation
public
string
$accessTokenLocation
= \yii\authclient\OAuth2::ACCESS_TOKEN_LOCATION_HEADER
The location of the access token when it is applied to the request.
NOTE: According to the OAuth2 specification this should be header by default,
however, for backwards compatibility the default value used here is body.
$allowedJwsAlgorithms
public
array<string|int, mixed>
$allowedJwsAlgorithms
= ['HS256', 'HS384', 'HS512', 'ES256', 'ES384', 'ES512', 'RS256', 'RS384', 'RS512', 'PS256', 'PS384', 'PS512']
JWS algorithms, which are allowed to be used.
These are used by web-token library for JWS validation/decryption.
Make sure to install web-token/jwt-signature-algorithm-hmac, web-token/jwt-signature-algorithm-ecdsa
and web-token/jwt-signature-algorithm-rsa packages that support the particular algorithm before adding it here.
$apiBaseUrl
public
string
$apiBaseUrl
API base URL. This field will be used as [[\yii\httpclient\Client::baseUrl]] value of [[httpClient]]. Note: changing this property will take no effect after [[httpClient]] is instantiated.
$authUrl
public
string
$authUrl
authorize URL.
$autoRefreshAccessToken
public
bool
$autoRefreshAccessToken
= true
whether to automatically perform 'refresh access token' request on expired access token.
Tags
$behaviors read-only
public
array<string|int, Behavior>
$behaviors
List of behaviors attached to this component.
$cache
public
Cache|null
$cache
The cache object, null - if not enabled. Note that the type of this property
differs in getter and setter. See [[getCache()]] and [[setCache()]] for details.
$clientId
public
string
$clientId
OAuth client ID.
$clientSecret
public
string
$clientSecret
OAuth client secret.
$configParams
public
array<string|int, mixed>
$configParams
OpenID provider configuration parameters.
$configParamsCacheKeyPrefix
public
string
$configParamsCacheKeyPrefix
= 'config-params-'
the prefix for the key used to store [[configParams]] data in cache. Actual cache key will be formed addition [[id]] value to it.
Tags
$defaultIdTokenClaims
public
array<string|int, mixed>
$defaultIdTokenClaims
= [
'iss',
// Issuer Identifier for the Issuer of the response.
'sub',
// Subject Identifier.
'aud',
// Audience(s) that this ID Token is intended for.
'exp',
// Expiration time on or after which the ID Token MUST NOT be accepted for processing.
'iat',
// Time at which the JWT was issued.
'auth_time',
// Time when the End-User authentication occurred.
'nonce',
// String value used to associate a Client session with an ID Token, and to mitigate replay attacks.
'acr',
// Authentication Context Class Reference.
'amr',
// Authentication Methods References.
'azp',
]
Predefined OpenID Connect Claims
Tags
$enablePkce
public
bool
$enablePkce
= false
Whether to enable proof key for code exchange (PKCE) support and add
a code_challenge and code_verifier to the auth request.
Tags
$httpClient
public
Client
$httpClient
Internal HTTP client. Note that the type of this property differs in getter and setter. See [[getHttpClient()]] and [[setHttpClient()]] for details.
$id
public
string
$id
Service id.
$issuerUrl
public
string
$issuerUrl
OpenID Issuer (provider) base URL, e.g. https://example.com.
$name
public
string
$name
Service name.
$normalizeUserAttributeMap
public
array<string|int, mixed>
$normalizeUserAttributeMap
Normalize user attribute map.
$parametersToKeepInReturnUrl
public
array<string|int, mixed>
$parametersToKeepInReturnUrl
= ['authclient']
List of the parameters to keep in default return url.
Tags
$requestOptions read-only
public
array<string|int, mixed>
$requestOptions
HTTP request options.
$returnUrl
public
string
$returnUrl
Return URL.
$scope
{@inheritdoc}
public
mixed
$scope
= 'openid'
$signatureMethod
public
BaseMethod
$signatureMethod
Signature method instance. Note that the type of this property differs in getter and setter. See [[getSignatureMethod()]] and [[setSignatureMethod()]] for details.
$stateStorage
public
StateStorageInterface
$stateStorage
Stage storage. Note that the type of this property differs in getter and setter. See [[getStateStorage()]] and [[setStateStorage()]] for details.
$title
public
string
$title
Service title.
$tokenUrl
public
string
$tokenUrl
token request URL endpoint.
$userAttributes
public
array<string|int, mixed>
$userAttributes
List of user attributes.
$validateAuthNonce
public
bool
$validateAuthNonce
Whether to use and validate auth 'nonce' parameter in authentication flow.
$validateAuthState
public
bool
$validateAuthState
= true
whether to use and validate auth 'state' parameter in authentication flow. If enabled - the opaque value will be generated and applied to auth URL to maintain state between the request and callback. The authorization server includes this value, when redirecting the user-agent back to the client. The option is used for preventing cross-site request forgery.
Tags
$validateJws
public
bool
$validateJws
= true
whether to validate/decrypt JWS received with Auth token.
Note: this functionality requires web-token/jwt-checker, web-token/jwt-key-mgmt, web-token/jwt-signature
composer package to be installed. You can disable this option in case of usage of trusted OpenIDConnect provider,
however this violates the protocol rules, so you are doing it on your own risk.
$version
public
string
$version
= '2.0'
protocol version.
$viewOptions
public
array<string|int, mixed>
$viewOptions
View options in format: optionName => optionValue.
$_accessToken
private
OAuthToken|array<string|int, mixed>|null
$_accessToken
access token instance, its array configuration or null that means that token would be restored from token store.
$_behaviors
private
array<string|int, Behavior>|null
$_behaviors
the attached behaviors (behavior name => behavior). This is null when not initialized.
$_cache
private
Cache|string
$_cache
= 'cache'
the cache object or the ID of the cache application component that is used for caching. This can be one of the following:
- an application component ID (e.g.
cache) - a configuration array
- a [[\yii\caching\Cache]] object
When this is not set, it means caching is not enabled.
$_configParams
private
array<string|int, mixed>
$_configParams
OpenID provider configuration parameters.
$_events
private
array<string|int, mixed>
$_events
= []
the attached event handlers (event name => handlers)
$_eventWildcards
private
array<string|int, mixed>
$_eventWildcards
= []
the event handlers attached for wildcard patterns (event name wildcard => handlers)
Tags
$_httpClient
private
Client|array<string|int, mixed>|string
$_httpClient
= 'yii\httpclient\Client'
internal HTTP client.
Tags
$_id
private
string
$_id
auth service id. This value mainly used as HTTP request parameter.
$_jwkSet
private
JWKSet
$_jwkSet
Key Set
$_jwsLoader
private
JWSLoader
$_jwsLoader
JSON Web Signature
$_name
private
string
$_name
auth service name. This value may be used in database records, CSS files and so on.
$_normalizeUserAttributeMap
private
array<string|int, mixed>
$_normalizeUserAttributeMap
map used to normalize user attributes fetched from external auth service in format: normalizedAttributeName => sourceSpecification 'sourceSpecification' can be:
- string, raw attribute name
- array, pass to raw attribute value
- callable, PHP callback, which should accept array of raw attributes and return normalized value.
For example:
'normalizeUserAttributeMap' => [
'about' => 'bio',
'language' => ['languages', 0, 'name'],
'fullName' => function ($attributes) {
return $attributes['firstName'] . ' ' . $attributes['lastName'];
},
],
$_requestOptions
private
array<string|int, mixed>
$_requestOptions
= []
cURL request options. Option values from this field will overwrite corresponding values from [[defaultRequestOptions()]].
Tags
$_returnUrl
private
string
$_returnUrl
URL, which user will be redirected after authentication at the OAuth provider web site. Note: this should be absolute URL (with http:// or https:// leading). By default current URL will be used.
$_signatureMethod
private
BaseMethod|array<string|int, mixed>
$_signatureMethod
= []
signature method instance or its array configuration.
$_stateStorage
private
StateStorageInterface|array<string|int, mixed>|string
$_stateStorage
= 'yii\authclient\SessionStateStorage'
state storage to be used.
$_title
private
string
$_title
auth service title to display in views.
$_userAttributes
private
array<string|int, mixed>
$_userAttributes
authenticated user attributes.
$_validateAuthNonce
private
bool|null
$_validateAuthNonce
whether to use and validate auth 'nonce' parameter in authentication flow. The option is used for preventing replay attacks.
$_viewOptions
private
array<string|int, mixed>
$_viewOptions
view options in format: optionName => optionValue
$cacheDuration
private
int
$cacheDuration
= 604800
cache duration in seconds, default: 1 week
Methods
__call()
Calls the named method which is not a class method.
public
__call(string $name, array<string|int, mixed> $params) : mixed
This method will check if any attached behavior has the named method and will execute it if available.
Do not call this method directly as it is a PHP magic method that will be implicitly called when an unknown method is being invoked.
Parameters
- $name : string
-
the method name
- $params : array<string|int, mixed>
-
method parameters
Tags
Return values
mixed —the method return value
__clone()
This method is called after the object is created by cloning an existing one.
public
__clone() : mixed
It removes all behaviors because they are attached to the old object.
__construct()
Constructor.
public
__construct([array<string|int, mixed> $config = [] ]) : mixed
The default implementation does two things:
- Initializes the object with the given configuration
$config. - Call [[init()]].
If this method is overridden in a child class, it is recommended that
- the last parameter of the constructor is a configuration array, like
$confighere. - call the parent implementation at the end of the constructor.
Parameters
- $config : array<string|int, mixed> = []
-
name-value pairs that will be used to initialize the object properties
__get()
Returns the value of a component property.
public
__get(string $name) : mixed
This method will check in the following order and act accordingly:
- a property defined by a getter: return the getter result
- a property of a behavior: return the behavior property value
Do not call this method directly as it is a PHP magic method that
will be implicitly called when executing $value = $component->property;.
Parameters
- $name : string
-
the property name
Tags
Return values
mixed —the property value or the value of a behavior's property
__isset()
Checks if a property is set, i.e. defined and not null.
public
__isset(string $name) : bool
This method will check in the following order and act accordingly:
- a property defined by a setter: return whether the property is set
- a property of a behavior: return whether the property is set
- return
falsefor non existing properties
Do not call this method directly as it is a PHP magic method that
will be implicitly called when executing isset($component->property).
Parameters
- $name : string
-
the property name or the event name
Tags
Return values
bool —whether the named property is set
__set()
Sets the value of a component property.
public
__set(string $name, mixed $value) : mixed
This method will check in the following order and act accordingly:
- a property defined by a setter: set the property value
- an event in the format of "on xyz": attach the handler to the event "xyz"
- a behavior in the format of "as xyz": attach the behavior named as "xyz"
- a property of a behavior: set the behavior property value
Do not call this method directly as it is a PHP magic method that
will be implicitly called when executing $component->property = $value;.
Parameters
- $name : string
-
the property name or the event name
- $value : mixed
-
the property value
Tags
__unset()
Sets a component property to be null.
public
__unset(string $name) : mixed
This method will check in the following order and act accordingly:
- a property defined by a setter: set the property value to be null
- a property of a behavior: set the property value to be null
Do not call this method directly as it is a PHP magic method that
will be implicitly called when executing unset($component->property).
Parameters
- $name : string
-
the property name
Tags
api()
Performs request to the OAuth API returning response data.
public
api(string|array<string|int, mixed> $apiSubUrl[, string $method = 'GET' ][, array<string|int, mixed>|string $data = [] ][, array<string|int, mixed> $headers = [] ]) : array<string|int, mixed>
You may use [[createApiRequest()]] method instead, gaining more control over request execution.
Parameters
- $apiSubUrl : string|array<string|int, mixed>
-
API sub URL, which will be append to [[apiBaseUrl]], or absolute API URL.
- $method : string = 'GET'
-
request method.
- $data : array<string|int, mixed>|string = []
-
request data or content.
- $headers : array<string|int, mixed> = []
-
additional request headers.
Tags
Return values
array<string|int, mixed> —API response data.
applyAccessTokenToRequest()
Applies access token to the HTTP request instance.
public
applyAccessTokenToRequest(mixed $request, mixed $accessToken) : mixed
Parameters
- $request : mixed
-
HTTP request instance.
- $accessToken : mixed
-
access token instance.
Tags
attachBehavior()
Attaches a behavior to this component.
public
attachBehavior(string $name, string|array<string|int, mixed>|Behavior $behavior) : Behavior
This method will create the behavior object based on the given configuration. After that, the behavior object will be attached to this component by calling the [[Behavior::attach()]] method.
Parameters
- $name : string
-
the name of the behavior.
- $behavior : string|array<string|int, mixed>|Behavior
-
the behavior configuration. This can be one of the following:
- a [[Behavior]] object
- a string specifying the behavior class
- an object configuration array that will be passed to [[Yii::createObject()]] to create the behavior object.
Tags
Return values
Behavior —the behavior object
attachBehaviors()
Attaches a list of behaviors to the component.
public
attachBehaviors(array<string|int, mixed> $behaviors) : mixed
Each behavior is indexed by its name and should be a [[Behavior]] object, a string specifying the behavior class, or an configuration array for creating the behavior.
Parameters
- $behaviors : array<string|int, mixed>
-
list of behaviors to be attached to the component
Tags
authenticateClient()
Authenticate OAuth client directly at the provider without third party (user) involved, using 'client_credentials' grant type.
public
authenticateClient([array<string|int, mixed> $params = [] ]) : OAuthToken
Parameters
- $params : array<string|int, mixed> = []
-
additional request params.
Tags
Return values
OAuthToken —access token.
authenticateUser()
Authenticates user directly by 'username/password' pair, using 'password' grant type.
public
authenticateUser(string $username, string $password[, array<string|int, mixed> $params = [] ]) : OAuthToken
Parameters
- $username : string
-
user name.
- $password : string
-
user password.
- $params : array<string|int, mixed> = []
-
additional request params.
Tags
Return values
OAuthToken —access token.
authenticateUserJwt()
Authenticates user directly using JSON Web Token (JWT).
public
authenticateUserJwt(string $username[, BaseMethod|array<string|int, mixed> $signature = null ][, array<string|int, mixed> $options = [] ][, array<string|int, mixed> $params = [] ]) : OAuthToken
Parameters
- $username : string
- $signature : BaseMethod|array<string|int, mixed> = null
-
signature method or its array configuration. If empty - [[signatureMethod]] will be used.
- $options : array<string|int, mixed> = []
-
additional options. Valid options are:
- header: array, additional JWS header parameters.
- payload: array, additional JWS payload (message or claim-set) parameters.
- signatureKey: string, signature key to be used, if not set - [[clientSecret]] will be used.
- $params : array<string|int, mixed> = []
-
additional request params.
Tags
Return values
OAuthToken —access token.
beforeApiRequestSend()
Handles [[Request::EVENT_BEFORE_SEND]] event.
public
beforeApiRequestSend(RequestEvent $event) : mixed
Applies [[accessToken]] to the request.
Parameters
- $event : RequestEvent
-
event instance.
Tags
behaviors()
Returns a list of behaviors that this component should behave as.
public
behaviors() : array<string|int, mixed>
Child classes may override this method to specify the behaviors they want to behave as.
The return value of this method should be an array of behavior objects or configurations indexed by behavior names. A behavior configuration can be either a string specifying the behavior class or an array of the following structure:
'behaviorName' => [
'class' => 'BehaviorClass',
'property1' => 'value1',
'property2' => 'value2',
]
Note that a behavior class must extend from [[Behavior]]. Behaviors can be attached using a name or anonymously. When a name is used as the array key, using this name, the behavior can later be retrieved using [[getBehavior()]] or be detached using [[detachBehavior()]]. Anonymous behaviors can not be retrieved or detached.
Behaviors declared in this method will be attached to the component automatically (on demand).
Return values
array<string|int, mixed> —the behavior configurations.
buildAuthUrl()
Composes user authorization URL.
public
buildAuthUrl([array<string|int, mixed> $params = [] ]) : string
Parameters
- $params : array<string|int, mixed> = []
-
additional auth GET params.
Return values
string —authorization URL.
canGetProperty()
Returns a value indicating whether a property can be read.
public
canGetProperty(string $name[, bool $checkVars = true ][, bool $checkBehaviors = true ]) : bool
A property can be read if:
- the class has a getter method associated with the specified name (in this case, property name is case-insensitive);
- the class has a member variable with the specified name (when
$checkVarsis true); - an attached behavior has a readable property of the given name (when
$checkBehaviorsis true).
Parameters
- $name : string
-
the property name
- $checkVars : bool = true
-
whether to treat member variables as properties
- $checkBehaviors : bool = true
-
whether to treat behaviors' properties as properties of this component
Tags
Return values
bool —whether the property can be read
canSetProperty()
Returns a value indicating whether a property can be set.
public
canSetProperty(string $name[, bool $checkVars = true ][, bool $checkBehaviors = true ]) : bool
A property can be written if:
- the class has a setter method associated with the specified name (in this case, property name is case-insensitive);
- the class has a member variable with the specified name (when
$checkVarsis true); - an attached behavior has a writable property of the given name (when
$checkBehaviorsis true).
Parameters
- $name : string
-
the property name
- $checkVars : bool = true
-
whether to treat member variables as properties
- $checkBehaviors : bool = true
-
whether to treat behaviors' properties as properties of this component
Tags
Return values
bool —whether the property can be written
className()
Returns the fully qualified name of this class.
public
static className() : string
Tags
Return values
string —the fully qualified name of this class.
createApiRequest()
Creates an HTTP request for the API call.
public
createApiRequest() : Request
The created request will be automatically processed adding access token parameters and signature before sending. You may use [[createRequest()]] to gain full control over request composition and execution.
Tags
Return values
Request —HTTP request instance.
createRequest()
Creates HTTP request instance.
public
createRequest() : Request
Tags
Return values
Request —HTTP request instance.
detachBehavior()
Detaches a behavior from the component.
public
detachBehavior(string $name) : Behavior|null
The behavior's [[Behavior::detach()]] method will be invoked.
Parameters
- $name : string
-
the behavior's name.
Return values
Behavior|null —the detached behavior. Null if the behavior does not exist.
detachBehaviors()
Detaches all behaviors from the component.
public
detachBehaviors() : mixed
ensureBehaviors()
Makes sure that the behaviors declared in [[behaviors()]] are attached to this component.
public
ensureBehaviors() : mixed
fetchAccessToken()
Fetches access token from authorization code.
public
fetchAccessToken(mixed $authCode[, array<string|int, mixed> $params = [] ]) : OAuthToken
Parameters
- $authCode : mixed
-
authorization code, usually comes at GET parameter 'code'.
- $params : array<string|int, mixed> = []
-
additional request params.
Return values
OAuthToken —access token.
getAccessToken()
public
getAccessToken() : OAuthToken
Return values
OAuthToken —auth token instance.
getBehavior()
Returns the named behavior object.
public
getBehavior(string $name) : Behavior|null
Parameters
- $name : string
-
the behavior name
Return values
Behavior|null —the behavior object, or null if the behavior does not exist
getBehaviors()
Returns all behaviors attached to this component.
public
getBehaviors() : array<string|int, Behavior>
Return values
array<string|int, Behavior> —list of behaviors attached to this component
getCache()
public
getCache() : Cache|null
Return values
Cache|null —the cache object, null - if not enabled.
getConfigParam()
Returns particular configuration parameter value.
public
getConfigParam(string $name[, mixed $default = null ]) : mixed
Parameters
- $name : string
-
configuration parameter name.
- $default : mixed = null
-
value to be returned if the configuration parameter isn't set.
Return values
mixed —configuration parameter value.
getConfigParams()
public
getConfigParams() : array<string|int, mixed>
Return values
array<string|int, mixed> —OpenID provider configuration parameters.
getHttpClient()
Returns HTTP client.
public
getHttpClient() : Client
Tags
Return values
Client —internal HTTP client.
getId()
public
getId() : string
Return values
string —service id
getName()
public
getName() : string
Return values
string —service name.
getNormalizeUserAttributeMap()
public
getNormalizeUserAttributeMap() : array<string|int, mixed>
Return values
array<string|int, mixed> —normalize user attribute map.
getRequestOptions()
public
getRequestOptions() : array<string|int, mixed>
Tags
Return values
array<string|int, mixed> —HTTP request options.
getReturnUrl()
public
getReturnUrl() : string
Return values
string —return URL.
getSignatureMethod()
public
getSignatureMethod() : BaseMethod
Return values
BaseMethod —signature method instance.
getStateStorage()
public
getStateStorage() : StateStorageInterface
Return values
StateStorageInterface —stage storage.
getTitle()
public
getTitle() : string
Return values
string —service title.
getUserAttributes()
public
getUserAttributes() : array<string|int, mixed>
Return values
array<string|int, mixed> —list of user attributes
getValidateAuthNonce()
public
getValidateAuthNonce() : bool
Return values
bool —whether to use and validate auth 'nonce' parameter in authentication flow.
getViewOptions()
public
getViewOptions() : array<string|int, mixed>
Return values
array<string|int, mixed> —view options in format: optionName => optionValue
hasEventHandlers()
Returns a value indicating whether there is any handler attached to the named event.
public
hasEventHandlers(string $name) : bool
Parameters
- $name : string
-
the event name
Return values
bool —whether there is any handler attached to the event.
hasMethod()
Returns a value indicating whether a method is defined.
public
hasMethod(string $name[, bool $checkBehaviors = true ]) : bool
A method is defined if:
- the class has a method with the specified name
- an attached behavior has a method with the given name (when
$checkBehaviorsis true).
Parameters
- $name : string
-
the property name
- $checkBehaviors : bool = true
-
whether to treat behaviors' methods as methods of this component
Return values
bool —whether the method is defined
hasProperty()
Returns a value indicating whether a property is defined for this component.
public
hasProperty(string $name[, bool $checkVars = true ][, bool $checkBehaviors = true ]) : bool
A property is defined if:
- the class has a getter or setter method associated with the specified name (in this case, property name is case-insensitive);
- the class has a member variable with the specified name (when
$checkVarsis true); - an attached behavior has a property of the given name (when
$checkBehaviorsis true).
Parameters
- $name : string
-
the property name
- $checkVars : bool = true
-
whether to treat member variables as properties
- $checkBehaviors : bool = true
-
whether to treat behaviors' properties as properties of this component
Tags
Return values
bool —whether the property is defined
init()
Initializes the object.
public
init() : mixed
This method is invoked at the end of the constructor after the object is initialized with the given configuration.
off()
Detaches an existing event handler from this component.
public
off(string $name[, callable|null $handler = null ]) : bool
This method is the opposite of [[on()]].
Note: in case wildcard pattern is passed for event name, only the handlers registered with this wildcard will be removed, while handlers registered with plain names matching this wildcard will remain.
Parameters
- $name : string
-
event name
- $handler : callable|null = null
-
the event handler to be removed. If it is null, all handlers attached to the named event will be removed.
Tags
Return values
bool —if a handler is found and detached
on()
Attaches an event handler to an event.
public
on(string $name, callable $handler[, mixed $data = null ][, bool $append = true ]) : mixed
The event handler must be a valid PHP callback. The following are some examples:
function ($event) { ... } // anonymous function
[$object, 'handleClick'] // $object->handleClick()
['Page', 'handleClick'] // Page::handleClick()
'handleClick' // global function handleClick()
The event handler must be defined with the following signature,
function ($event)
where $event is an [[Event]] object which includes parameters associated with the event.
Since 2.0.14 you can specify event name as a wildcard pattern:
$component->on('event.group.*', function ($event) {
Yii::trace($event->name . ' is triggered.');
});
Parameters
- $name : string
-
the event name
- $handler : callable
-
the event handler
- $data : mixed = null
-
the data to be passed to the event handler when the event is triggered. When the event handler is invoked, this data can be accessed via [[Event::data]].
- $append : bool = true
-
whether to append new event handler to the end of the existing handler list. If false, the new handler will be inserted at the beginning of the existing handler list.
Tags
refreshAccessToken()
Gets new auth token to replace expired one.
public
refreshAccessToken(OAuthToken $token) : OAuthToken
Parameters
- $token : OAuthToken
-
expired auth token.
Return values
OAuthToken —new auth token.
setAccessToken()
Sets access token to be used.
public
setAccessToken(array<string|int, mixed>|OAuthToken|null $token) : mixed
Parameters
- $token : array<string|int, mixed>|OAuthToken|null
-
access token or its configuration. Set to null to restore token from token store.
setCache()
Sets up a component to be used for caching.
public
setCache(Cache|array<string|int, mixed>|string|null $cache) : mixed
This can be one of the following:
- an application component ID (e.g.
cache) - a configuration array
- a [[\yii\caching\Cache]] object
When null is passed, it means caching is not enabled.
Parameters
- $cache : Cache|array<string|int, mixed>|string|null
-
the cache object or the ID of the cache application component.
setConfigParams()
Set the OpenID provider configuration manually, this will bypass the automatic discovery via the /.well-known/openid-configuration endpoint.
public
setConfigParams(array<string|int, mixed> $configParams) : mixed
Parameters
- $configParams : array<string|int, mixed>
-
OpenID provider configuration parameters.
Tags
setHttpClient()
Sets HTTP client to be used.
public
setHttpClient(mixed $httpClient) : mixed
Parameters
- $httpClient : mixed
-
internal HTTP client.
setId()
public
setId(string $id) : mixed
Parameters
- $id : string
-
service id.
setName()
public
setName(string $name) : mixed
Parameters
- $name : string
-
service name.
setNormalizeUserAttributeMap()
public
setNormalizeUserAttributeMap(array<string|int, mixed> $normalizeUserAttributeMap) : mixed
Parameters
- $normalizeUserAttributeMap : array<string|int, mixed>
-
normalize user attribute map.
setRequestOptions()
public
setRequestOptions(array<string|int, mixed> $options) : mixed
Parameters
- $options : array<string|int, mixed>
-
HTTP request options.
Tags
setReturnUrl()
public
setReturnUrl(string $returnUrl) : mixed
Parameters
- $returnUrl : string
-
return URL
setSignatureMethod()
Set signature method to be used.
public
setSignatureMethod(array<string|int, mixed>|BaseMethod $signatureMethod) : mixed
Parameters
- $signatureMethod : array<string|int, mixed>|BaseMethod
-
signature method instance or its array configuration.
Tags
setStateStorage()
public
setStateStorage(StateStorageInterface|array<string|int, mixed>|string $stateStorage) : mixed
Parameters
- $stateStorage : StateStorageInterface|array<string|int, mixed>|string
-
stage storage to be used.
setTitle()
public
setTitle(string $title) : mixed
Parameters
- $title : string
-
service title.
setUserAttributes()
public
setUserAttributes(array<string|int, mixed> $userAttributes) : mixed
Parameters
- $userAttributes : array<string|int, mixed>
-
list of user attributes
setValidateAuthNonce()
public
setValidateAuthNonce(bool $validateAuthNonce) : mixed
Parameters
- $validateAuthNonce : bool
-
whether to use and validate auth 'nonce' parameter in authentication flow.
setViewOptions()
public
setViewOptions(array<string|int, mixed> $viewOptions) : mixed
Parameters
- $viewOptions : array<string|int, mixed>
-
view options in format: optionName => optionValue
trigger()
Triggers an event.
public
trigger(string $name[, Event|null $event = null ]) : mixed
This method represents the happening of an event. It invokes all attached handlers for the event including class-level handlers.
Parameters
- $name : string
-
the event name
- $event : Event|null = null
-
the event instance. If not set, a default [[Event]] object will be created.
applyClientCredentialsToRequest()
Applies client credentials (e.g. [[clientId]] and [[clientSecret]]) to the HTTP request instance.
protected
applyClientCredentialsToRequest(mixed $request) : mixed
Parameters
- $request : mixed
-
HTTP request instance.
composeUrl()
Composes URL from base URL and GET params.
protected
composeUrl(string $url[, array<string|int, mixed> $params = [] ]) : string
Parameters
- $url : string
-
base URL.
- $params : array<string|int, mixed> = []
-
GET params.
Return values
string —composed URL.
createHttpClient()
Creates HTTP client instance from reference or configuration.
protected
createHttpClient(mixed $reference) : Client
Parameters
- $reference : mixed
-
component name or array configuration.
Return values
Client —HTTP client instance.
createSignatureMethod()
Creates signature method instance from its configuration.
protected
createSignatureMethod(array<string|int, mixed> $signatureMethodConfig) : BaseMethod
Parameters
- $signatureMethodConfig : array<string|int, mixed>
-
signature method configuration.
Return values
BaseMethod —signature method instance.
createToken()
Creates token from its configuration.
protected
createToken([array<string|int, mixed> $tokenConfig = [] ]) : OAuthToken
Parameters
- $tokenConfig : array<string|int, mixed> = []
-
token configuration.
Return values
OAuthToken —token instance.
defaultName()
Generates service name.
protected
defaultName() : string
Return values
string —service name.
defaultNormalizeUserAttributeMap()
Returns the default [[normalizeUserAttributeMap]] value.
protected
defaultNormalizeUserAttributeMap() : array<string|int, mixed>
Particular client may override this method in order to provide specific default map.
Return values
array<string|int, mixed> —normalize attribute map.
defaultRequestOptions()
Returns default HTTP request options.
protected
defaultRequestOptions() : array<string|int, mixed>
Return values
array<string|int, mixed> —HTTP request options.
defaultReturnUrl()
Composes default [[returnUrl]] value.
protected
defaultReturnUrl() : string
Return values
string —return URL.
defaultTitle()
Generates service title.
protected
defaultTitle() : string
Return values
string —service title.
defaultViewOptions()
Returns the default [[viewOptions]] value.
protected
defaultViewOptions() : array<string|int, mixed>
Particular client may override this method in order to provide specific default view options.
Return values
array<string|int, mixed> —list of default [[viewOptions]]
discoverConfig()
Discovers OpenID Provider configuration parameters.
protected
discoverConfig() : array<string|int, mixed>
Tags
Return values
array<string|int, mixed> —OpenID Provider configuration parameters.
generateAuthNonce()
Generates the auth nonce value.
protected
generateAuthNonce() : string
Return values
string —auth nonce value.
generateAuthState()
Generates the auth state value.
protected
generateAuthState() : string
Tags
Return values
string —auth state value.
getJwkSet()
Return JwkSet, returning related data.
protected
getJwkSet() : JWKSet
Tags
Return values
JWKSet —object represents a key set.
getJwsLoader()
Return JWSLoader that validate the JWS token.
protected
getJwsLoader() : JWSLoader
Tags
Return values
JWSLoader —to do token validation.
getState()
Returns persistent state value.
protected
getState(string $key) : mixed
Parameters
- $key : string
-
state key.
Return values
mixed —state value.
getStateKeyPrefix()
Returns session key prefix, which is used to store internal states.
protected
getStateKeyPrefix() : string
Return values
string —session key prefix.
initUserAttributes()
Initializes authenticated user attributes.
protected
initUserAttributes() : array<string|int, mixed>
Return values
array<string|int, mixed> —auth user attributes.
loadJws()
Decrypts/validates JWS, returning related data.
protected
loadJws(string $jws) : array<string|int, mixed>
Parameters
- $jws : string
-
raw JWS input.
Tags
Return values
array<string|int, mixed> —JWS underlying data.
normalizeUserAttributes()
Normalize given user attributes according to [[normalizeUserAttributeMap]].
protected
normalizeUserAttributes(array<string|int, mixed> $attributes) : array<string|int, mixed>
Parameters
- $attributes : array<string|int, mixed>
-
raw attributes.
Tags
Return values
array<string|int, mixed> —normalized attributes.
removeState()
Removes persistent state value.
protected
removeState(string $key) : bool
Parameters
- $key : string
-
state key.
Return values
bool —success.
restoreAccessToken()
Restores access token.
protected
restoreAccessToken() : OAuthToken
Return values
OAuthToken —auth token.
saveAccessToken()
Saves token as persistent state.
protected
saveAccessToken(OAuthToken|null $token) : $this
Parameters
- $token : OAuthToken|null
-
auth token to be saved.
Return values
$this —the object itself.
sendRequest()
Sends the given HTTP request, returning response data.
protected
sendRequest(Request $request) : array<string|int, mixed>|string|null
Parameters
- $request : Request
-
HTTP request to be sent.
Tags
Return values
array<string|int, mixed>|string|null —response data.
setState()
Sets persistent state.
protected
setState(string $key, mixed $value) : $this
Parameters
- $key : string
-
state key.
- $value : mixed
-
state value
Return values
$this —the object itself
validateClaims()
Validates the claims data received from OpenID provider.
protected
validateClaims(array<string|int, mixed> $claims) : mixed
Parameters
- $claims : array<string|int, mixed>
-
claims data.
Tags
attachBehaviorInternal()
Attaches a behavior to this component.
private
attachBehaviorInternal(string|int $name, string|array<string|int, mixed>|Behavior $behavior) : Behavior
Parameters
- $name : string|int
-
the name of the behavior. If this is an integer, it means the behavior is an anonymous one. Otherwise, the behavior is a named one and any existing behavior with the same name will be detached first.
- $behavior : string|array<string|int, mixed>|Behavior
-
the behavior to be attached
Return values
Behavior —the attached behavior.