Class yii\authclient\OpenIdConnect

Inheritanceyii\authclient\OpenIdConnect » yii\authclient\OAuth2 » yii\authclient\BaseOAuth » yii\authclient\BaseClient » yii\base\Component » yii\base\BaseObject
Implementsyii\authclient\ClientInterface, yii\base\Configurable
Available since version2.1.3
Source Code https://github.com/yiisoft/yii2-authclient/blob/master/OpenIdConnect.php

OpenIdConnect serves as a client for the OpenIdConnect flow.

Application configuration example:

'components' => [
    'authClientCollection' => [
        'class' => 'yii\authclient\Collection',
        'clients' => [
            'google' => [
                'class' => 'yii\authclient\OpenIdConnect',
                'issuerUrl' => 'https://accounts.google.com',
                'clientId' => 'google_client_id',
                'clientSecret' => 'google_client_secret',
                'name' => 'google',
                'title' => 'Google OpenID Connect',
            ],
        ],
    ]
    // ...
]

This class requires web-token/jwt-checker,web-token/jwt-key-mgmt, web-token/jwt-signature, web-token/jwt-signature-algorithm-hmac, web-token/jwt-signature-algorithm-ecdsa and web-token/jwt-signature-algorithm-rsa libraries to be installed for JWS verification. This can be done via composer:

composer require --prefer-dist "web-token/jwt-checker:>=1.0 <3.0" "web-token/jwt-signature:>=1.0 <3.0"
"web-token/jwt-signature:>=1.0 <3.0" "web-token/jwt-signature-algorithm-hmac:>=1.0 <3.0"
"web-token/jwt-signature-algorithm-ecdsa:>=1.0 <3.0" "web-token/jwt-signature-algorithm-rsa:>=1.0 <3.0"

Note: if you are using well-trusted OpenIdConnect provider, you may disable $validateJws, making installation of web-token library redundant, however it is not recommended as it violates the protocol specification.

See also:

Public Properties

Hide inherited properties

Property Type Description Defined By
$accessToken yii\authclient\OAuthToken Auth token instance. yii\authclient\BaseOAuth
$allowedJwsAlgorithms array JWS algorithms, which are allowed to be used. yii\authclient\OpenIdConnect
$apiBaseUrl string API base URL. yii\authclient\BaseOAuth
$authUrl string Authorize URL. yii\authclient\BaseOAuth
$autoRefreshAccessToken boolean Whether to automatically perform 'refresh access token' request on expired access token. yii\authclient\BaseOAuth
$behaviors yii\base\Behavior[] List of behaviors attached to this component. yii\base\Component
$cache yii\caching\Cache|null The cache object, null - if not enabled. yii\authclient\OpenIdConnect
$clientId string OAuth client ID. yii\authclient\OAuth2
$clientSecret string OAuth client secret. yii\authclient\OAuth2
$configParams array OpenID provider configuration parameters. yii\authclient\OpenIdConnect
$configParamsCacheKeyPrefix string The prefix for the key used to store $configParams data in cache. yii\authclient\OpenIdConnect
$defaultIdTokenClaims array Predefined OpenID Connect Claims yii\authclient\OpenIdConnect
$enablePkce boolean Whether to enable proof key for code exchange (PKCE) support and add a code_challenge and code_verifier to the auth request. yii\authclient\OAuth2
$httpClient yii\httpclient\Client Internal HTTP client. yii\authclient\BaseClient
$id string Service id. yii\authclient\BaseClient
$issuerUrl string OpenID Issuer (provider) base URL, e.g. https://example.com. yii\authclient\OpenIdConnect
$name string Service name. yii\authclient\BaseClient
$normalizeUserAttributeMap array Normalize user attribute map. yii\authclient\BaseClient
$parametersToKeepInReturnUrl array List of the parameters to keep in default return url. yii\authclient\BaseOAuth
$requestOptions array HTTP request options. yii\authclient\BaseClient
$returnUrl string Return URL. yii\authclient\BaseOAuth
$scope string Auth request scope. yii\authclient\OpenIdConnect
$signatureMethod yii\authclient\signature\BaseMethod Signature method instance. yii\authclient\BaseOAuth
$stateStorage yii\authclient\StateStorageInterface Stage storage. yii\authclient\BaseClient
$title string Service title. yii\authclient\BaseClient
$tokenUrl string Token request URL endpoint. yii\authclient\OAuth2
$userAttributes array List of user attributes. yii\authclient\BaseClient
$validateAuthNonce boolean Whether to use and validate auth 'nonce' parameter in authentication flow. yii\authclient\OpenIdConnect
$validateAuthState boolean Whether to use and validate auth 'state' parameter in authentication flow. yii\authclient\OAuth2
$validateJws boolean Whether to validate/decrypt JWS received with Auth token. yii\authclient\OpenIdConnect
$version string Protocol version. yii\authclient\OAuth2
$viewOptions array View options in format: optionName => optionValue. yii\authclient\BaseClient

Public Methods

Hide inherited methods

Method Description Defined By
__call() Calls the named method which is not a class method. yii\base\Component
__clone() This method is called after the object is created by cloning an existing one. yii\base\Component
__construct() Constructor. yii\base\BaseObject
__get() Returns the value of a component property. yii\base\Component
__isset() Checks if a property is set, i.e. defined and not null. yii\base\Component
__set() Sets the value of a component property. yii\base\Component
__unset() Sets a component property to be null. yii\base\Component
api() Performs request to the OAuth API returning response data. yii\authclient\BaseOAuth
applyAccessTokenToRequest() Applies access token to the HTTP request instance. yii\authclient\OpenIdConnect
attachBehavior() Attaches a behavior to this component. yii\base\Component
attachBehaviors() Attaches a list of behaviors to the component. yii\base\Component
authenticateClient() Authenticate OAuth client directly at the provider without third party (user) involved, using 'client_credentials' grant type. yii\authclient\OAuth2
authenticateUser() Authenticates user directly by 'username/password' pair, using 'password' grant type. yii\authclient\OAuth2
authenticateUserJwt() Authenticates user directly using JSON Web Token (JWT). yii\authclient\OAuth2
beforeApiRequestSend() Handles yii\httpclient\Request::EVENT_BEFORE_SEND event. yii\authclient\BaseOAuth
behaviors() Returns a list of behaviors that this component should behave as. yii\base\Component
buildAuthUrl() Composes user authorization URL. yii\authclient\OpenIdConnect
canGetProperty() Returns a value indicating whether a property can be read. yii\base\Component
canSetProperty() Returns a value indicating whether a property can be set. yii\base\Component
className() Returns the fully qualified name of this class. yii\base\BaseObject
createApiRequest() Creates an HTTP request for the API call. yii\authclient\BaseOAuth
createRequest() Creates HTTP request instance. yii\authclient\BaseClient
detachBehavior() Detaches a behavior from the component. yii\base\Component
detachBehaviors() Detaches all behaviors from the component. yii\base\Component
ensureBehaviors() Makes sure that the behaviors declared in behaviors() are attached to this component. yii\base\Component
fetchAccessToken() Fetches access token from authorization code. yii\authclient\OpenIdConnect
getAccessToken() yii\authclient\BaseOAuth
getBehavior() Returns the named behavior object. yii\base\Component
getBehaviors() Returns all behaviors attached to this component. yii\base\Component
getCache() yii\authclient\OpenIdConnect
getConfigParam() Returns particular configuration parameter value. yii\authclient\OpenIdConnect
getConfigParams() yii\authclient\OpenIdConnect
getHttpClient() Returns HTTP client. yii\authclient\BaseClient
getId() yii\authclient\BaseClient
getName() yii\authclient\BaseClient
getNormalizeUserAttributeMap() yii\authclient\BaseClient
getRequestOptions() yii\authclient\BaseClient
getReturnUrl() yii\authclient\BaseOAuth
getSignatureMethod() yii\authclient\BaseOAuth
getStateStorage() yii\authclient\BaseClient
getTitle() yii\authclient\BaseClient
getUserAttributes() yii\authclient\BaseClient
getValidateAuthNonce() yii\authclient\OpenIdConnect
getViewOptions() yii\authclient\BaseClient
hasEventHandlers() Returns a value indicating whether there is any handler attached to the named event. yii\base\Component
hasMethod() Returns a value indicating whether a method is defined. yii\base\Component
hasProperty() Returns a value indicating whether a property is defined for this component. yii\base\Component
init() Initializes the object. yii\base\BaseObject
off() Detaches an existing event handler from this component. yii\base\Component
on() Attaches an event handler to an event. yii\base\Component
refreshAccessToken() Gets new auth token to replace expired one. yii\authclient\OpenIdConnect
setAccessToken() Sets access token to be used. yii\authclient\BaseOAuth
setCache() Sets up a component to be used for caching. yii\authclient\OpenIdConnect
setConfigParams() Set the OpenID provider configuration manually, this will bypass the automatic discovery via the /.well-known/openid-configuration endpoint. yii\authclient\OpenIdConnect
setHttpClient() Sets HTTP client to be used. yii\authclient\BaseOAuth
setId() yii\authclient\BaseClient
setName() yii\authclient\BaseClient
setNormalizeUserAttributeMap() yii\authclient\BaseClient
setRequestOptions() yii\authclient\BaseClient
setReturnUrl() yii\authclient\BaseOAuth
setSignatureMethod() Set signature method to be used. yii\authclient\BaseOAuth
setStateStorage() yii\authclient\BaseClient
setTitle() yii\authclient\BaseClient
setUserAttributes() yii\authclient\BaseClient
setValidateAuthNonce() yii\authclient\OpenIdConnect
setViewOptions() yii\authclient\BaseClient
trigger() Triggers an event. yii\base\Component

Protected Methods

Hide inherited methods

Method Description Defined By
applyClientCredentialsToRequest() Applies client credentials (e.g. $clientId and $clientSecret) to the HTTP request instance. yii\authclient\OpenIdConnect
composeUrl() Composes URL from base URL and GET params. yii\authclient\BaseOAuth
createHttpClient() Creates HTTP client instance from reference or configuration. yii\authclient\BaseOAuth
createSignatureMethod() Creates signature method instance from its configuration. yii\authclient\BaseOAuth
createToken() Creates token from its configuration. yii\authclient\OpenIdConnect
defaultName() Generates service name. yii\authclient\BaseClient
defaultNormalizeUserAttributeMap() Returns the default $normalizeUserAttributeMap value. yii\authclient\BaseClient
defaultRequestOptions() Returns default HTTP request options. yii\authclient\BaseOAuth
defaultReturnUrl() Composes default $returnUrl value. yii\authclient\BaseOAuth
defaultTitle() Generates service title. yii\authclient\BaseClient
defaultViewOptions() Returns the default $viewOptions value. yii\authclient\BaseClient
discoverConfig() Discovers OpenID Provider configuration parameters. yii\authclient\OpenIdConnect
generateAuthNonce() Generates the auth nonce value. yii\authclient\OpenIdConnect
generateAuthState() Generates the auth state value. yii\authclient\OAuth2
getJwkSet() Return JwkSet, returning related data. yii\authclient\OpenIdConnect
getJwsLoader() Return JWSLoader that validate the JWS token. yii\authclient\OpenIdConnect
getState() Returns persistent state value. yii\authclient\BaseClient
getStateKeyPrefix() Returns session key prefix, which is used to store internal states. yii\authclient\BaseClient
initUserAttributes() Initializes authenticated user attributes. yii\authclient\OpenIdConnect
loadJws() Decrypts/validates JWS, returning related data. yii\authclient\OpenIdConnect
normalizeUserAttributes() Normalize given user attributes according to $normalizeUserAttributeMap. yii\authclient\BaseClient
removeState() Removes persistent state value. yii\authclient\BaseClient
restoreAccessToken() Restores access token. yii\authclient\BaseOAuth
saveAccessToken() Saves token as persistent state. yii\authclient\BaseOAuth
sendRequest() Sends the given HTTP request, returning response data. yii\authclient\BaseOAuth
setState() Sets persistent state. yii\authclient\BaseClient
validateClaims() Validates the claims data received from OpenID provider. yii\authclient\OpenIdConnect

Property Details

Hide inherited properties

$allowedJwsAlgorithms public property

JWS algorithms, which are allowed to be used. These are used by web-token library for JWS validation/decryption. Make sure to install web-token/jwt-signature-algorithm-hmac, web-token/jwt-signature-algorithm-ecdsa and web-token/jwt-signature-algorithm-rsa packages that support the particular algorithm before adding it here.

public array $allowedJwsAlgorithms = [
    
'HS256',
    
'HS384',
    
'HS512',
    
'ES256',
    
'ES384',
    
'ES512',
    
'RS256',
    
'RS384',
    
'RS512',
    
'PS256',
    
'PS384',
    
'PS512',
]
$cache public property

The cache object, null - if not enabled. Note that the type of this property differs in getter and setter. See getCache() and setCache() for details.

$configParams public property

OpenID provider configuration parameters.

public array $configParams null
$configParamsCacheKeyPrefix public property

The prefix for the key used to store $configParams data in cache. Actual cache key will be formed addition $id value to it.

See also $cache.

public string $configParamsCacheKeyPrefix 'config-params-'
$defaultIdTokenClaims public property (available since version 2.2.12)

Predefined OpenID Connect Claims

See also https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.2.

public array $defaultIdTokenClaims = [
    
'iss',
    
'sub',
    
'aud',
    
'exp',
    
'iat',
    
'auth_time',
    
'nonce',
    
'acr',
    
'amr',
    
'azp',
]
$issuerUrl public property

OpenID Issuer (provider) base URL, e.g. https://example.com.

public string $issuerUrl null
$scope public property

Auth request scope.

public string $scope 'openid'
$validateAuthNonce public property

Whether to use and validate auth 'nonce' parameter in authentication flow.

$validateJws public property

Whether to validate/decrypt JWS received with Auth token. Note: this functionality requires web-token/jwt-checker, web-token/jwt-key-mgmt, web-token/jwt-signature composer package to be installed. You can disable this option in case of usage of trusted OpenIDConnect provider, however this violates the protocol rules, so you are doing it on your own risk.

public boolean $validateJws true

Method Details

Hide inherited methods

__call() public method

Defined in: yii\base\Component::__call()

Calls the named method which is not a class method.

This method will check if any attached behavior has the named method and will execute it if available.

Do not call this method directly as it is a PHP magic method that will be implicitly called when an unknown method is being invoked.

public mixed __call ( $name, $params )
$name string

The method name

$params array

Method parameters

return mixed

The method return value

throws yii\base\UnknownMethodException

when calling unknown method

                public function __call($name, $params)
{
    $this->ensureBehaviors();
    foreach ($this->_behaviors as $object) {
        if ($object->hasMethod($name)) {
            return call_user_func_array([$object, $name], $params);
        }
    }
    throw new UnknownMethodException('Calling unknown method: ' . get_class($this) . "::$name()");
}

            
__clone() public method

Defined in: yii\base\Component::__clone()

This method is called after the object is created by cloning an existing one.

It removes all behaviors because they are attached to the old object.

public void __clone ( )

                public function __clone()
{
    $this->_events = [];
    $this->_eventWildcards = [];
    $this->_behaviors = null;
}

            
__construct() public method

Defined in: yii\base\BaseObject::__construct()

Constructor.

The default implementation does two things:

  • Initializes the object with the given configuration $config.
  • Call init().

If this method is overridden in a child class, it is recommended that

  • the last parameter of the constructor is a configuration array, like $config here.
  • call the parent implementation at the end of the constructor.
public void __construct ( $config = [] )
$config array

Name-value pairs that will be used to initialize the object properties

                public function __construct($config = [])
{
    if (!empty($config)) {
        Yii::configure($this, $config);
    }
    $this->init();
}

            
__get() public method

Defined in: yii\base\Component::__get()

Returns the value of a component property.

This method will check in the following order and act accordingly:

  • a property defined by a getter: return the getter result
  • a property of a behavior: return the behavior property value

Do not call this method directly as it is a PHP magic method that will be implicitly called when executing $value = $component->property;.

See also __set().

public mixed __get ( $name )
$name string

The property name

return mixed

The property value or the value of a behavior's property

throws yii\base\UnknownPropertyException

if the property is not defined

throws yii\base\InvalidCallException

if the property is write-only.

                public function __get($name)
{
    $getter = 'get' . $name;
    if (method_exists($this, $getter)) {
        // read property, e.g. getName()
        return $this->$getter();
    }
    // behavior property
    $this->ensureBehaviors();
    foreach ($this->_behaviors as $behavior) {
        if ($behavior->canGetProperty($name)) {
            return $behavior->$name;
        }
    }
    if (method_exists($this, 'set' . $name)) {
        throw new InvalidCallException('Getting write-only property: ' . get_class($this) . '::' . $name);
    }
    throw new UnknownPropertyException('Getting unknown property: ' . get_class($this) . '::' . $name);
}

            
__isset() public method

Defined in: yii\base\Component::__isset()

Checks if a property is set, i.e. defined and not null.

This method will check in the following order and act accordingly:

  • a property defined by a setter: return whether the property is set
  • a property of a behavior: return whether the property is set
  • return false for non existing properties

Do not call this method directly as it is a PHP magic method that will be implicitly called when executing isset($component->property).

See also https://www.php.net/manual/en/function.isset.php.

public boolean __isset ( $name )
$name string

The property name or the event name

return boolean

Whether the named property is set

                public function __isset($name)
{
    $getter = 'get' . $name;
    if (method_exists($this, $getter)) {
        return $this->$getter() !== null;
    }
    // behavior property
    $this->ensureBehaviors();
    foreach ($this->_behaviors as $behavior) {
        if ($behavior->canGetProperty($name)) {
            return $behavior->$name !== null;
        }
    }
    return false;
}

            
__set() public method

Defined in: yii\base\Component::__set()

Sets the value of a component property.

This method will check in the following order and act accordingly:

  • a property defined by a setter: set the property value
  • an event in the format of "on xyz": attach the handler to the event "xyz"
  • a behavior in the format of "as xyz": attach the behavior named as "xyz"
  • a property of a behavior: set the behavior property value

Do not call this method directly as it is a PHP magic method that will be implicitly called when executing $component->property = $value;.

See also __get().

public void __set ( $name, $value )
$name string

The property name or the event name

$value mixed

The property value

throws yii\base\UnknownPropertyException

if the property is not defined

throws yii\base\InvalidCallException

if the property is read-only.

                public function __set($name, $value)
{
    $setter = 'set' . $name;
    if (method_exists($this, $setter)) {
        // set property
        $this->$setter($value);
        return;
    } elseif (strncmp($name, 'on ', 3) === 0) {
        // on event: attach event handler
        $this->on(trim(substr($name, 3)), $value);
        return;
    } elseif (strncmp($name, 'as ', 3) === 0) {
        // as behavior: attach behavior
        $name = trim(substr($name, 3));
        $this->attachBehavior($name, $value instanceof Behavior ? $value : Yii::createObject($value));
        return;
    }
    // behavior property
    $this->ensureBehaviors();
    foreach ($this->_behaviors as $behavior) {
        if ($behavior->canSetProperty($name)) {
            $behavior->$name = $value;
            return;
        }
    }
    if (method_exists($this, 'get' . $name)) {
        throw new InvalidCallException('Setting read-only property: ' . get_class($this) . '::' . $name);
    }
    throw new UnknownPropertyException('Setting unknown property: ' . get_class($this) . '::' . $name);
}

            
__unset() public method

Defined in: yii\base\Component::__unset()

Sets a component property to be null.

This method will check in the following order and act accordingly:

  • a property defined by a setter: set the property value to be null
  • a property of a behavior: set the property value to be null

Do not call this method directly as it is a PHP magic method that will be implicitly called when executing unset($component->property).

See also https://www.php.net/manual/en/function.unset.php.

public void __unset ( $name )
$name string

The property name

throws yii\base\InvalidCallException

if the property is read only.

                public function __unset($name)
{
    $setter = 'set' . $name;
    if (method_exists($this, $setter)) {
        $this->$setter(null);
        return;
    }
    // behavior property
    $this->ensureBehaviors();
    foreach ($this->_behaviors as $behavior) {
        if ($behavior->canSetProperty($name)) {
            $behavior->$name = null;
            return;
        }
    }
    throw new InvalidCallException('Unsetting an unknown or read-only property: ' . get_class($this) . '::' . $name);
}

            
api() public method

Defined in: yii\authclient\BaseOAuth::api()

Performs request to the OAuth API returning response data.

You may use createApiRequest() method instead, gaining more control over request execution.

See also createApiRequest().

public array api ( $apiSubUrl, $method 'GET', $data = [], $headers = [] )
$apiSubUrl string|array

API sub URL, which will be append to $apiBaseUrl, or absolute API URL.

$method string

Request method.

$data array|string

Request data or content.

$headers array

Additional request headers.

return array

API response data.

                public function api($apiSubUrl, $method = 'GET', $data = [], $headers = [])
{
    $request = $this->createApiRequest()
        ->setMethod($method)
        ->setUrl($apiSubUrl)
        ->addHeaders($headers);
    if (!empty($data)) {
        if (is_array($data)) {
            $request->setData($data);
        } else {
            $request->setContent($data);
        }
    }
    return $this->sendRequest($request);
}

            
applyAccessTokenToRequest() public method (available since version 2.1)

Applies access token to the HTTP request instance.

public void applyAccessTokenToRequest ( $request, $accessToken )
$request yii\httpclient\Request

HTTP request instance.

$accessToken yii\authclient\OAuthToken

Access token instance.

                public function applyAccessTokenToRequest($request, $accessToken)
{
    // OpenID Connect requires bearer token auth for the user info endpoint
    $request->getHeaders()->set('Authorization', 'Bearer ' . $accessToken->getToken());
}

            
applyClientCredentialsToRequest() protected method (available since version 2.1.3)

Applies client credentials (e.g. $clientId and $clientSecret) to the HTTP request instance.

This method should be invoked before sending any HTTP request, which requires client credentials.

protected void applyClientCredentialsToRequest ( $request )
$request yii\httpclient\Request

HTTP request instance.

                protected function applyClientCredentialsToRequest($request)
{
    $supportedAuthMethods = $this->getConfigParam('token_endpoint_auth_methods_supported', 'client_secret_basic');
    if (in_array('client_secret_basic', $supportedAuthMethods)) {
        $request->addHeaders([
            'Authorization' => 'Basic ' . base64_encode($this->clientId . ':' . $this->clientSecret)
        ]);
    } elseif (in_array('client_secret_post', $supportedAuthMethods)) {
        $request->addData([
            'client_id' => $this->clientId,
            'client_secret' => $this->clientSecret,
        ]);
    } elseif (in_array('client_secret_jwt', $supportedAuthMethods)) {
        $header = [
            'typ' => 'JWT',
            'alg' => 'HS256',
        ];
        $payload = [
            'iss' => $this->clientId,
            'sub' => $this->clientId,
            'aud' => $this->tokenUrl,
            'jti' => $this->generateAuthNonce(),
            'iat' => time(),
            'exp' => time() + 3600,
        ];
        $signatureBaseString = base64_encode(Json::encode($header)) . '.' . base64_encode(Json::encode($payload));
        $signatureMethod = new HmacSha(['algorithm' => 'sha256']);
        $signature = $signatureMethod->generateSignature($signatureBaseString, $this->clientSecret);
        $assertion = $signatureBaseString . '.' . $signature;
        $request->addData([
            'assertion' => $assertion,
        ]);
    } else {
        throw new InvalidConfigException('Unable to authenticate request: none of following auth methods is suported: ' . implode(', ', $supportedAuthMethods));
    }
}

            
attachBehavior() public method

Defined in: yii\base\Component::attachBehavior()

Attaches a behavior to this component.

This method will create the behavior object based on the given configuration. After that, the behavior object will be attached to this component by calling the yii\base\Behavior::attach() method.

See also detachBehavior().

public yii\base\Behavior attachBehavior ( $name, $behavior )
$name string

The name of the behavior.

$behavior string|array|yii\base\Behavior

The behavior configuration. This can be one of the following:

return yii\base\Behavior

The behavior object

                public function attachBehavior($name, $behavior)
{
    $this->ensureBehaviors();
    return $this->attachBehaviorInternal($name, $behavior);
}

            
attachBehaviors() public method

Defined in: yii\base\Component::attachBehaviors()

Attaches a list of behaviors to the component.

Each behavior is indexed by its name and should be a yii\base\Behavior object, a string specifying the behavior class, or an configuration array for creating the behavior.

See also attachBehavior().

public void attachBehaviors ( $behaviors )
$behaviors array

List of behaviors to be attached to the component

                public function attachBehaviors($behaviors)
{
    $this->ensureBehaviors();
    foreach ($behaviors as $name => $behavior) {
        $this->attachBehaviorInternal($name, $behavior);
    }
}

            
authenticateClient() public method (available since version 2.1.0)

Defined in: yii\authclient\OAuth2::authenticateClient()

Authenticate OAuth client directly at the provider without third party (user) involved, using 'client_credentials' grant type.

See also https://tools.ietf.org/html/rfc6749#section-4.4.

public yii\authclient\OAuthToken authenticateClient ( $params = [] )
$params array

Additional request params.

return yii\authclient\OAuthToken

Access token.

                public function authenticateClient($params = [])
{
    $defaultParams = [
        'grant_type' => 'client_credentials',
    ];
    if (!empty($this->scope)) {
        $defaultParams['scope'] = $this->scope;
    }
    $request = $this->createRequest()
        ->setMethod('POST')
        ->setUrl($this->tokenUrl)
        ->setData(array_merge($defaultParams, $params));
    $this->applyClientCredentialsToRequest($request);
    $response = $this->sendRequest($request);
    $token = $this->createToken(['params' => $response]);
    $this->setAccessToken($token);
    return $token;
}

            
authenticateUser() public method (available since version 2.1.0)

Defined in: yii\authclient\OAuth2::authenticateUser()

Authenticates user directly by 'username/password' pair, using 'password' grant type.

See also https://tools.ietf.org/html/rfc6749#section-4.3.

public yii\authclient\OAuthToken authenticateUser ( $username, $password, $params = [] )
$username string

User name.

$password string

User password.

$params array

Additional request params.

return yii\authclient\OAuthToken

Access token.

                public function authenticateUser($username, $password, $params = [])
{
    $defaultParams = [
        'grant_type' => 'password',
        'username' => $username,
        'password' => $password,
    ];
    if (!empty($this->scope)) {
        $defaultParams['scope'] = $this->scope;
    }
    $request = $this->createRequest()
        ->setMethod('POST')
        ->setUrl($this->tokenUrl)
        ->setData(array_merge($defaultParams, $params));
    $this->applyClientCredentialsToRequest($request);
    $response = $this->sendRequest($request);
    $token = $this->createToken(['params' => $response]);
    $this->setAccessToken($token);
    return $token;
}

            
authenticateUserJwt() public method (available since version 2.1.3)

Defined in: yii\authclient\OAuth2::authenticateUserJwt()

Authenticates user directly using JSON Web Token (JWT).

See also https://tools.ietf.org/html/rfc7515.

public yii\authclient\OAuthToken authenticateUserJwt ( $username, $signature null, $options = [], $params = [] )
$username string
$signature yii\authclient\signature\BaseMethod|array

Signature method or its array configuration. If empty - $signatureMethod will be used.

$options array

Additional options. Valid options are:

  • header: array, additional JWS header parameters.
  • payload: array, additional JWS payload (message or claim-set) parameters.
  • signatureKey: string, signature key to be used, if not set - $clientSecret will be used.
$params array

Additional request params.

return yii\authclient\OAuthToken

Access token.

                public function authenticateUserJwt($username, $signature = null, $options = [], $params = [])
{
    if (empty($signature)) {
        $signatureMethod = $this->getSignatureMethod();
    } elseif (is_object($signature)) {
        $signatureMethod = $signature;
    } else {
        $signatureMethod = $this->createSignatureMethod($signature);
    }
    $header = isset($options['header']) ? $options['header'] : [];
    $payload = isset($options['payload']) ? $options['payload'] : [];
    $header = array_merge([
        'typ' => 'JWT'
    ], $header);
    if (!isset($header['alg'])) {
        $signatureName = $signatureMethod->getName();
        if (preg_match('/^([a-z])[a-z]*\-([a-z])[a-z]*([0-9]+)$/is', $signatureName, $matches)) {
            // convert 'RSA-SHA256' to 'RS256' :
            $signatureName = $matches[1] . $matches[2] . $matches[3];
        }
        $header['alg'] = $signatureName;
    }
    $payload = array_merge([
        'iss' => $username,
        'scope' => $this->scope,
        'aud' => $this->tokenUrl,
        'iat' => time(),
    ], $payload);
    if (!isset($payload['exp'])) {
        $payload['exp'] = $payload['iat'] + 3600;
    }
    $signatureBaseString = base64_encode(Json::encode($header)) . '.' . base64_encode(Json::encode($payload));
    $signatureKey = isset($options['signatureKey']) ? $options['signatureKey'] : $this->clientSecret;
    $signature = $signatureMethod->generateSignature($signatureBaseString, $signatureKey);
    $assertion = $signatureBaseString . '.' . $signature;
    $request = $this->createRequest()
        ->setMethod('POST')
        ->setUrl($this->tokenUrl)
        ->setData(array_merge([
            'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer',
            'assertion' => $assertion,
        ], $params));
    $response = $this->sendRequest($request);
    $token = $this->createToken(['params' => $response]);
    $this->setAccessToken($token);
    return $token;
}

            
beforeApiRequestSend() public method (available since version 2.1)
public void beforeApiRequestSend ( $event )
$event yii\httpclient\RequestEvent

Event instance.

throws yii\base\Exception

on invalid access token.

                public function beforeApiRequestSend($event)
{
    $accessToken = $this->getAccessToken();
    if (!is_object($accessToken) || (!$accessToken->getIsValid() && !$this->autoRefreshAccessToken)) {
        throw new Exception('Invalid access token.');
    } elseif ($accessToken->getIsExpired() && $this->autoRefreshAccessToken) {
        $accessToken = $this->refreshAccessToken($accessToken);
    }
    $this->applyAccessTokenToRequest($event->request, $accessToken);
}

            
behaviors() public method

Defined in: yii\base\Component::behaviors()

Returns a list of behaviors that this component should behave as.

Child classes may override this method to specify the behaviors they want to behave as.

The return value of this method should be an array of behavior objects or configurations indexed by behavior names. A behavior configuration can be either a string specifying the behavior class or an array of the following structure:

'behaviorName' => [
    'class' => 'BehaviorClass',
    'property1' => 'value1',
    'property2' => 'value2',
]

Note that a behavior class must extend from yii\base\Behavior. Behaviors can be attached using a name or anonymously. When a name is used as the array key, using this name, the behavior can later be retrieved using getBehavior() or be detached using detachBehavior(). Anonymous behaviors can not be retrieved or detached.

Behaviors declared in this method will be attached to the component automatically (on demand).

public array behaviors ( )
return array

The behavior configurations.

                public function behaviors()
{
    return [];
}

            
buildAuthUrl() public method

Composes user authorization URL.

public string buildAuthUrl ( array $params = [] )
$params array

Additional auth GET params.

return string

Authorization URL.

                public function buildAuthUrl(array $params = [])
{
    if ($this->authUrl === null) {
        $this->authUrl = $this->getConfigParam('authorization_endpoint');
    }
    if (!isset($params['nonce']) && $this->getValidateAuthNonce()) {
        $nonce = $this->generateAuthNonce();
        $this->setState('authNonce', $nonce);
        $params['nonce'] = $nonce;
    }
    return parent::buildAuthUrl($params);
}

            
canGetProperty() public method

Defined in: yii\base\Component::canGetProperty()

Returns a value indicating whether a property can be read.

A property can be read if:

  • the class has a getter method associated with the specified name (in this case, property name is case-insensitive);
  • the class has a member variable with the specified name (when $checkVars is true);
  • an attached behavior has a readable property of the given name (when $checkBehaviors is true).

See also canSetProperty().

public boolean canGetProperty ( $name, $checkVars true, $checkBehaviors true )
$name string

The property name

$checkVars boolean

Whether to treat member variables as properties

$checkBehaviors boolean

Whether to treat behaviors' properties as properties of this component

return boolean

Whether the property can be read

                public function canGetProperty($name, $checkVars = true, $checkBehaviors = true)
{
    if (method_exists($this, 'get' . $name) || $checkVars && property_exists($this, $name)) {
        return true;
    } elseif ($checkBehaviors) {
        $this->ensureBehaviors();
        foreach ($this->_behaviors as $behavior) {
            if ($behavior->canGetProperty($name, $checkVars)) {
                return true;
            }
        }
    }
    return false;
}

            
canSetProperty() public method

Defined in: yii\base\Component::canSetProperty()

Returns a value indicating whether a property can be set.

A property can be written if:

  • the class has a setter method associated with the specified name (in this case, property name is case-insensitive);
  • the class has a member variable with the specified name (when $checkVars is true);
  • an attached behavior has a writable property of the given name (when $checkBehaviors is true).

See also canGetProperty().

public boolean canSetProperty ( $name, $checkVars true, $checkBehaviors true )
$name string

The property name

$checkVars boolean

Whether to treat member variables as properties

$checkBehaviors boolean

Whether to treat behaviors' properties as properties of this component

return boolean

Whether the property can be written

                public function canSetProperty($name, $checkVars = true, $checkBehaviors = true)
{
    if (method_exists($this, 'set' . $name) || $checkVars && property_exists($this, $name)) {
        return true;
    } elseif ($checkBehaviors) {
        $this->ensureBehaviors();
        foreach ($this->_behaviors as $behavior) {
            if ($behavior->canSetProperty($name, $checkVars)) {
                return true;
            }
        }
    }
    return false;
}

            
className() public static method
Deprecated since 2.0.14. On PHP >=5.5, use ::class instead.

Defined in: yii\base\BaseObject::className()

Returns the fully qualified name of this class.

public static string className ( )
return string

The fully qualified name of this class.

                public static function className()
{
    return get_called_class();
}

            
composeUrl() protected method

Defined in: yii\authclient\BaseOAuth::composeUrl()

Composes URL from base URL and GET params.

protected string composeUrl ( $url, array $params = [] )
$url string

Base URL.

$params array

GET params.

return string

Composed URL.

                protected function composeUrl($url, array $params = [])
{
    if (!empty($params)) {
        if (strpos($url, '?') === false) {
            $url .= '?';
        } else {
            $url .= '&';
        }
        $url .= http_build_query($params, '', '&', PHP_QUERY_RFC3986);
    }
    return $url;
}

            
createApiRequest() public method (available since version 2.1)

Defined in: yii\authclient\BaseOAuth::createApiRequest()

Creates an HTTP request for the API call.

The created request will be automatically processed adding access token parameters and signature before sending. You may use createRequest() to gain full control over request composition and execution.

See also createRequest().

public yii\httpclient\Request createApiRequest ( )
return yii\httpclient\Request

HTTP request instance.

                public function createApiRequest()
{
    $request = $this->createRequest();
    $request->on(Request::EVENT_BEFORE_SEND, [$this, 'beforeApiRequestSend']);
    return $request;
}

            
createHttpClient() protected method (available since version 2.1)

Defined in: yii\authclient\BaseOAuth::createHttpClient()

Creates HTTP client instance from reference or configuration.

protected yii\httpclient\Client createHttpClient ( $reference )
$reference string|array

Component name or array configuration.

return yii\httpclient\Client

HTTP client instance.

                protected function createHttpClient($reference)
{
    $httpClient = parent::createHttpClient($reference);
    $httpClient->baseUrl = $this->apiBaseUrl;
    return $httpClient;
}

            
createRequest() public method (available since version 2.1)

Defined in: yii\authclient\BaseClient::createRequest()

Creates HTTP request instance.

public yii\httpclient\Request createRequest ( )
return yii\httpclient\Request

HTTP request instance.

                public function createRequest()
{
    return $this->getHttpClient()
        ->createRequest()
        ->addOptions($this->defaultRequestOptions())
        ->addOptions($this->getRequestOptions());
}

            
createSignatureMethod() protected method

Defined in: yii\authclient\BaseOAuth::createSignatureMethod()

Creates signature method instance from its configuration.

protected yii\authclient\signature\BaseMethod createSignatureMethod ( array $signatureMethodConfig )
$signatureMethodConfig array

Signature method configuration.

return yii\authclient\signature\BaseMethod

Signature method instance.

                protected function createSignatureMethod(array $signatureMethodConfig)
{
    if (!array_key_exists('class', $signatureMethodConfig)) {
        $signatureMethodConfig['class'] = signature\HmacSha1::className();
    }
    return Yii::createObject($signatureMethodConfig);
}

            
createToken() protected method

Creates token from its configuration.

protected yii\authclient\OAuthToken createToken ( array $tokenConfig = [] )
$tokenConfig array

Token configuration.

return yii\authclient\OAuthToken

Token instance.

                protected function createToken(array $tokenConfig = [])
{
    if ($this->validateJws) {
        $jwsData = $this->loadJws($tokenConfig['params']['id_token']);
        $this->validateClaims($jwsData);
        $tokenConfig['params'] = array_merge($tokenConfig['params'], $jwsData);
        if ($this->getValidateAuthNonce()) {
            $authNonce = $this->getState('authNonce');
            if (
                !isset($jwsData['nonce'])
                || empty($authNonce)
                || !Yii::$app->getSecurity()->compareString($jwsData['nonce'], $authNonce)
            ) {
                throw new HttpException(400, 'Invalid auth nonce');
            } else {
                $this->removeState('authNonce');
            }
        }
    }
    return parent::createToken($tokenConfig);
}

            
defaultName() protected method

Defined in: yii\authclient\BaseClient::defaultName()

Generates service name.

protected string defaultName ( )
return string

Service name.

                protected function defaultName()
{
    return Inflector::camel2id(StringHelper::basename(get_class($this)));
}

            
defaultNormalizeUserAttributeMap() protected method

Defined in: yii\authclient\BaseClient::defaultNormalizeUserAttributeMap()

Returns the default $normalizeUserAttributeMap value.

Particular client may override this method in order to provide specific default map.

protected array defaultNormalizeUserAttributeMap ( )
return array

Normalize attribute map.

                protected function defaultNormalizeUserAttributeMap()
{
    return [];
}

            
defaultRequestOptions() protected method (available since version 2.1)

Defined in: yii\authclient\BaseOAuth::defaultRequestOptions()

Returns default HTTP request options.

protected array defaultRequestOptions ( )
return array

HTTP request options.

                protected function defaultRequestOptions()
{
    return [
        'userAgent' => Inflector::slug(Yii::$app->name) . ' OAuth ' . $this->version . ' Client',
        'timeout' => 30,
    ];
}

            
defaultReturnUrl() protected method

Defined in: yii\authclient\BaseOAuth::defaultReturnUrl()

Composes default $returnUrl value.

protected string defaultReturnUrl ( )
return string

Return URL.

                protected function defaultReturnUrl()
{
    $params = Yii::$app->getRequest()->getQueryParams();
    $params = array_intersect_key($params, array_flip($this->parametersToKeepInReturnUrl));
    $params[0] = Yii::$app->controller->getRoute();
    return Yii::$app->getUrlManager()->createAbsoluteUrl($params);
}

            
defaultTitle() protected method

Defined in: yii\authclient\BaseClient::defaultTitle()

Generates service title.

protected string defaultTitle ( )
return string

Service title.

                protected function defaultTitle()
{
    return StringHelper::basename(get_class($this));
}

            
defaultViewOptions() protected method

Defined in: yii\authclient\BaseClient::defaultViewOptions()

Returns the default $viewOptions value.

Particular client may override this method in order to provide specific default view options.

protected array defaultViewOptions ( )
return array

List of default $viewOptions

                protected function defaultViewOptions()
{
    return [];
}

            
detachBehavior() public method

Defined in: yii\base\Component::detachBehavior()

Detaches a behavior from the component.

The behavior's yii\base\Behavior::detach() method will be invoked.

public yii\base\Behavior|null detachBehavior ( $name )
$name string

The behavior's name.

return yii\base\Behavior|null

The detached behavior. Null if the behavior does not exist.

                public function detachBehavior($name)
{
    $this->ensureBehaviors();
    if (isset($this->_behaviors[$name])) {
        $behavior = $this->_behaviors[$name];
        unset($this->_behaviors[$name]);
        $behavior->detach();
        return $behavior;
    }
    return null;
}

            
detachBehaviors() public method

Defined in: yii\base\Component::detachBehaviors()

Detaches all behaviors from the component.

public void detachBehaviors ( )

                public function detachBehaviors()
{
    $this->ensureBehaviors();
    foreach ($this->_behaviors as $name => $behavior) {
        $this->detachBehavior($name);
    }
}

            
discoverConfig() protected method

Discovers OpenID Provider configuration parameters.

protected array discoverConfig ( )
return array

OpenID Provider configuration parameters.

throws yii\authclient\InvalidResponseException

on failure.

                protected function discoverConfig()
{
    $request = $this->createRequest();
    $configUrl = rtrim($this->issuerUrl, '/') . '/.well-known/openid-configuration';
    $request->setMethod('GET')
        ->setUrl($configUrl);
    $response = $this->sendRequest($request);
    return $response;
}

            
ensureBehaviors() public method

Defined in: yii\base\Component::ensureBehaviors()

Makes sure that the behaviors declared in behaviors() are attached to this component.

public void ensureBehaviors ( )

                public function ensureBehaviors()
{
    if ($this->_behaviors === null) {
        $this->_behaviors = [];
        foreach ($this->behaviors() as $name => $behavior) {
            $this->attachBehaviorInternal($name, $behavior);
        }
    }
}

            
fetchAccessToken() public method

Fetches access token from authorization code.

public yii\authclient\OAuthToken fetchAccessToken ( $authCode, array $params = [] )
$authCode string

Authorization code, usually comes at GET parameter 'code'.

$params array

Additional request params.

return yii\authclient\OAuthToken

Access token.

throws yii\web\HttpException

on invalid auth state in case enableStateValidation is enabled.

                public function fetchAccessToken($authCode, array $params = [])
{
    if ($this->tokenUrl === null) {
        $this->tokenUrl = $this->getConfigParam('token_endpoint');
    }
    if (!isset($params['nonce']) && $this->getValidateAuthNonce()) {
        $params['nonce'] = $this->getState('authNonce');
    }
    return parent::fetchAccessToken($authCode, $params);
}

            
generateAuthNonce() protected method

Generates the auth nonce value.

protected string generateAuthNonce ( )
return string

Auth nonce value.

                protected function generateAuthNonce()
{
    return Yii::$app->security->generateRandomString();
}

            
generateAuthState() protected method (available since version 2.1)

Defined in: yii\authclient\OAuth2::generateAuthState()

Generates the auth state value.

protected string generateAuthState ( )
return string

Auth state value.

                protected function generateAuthState()
{
    $baseString = get_class($this) . '-' . time();
    if (Yii::$app->has('session')) {
        $baseString .= '-' . Yii::$app->session->getId();
    }
    return hash('sha256', uniqid($baseString, true));
}

            
getAccessToken() public method
public yii\authclient\OAuthToken getAccessToken ( )
return yii\authclient\OAuthToken

Auth token instance.

                public function getAccessToken()
{
    if (!is_object($this->_accessToken)) {
        $this->_accessToken = $this->restoreAccessToken();
    }
    return $this->_accessToken;
}

            
getBehavior() public method

Defined in: yii\base\Component::getBehavior()

Returns the named behavior object.

public yii\base\Behavior|null getBehavior ( $name )
$name string

The behavior name

return yii\base\Behavior|null

The behavior object, or null if the behavior does not exist

                public function getBehavior($name)
{
    $this->ensureBehaviors();
    return isset($this->_behaviors[$name]) ? $this->_behaviors[$name] : null;
}

            
getBehaviors() public method

Defined in: yii\base\Component::getBehaviors()

Returns all behaviors attached to this component.

public yii\base\Behavior[] getBehaviors ( )
return yii\base\Behavior[]

List of behaviors attached to this component

                public function getBehaviors()
{
    $this->ensureBehaviors();
    return $this->_behaviors;
}

            
getCache() public method

public yii\caching\Cache|null getCache ( )
return yii\caching\Cache|null

The cache object, null - if not enabled.

                public function getCache()
{
    if ($this->_cache !== null && !is_object($this->_cache)) {
        $this->_cache = Instance::ensure($this->_cache, Cache::className());
    }
    return $this->_cache;
}

            
getConfigParam() public method

Returns particular configuration parameter value.

public mixed getConfigParam ( $name, $default null )
$name string

Configuration parameter name.

$default mixed

Value to be returned if the configuration parameter isn't set.

return mixed

Configuration parameter value.

                public function getConfigParam($name, $default = null)
{
    $params = $this->getConfigParams();
    return array_key_exists($name, $params) ? $params[$name] : $default;
}

            
getConfigParams() public method

public array getConfigParams ( )
return array

OpenID provider configuration parameters.

                public function getConfigParams()
{
    if ($this->_configParams === null) {
        $cache = $this->getCache();
        $cacheKey = $this->configParamsCacheKeyPrefix . $this->getId();
        if ($cache === null || ($configParams = $cache->get($cacheKey)) === false) {
            $configParams = $this->discoverConfig();
        }
        $this->_configParams = $configParams;
        if ($cache !== null) {
            $cache->set($cacheKey, $configParams);
        }
    }
    return $this->_configParams;
}

            
getHttpClient() public method (available since version 2.1)

Defined in: yii\authclient\BaseClient::getHttpClient()

Returns HTTP client.

public yii\httpclient\Client getHttpClient ( )
return yii\httpclient\Client

Internal HTTP client.

                public function getHttpClient()
{
    if (!is_object($this->_httpClient)) {
        $this->_httpClient = $this->createHttpClient($this->_httpClient);
    }
    return $this->_httpClient;
}

            
getId() public method
public string getId ( )
return string

Service id

                public function getId()
{
    if (empty($this->_id)) {
        $this->_id = $this->getName();
    }
    return $this->_id;
}

            
getJwkSet() protected method

Return JwkSet, returning related data.

protected \yii\authclient\JWKSet getJwkSet ( )
return \yii\authclient\JWKSet

Object represents a key set.

throws yii\authclient\InvalidResponseException

on failure.

                protected function getJwkSet()
{
    if ($this->_jwkSet === null) {
        $cache = $this->getCache();
        $cacheKey = $this->configParamsCacheKeyPrefix . '_jwkSet';
        if ($cache === null || ($jwkSet = $cache->get($cacheKey)) === false) {
            $request = $this->createRequest()
                ->setMethod('GET')
                ->setUrl($this->getConfigParam('jwks_uri'));
            $response = $this->sendRequest($request);
            $jwkSet = JWKFactory::createFromValues($response);
        }
        $this->_jwkSet = $jwkSet;
        if ($cache !== null) {
            $cache->set($cacheKey, $jwkSet);
        }
    }
    return $this->_jwkSet;
}

            
getJwsLoader() protected method

Return JWSLoader that validate the JWS token.

protected \Jose\Component\Signature\JWSLoader getJwsLoader ( )
return \Jose\Component\Signature\JWSLoader

To do token validation.

throws yii\base\InvalidConfigException

on invalid algorithm provide in configuration.

                protected function getJwsLoader()
{
    if ($this->_jwsLoader === null) {
        $algorithms = [];
        foreach ($this->allowedJwsAlgorithms as $algorithm)
        {
            $class = '\Jose\Component\Signature\Algorithm\\' . $algorithm;
            if (!class_exists($class))
            {
                throw new InvalidConfigException("Alogrithm class $class doesn't exist");
            }
            $algorithms[] = new $class();
        }
        $this->_jwsLoader = new JWSLoader(
            new JWSSerializerManager([ new CompactSerializer() ]),
            new JWSVerifier(new AlgorithmManager($algorithms)),
            new HeaderCheckerManager(
                [ new AlgorithmChecker($this->allowedJwsAlgorithms) ],
                [ new JWSTokenSupport() ]
            )
        );
    }
    return $this->_jwsLoader;
}

            
getName() public method
public string getName ( )
return string

Service name.

                public function getName()
{
    if ($this->_name === null) {
        $this->_name = $this->defaultName();
    }
    return $this->_name;
}

            
getNormalizeUserAttributeMap() public method
public array getNormalizeUserAttributeMap ( )
return array

Normalize user attribute map.

                public function getNormalizeUserAttributeMap()
{
    if ($this->_normalizeUserAttributeMap === null) {
        $this->_normalizeUserAttributeMap = $this->defaultNormalizeUserAttributeMap();
    }
    return $this->_normalizeUserAttributeMap;
}

            
getRequestOptions() public method (available since version 2.1)
public array getRequestOptions ( )
return array

HTTP request options.

                public function getRequestOptions()
{
    return $this->_requestOptions;
}

            
getReturnUrl() public method
public string getReturnUrl ( )
return string

Return URL.

                public function getReturnUrl()
{
    if ($this->_returnUrl === null) {
        $this->_returnUrl = $this->defaultReturnUrl();
    }
    return $this->_returnUrl;
}

            
getSignatureMethod() public method
public yii\authclient\signature\BaseMethod getSignatureMethod ( )
return yii\authclient\signature\BaseMethod

Signature method instance.

                public function getSignatureMethod()
{
    if (!is_object($this->_signatureMethod)) {
        $this->_signatureMethod = $this->createSignatureMethod($this->_signatureMethod);
    }
    return $this->_signatureMethod;
}

            
getState() protected method

Defined in: yii\authclient\BaseClient::getState()

Returns persistent state value.

protected mixed getState ( $key )
$key string

State key.

return mixed

State value.

                protected function getState($key)
{
    return $this->getStateStorage()->get($this->getStateKeyPrefix() . $key);
}

            
getStateKeyPrefix() protected method

Defined in: yii\authclient\BaseClient::getStateKeyPrefix()

Returns session key prefix, which is used to store internal states.

protected string getStateKeyPrefix ( )
return string

Session key prefix.

                protected function getStateKeyPrefix()
{
    return get_class($this) . '_' . $this->getId() . '_';
}

            
getStateStorage() public method
public yii\authclient\StateStorageInterface getStateStorage ( )
return yii\authclient\StateStorageInterface

Stage storage.

                public function getStateStorage()
{
    if (!is_object($this->_stateStorage)) {
        $this->_stateStorage = Yii::createObject($this->_stateStorage);
    }
    return $this->_stateStorage;
}

            
getTitle() public method
public string getTitle ( )
return string

Service title.

                public function getTitle()
{
    if ($this->_title === null) {
        $this->_title = $this->defaultTitle();
    }
    return $this->_title;
}

            
getUserAttributes() public method
public array getUserAttributes ( )
return array

List of user attributes

                public function getUserAttributes()
{
    if ($this->_userAttributes === null) {
        $this->_userAttributes = $this->normalizeUserAttributes($this->initUserAttributes());
    }
    return $this->_userAttributes;
}

            
getValidateAuthNonce() public method

public boolean getValidateAuthNonce ( )
return boolean

Whether to use and validate auth 'nonce' parameter in authentication flow.

                public function getValidateAuthNonce()
{
    if ($this->_validateAuthNonce === null) {
        $this->_validateAuthNonce = $this->validateJws && in_array('nonce', $this->getConfigParam('claims_supported'));
    }
    return $this->_validateAuthNonce;
}

            
getViewOptions() public method
public array getViewOptions ( )
return array

View options in format: optionName => optionValue

                public function getViewOptions()
{
    if ($this->_viewOptions === null) {
        $this->_viewOptions = $this->defaultViewOptions();
    }
    return $this->_viewOptions;
}

            
hasEventHandlers() public method

Defined in: yii\base\Component::hasEventHandlers()

Returns a value indicating whether there is any handler attached to the named event.

public boolean hasEventHandlers ( $name )
$name string

The event name

return boolean

Whether there is any handler attached to the event.

                public function hasEventHandlers($name)
{
    $this->ensureBehaviors();
    if (!empty($this->_events[$name])) {
        return true;
    }
    foreach ($this->_eventWildcards as $wildcard => $handlers) {
        if (!empty($handlers) && StringHelper::matchWildcard($wildcard, $name)) {
            return true;
        }
    }
    return Event::hasHandlers($this, $name);
}

            
hasMethod() public method

Defined in: yii\base\Component::hasMethod()

Returns a value indicating whether a method is defined.

A method is defined if:

  • the class has a method with the specified name
  • an attached behavior has a method with the given name (when $checkBehaviors is true).
public boolean hasMethod ( $name, $checkBehaviors true )
$name string

The property name

$checkBehaviors boolean

Whether to treat behaviors' methods as methods of this component

return boolean

Whether the method is defined

                public function hasMethod($name, $checkBehaviors = true)
{
    if (method_exists($this, $name)) {
        return true;
    } elseif ($checkBehaviors) {
        $this->ensureBehaviors();
        foreach ($this->_behaviors as $behavior) {
            if ($behavior->hasMethod($name)) {
                return true;
            }
        }
    }
    return false;
}

            
hasProperty() public method

Defined in: yii\base\Component::hasProperty()

Returns a value indicating whether a property is defined for this component.

A property is defined if:

  • the class has a getter or setter method associated with the specified name (in this case, property name is case-insensitive);
  • the class has a member variable with the specified name (when $checkVars is true);
  • an attached behavior has a property of the given name (when $checkBehaviors is true).

See also:

public boolean hasProperty ( $name, $checkVars true, $checkBehaviors true )
$name string

The property name

$checkVars boolean

Whether to treat member variables as properties

$checkBehaviors boolean

Whether to treat behaviors' properties as properties of this component

return boolean

Whether the property is defined

                public function hasProperty($name, $checkVars = true, $checkBehaviors = true)
{
    return $this->canGetProperty($name, $checkVars, $checkBehaviors) || $this->canSetProperty($name, false, $checkBehaviors);
}

            
init() public method

Defined in: yii\base\BaseObject::init()

Initializes the object.

This method is invoked at the end of the constructor after the object is initialized with the given configuration.

public void init ( )

                public function init()
{
}

            
initUserAttributes() protected method

Initializes authenticated user attributes.

protected array initUserAttributes ( )
return array

Auth user attributes.

                protected function initUserAttributes()
{
    // Use 'userinfo_endpoint' config if available,
    // try to extract user claims from access token's 'id_token' claim otherwise.
    $userinfoEndpoint = $this->getConfigParam('userinfo_endpoint');
    if (!empty($userinfoEndpoint)) {
        $userInfo = $this->api($userinfoEndpoint, 'GET');
        // The userinfo endpoint can return a JSON object (which will be converted to an array) or a JWT.
        if (is_array($userInfo)) {
            return $userInfo;
        } else {
            // Use the userInfo endpoint as id_token and parse it as JWT below
            $idToken = $userInfo;
        }
    } else {
        $accessToken = $this->accessToken;
        $idToken = $accessToken->getParam('id_token');
    }
    $idTokenData = [];
    if (!empty($idToken)) {
        if ($this->validateJws) {
            $idTokenClaims = $this->loadJws($idToken);
        } else {
            $idTokenClaims = Json::decode(StringHelper::base64UrlDecode(explode('.', $idToken)[1]));
        }
        $metaDataFields = array_flip($this->defaultIdTokenClaims);
        unset($metaDataFields['sub']); // "Subject Identifier" is not meta data
        $idTokenData = array_diff_key($idTokenClaims, $metaDataFields);
    }
    return $idTokenData;
}

            
loadJws() protected method

Decrypts/validates JWS, returning related data.

protected array loadJws ( $jws )
$jws string

Raw JWS input.

return array

JWS underlying data.

throws yii\web\HttpException

on invalid JWS signature.

                protected function loadJws($jws)
{
    try {
        $jwsLoader = $this->getJwsLoader();
        $signature = null;
        $jwsVerified = $jwsLoader->loadAndVerifyWithKeySet($jws, $this->getJwkSet(), $signature);
        return Json::decode($jwsVerified->getPayload());
    } catch (\Exception $e) {
        $message = YII_DEBUG ? 'Unable to verify JWS: ' . $e->getMessage() : 'Invalid JWS';
        throw new HttpException(400, $message, $e->getCode(), $e);
    }
}

            
normalizeUserAttributes() protected method

Defined in: yii\authclient\BaseClient::normalizeUserAttributes()

Normalize given user attributes according to $normalizeUserAttributeMap.

protected array normalizeUserAttributes ( $attributes )
$attributes array

Raw attributes.

return array

Normalized attributes.

throws yii\base\InvalidConfigException

on incorrect normalize attribute map.

                protected function normalizeUserAttributes($attributes)
{
    foreach ($this->getNormalizeUserAttributeMap() as $normalizedName => $actualName) {
        if (is_scalar($actualName)) {
            if (array_key_exists($actualName, $attributes)) {
                $attributes[$normalizedName] = $attributes[$actualName];
            }
        } else {
            if (is_callable($actualName)) {
                $attributes[$normalizedName] = call_user_func($actualName, $attributes);
            } elseif (is_array($actualName)) {
                $haystack = $attributes;
                $searchKeys = $actualName;
                $isFound = true;
                while (($key = array_shift($searchKeys)) !== null) {
                    if (is_array($haystack) && array_key_exists($key, $haystack)) {
                        $haystack = $haystack[$key];
                    } else {
                        $isFound = false;
                        break;
                    }
                }
                if ($isFound) {
                    $attributes[$normalizedName] = $haystack;
                }
            } else {
                throw new InvalidConfigException('Invalid actual name "' . gettype($actualName) . '" specified at "' . get_class($this) . '::normalizeUserAttributeMap"');
            }
        }
    }
    return $attributes;
}

            
off() public method

Defined in: yii\base\Component::off()

Detaches an existing event handler from this component.

This method is the opposite of on().

Note: in case wildcard pattern is passed for event name, only the handlers registered with this wildcard will be removed, while handlers registered with plain names matching this wildcard will remain.

See also on().

public boolean off ( $name, $handler null )
$name string

Event name

$handler callable|null

The event handler to be removed. If it is null, all handlers attached to the named event will be removed.

return boolean

If a handler is found and detached

                public function off($name, $handler = null)
{
    $this->ensureBehaviors();
    if (empty($this->_events[$name]) && empty($this->_eventWildcards[$name])) {
        return false;
    }
    if ($handler === null) {
        unset($this->_events[$name], $this->_eventWildcards[$name]);
        return true;
    }
    $removed = false;
    // plain event names
    if (isset($this->_events[$name])) {
        foreach ($this->_events[$name] as $i => $event) {
            if ($event[0] === $handler) {
                unset($this->_events[$name][$i]);
                $removed = true;
            }
        }
        if ($removed) {
            $this->_events[$name] = array_values($this->_events[$name]);
            return true;
        }
    }
    // wildcard event names
    if (isset($this->_eventWildcards[$name])) {
        foreach ($this->_eventWildcards[$name] as $i => $event) {
            if ($event[0] === $handler) {
                unset($this->_eventWildcards[$name][$i]);
                $removed = true;
            }
        }
        if ($removed) {
            $this->_eventWildcards[$name] = array_values($this->_eventWildcards[$name]);
            // remove empty wildcards to save future redundant regex checks:
            if (empty($this->_eventWildcards[$name])) {
                unset($this->_eventWildcards[$name]);
            }
        }
    }
    return $removed;
}

            
on() public method

Defined in: yii\base\Component::on()

Attaches an event handler to an event.

The event handler must be a valid PHP callback. The following are some examples:

function ($event) { ... }         // anonymous function
[$object, 'handleClick']          // $object->handleClick()
['Page', 'handleClick']           // Page::handleClick()
'handleClick'                     // global function handleClick()

The event handler must be defined with the following signature,

function ($event)

where $event is an yii\base\Event object which includes parameters associated with the event.

Since 2.0.14 you can specify event name as a wildcard pattern:

$component->on('event.group.*', function ($event) {
    Yii::trace($event->name . ' is triggered.');
});

See also off().

public void on ( $name, $handler, $data null, $append true )
$name string

The event name

$handler callable

The event handler

$data mixed

The data to be passed to the event handler when the event is triggered. When the event handler is invoked, this data can be accessed via yii\base\Event::$data.

$append boolean

Whether to append new event handler to the end of the existing handler list. If false, the new handler will be inserted at the beginning of the existing handler list.

                public function on($name, $handler, $data = null, $append = true)
{
    $this->ensureBehaviors();
    if (strpos($name, '*') !== false) {
        if ($append || empty($this->_eventWildcards[$name])) {
            $this->_eventWildcards[$name][] = [$handler, $data];
        } else {
            array_unshift($this->_eventWildcards[$name], [$handler, $data]);
        }
        return;
    }
    if ($append || empty($this->_events[$name])) {
        $this->_events[$name][] = [$handler, $data];
    } else {
        array_unshift($this->_events[$name], [$handler, $data]);
    }
}

            
refreshAccessToken() public method

Gets new auth token to replace expired one.

public yii\authclient\OAuthToken refreshAccessToken ( yii\authclient\OAuthToken $token )
$token yii\authclient\OAuthToken

Expired auth token.

return yii\authclient\OAuthToken

New auth token.

                public function refreshAccessToken(OAuthToken $token)
{
    if ($this->tokenUrl === null) {
        $this->tokenUrl = $this->getConfigParam('token_endpoint');
    }
    if ($this->getValidateAuthNonce()) {
        $nonce = $this->generateAuthNonce();
        $this->setState('authNonce', $nonce);
        $token->setParam('nonce', $nonce);
    }
    return parent::refreshAccessToken($token);
}

            
removeState() protected method

Defined in: yii\authclient\BaseClient::removeState()

Removes persistent state value.

protected boolean removeState ( $key )
$key string

State key.

return boolean

Success.

                protected function removeState($key)
{
    return $this->getStateStorage()->remove($this->getStateKeyPrefix() . $key);
}

            
restoreAccessToken() protected method

Defined in: yii\authclient\BaseOAuth::restoreAccessToken()

Restores access token.

protected yii\authclient\OAuthToken restoreAccessToken ( )
return yii\authclient\OAuthToken

Auth token.

                protected function restoreAccessToken()
{
    $token = $this->getState('token');
    if (is_object($token)) {
        /* @var $token OAuthToken */
        if ($token->getIsExpired() && $this->autoRefreshAccessToken) {
            $token = $this->refreshAccessToken($token);
        }
    }
    return $token;
}

            
saveAccessToken() protected method

Defined in: yii\authclient\BaseOAuth::saveAccessToken()

Saves token as persistent state.

protected $this saveAccessToken ( $token )
$token yii\authclient\OAuthToken|null

Auth token to be saved.

return $this

The object itself.

                protected function saveAccessToken($token)
{
    return $this->setState('token', $token);
}

            
sendRequest() protected method (available since version 2.1)

Defined in: yii\authclient\BaseOAuth::sendRequest()

Sends the given HTTP request, returning response data.

protected array|string|null sendRequest ( $request )
$request yii\httpclient\Request

HTTP request to be sent.

return array|string|null

Response data.

throws yii\authclient\ClientErrorResponseException

on client error response codes.

throws yii\authclient\InvalidResponseException

on non-successful (other than client error) response codes.

throws yii\httpclient\Exception

                protected function sendRequest($request)
{
    $response = $request->send();
    if (!$response->getIsOk()) {
        $statusCode = (int)$response->getStatusCode();
        if ($statusCode >= 400 && $statusCode < 500) {
            $exceptionClass = 'yii\\authclient\\ClientErrorResponseException';
        } else {
            $exceptionClass = 'yii\\authclient\\InvalidResponseException';
        }
        throw new $exceptionClass(
            $response,
            'Request failed with code: ' . $statusCode . ', message: ' . $response->getContent(),
            $statusCode
        );
    }
    if (stripos($response->headers->get('content-type', ''), 'application/jwt') !== false) {
        return $response->getContent();
    } else {
        return $response->getData();
    }
}

            
setAccessToken() public method

Defined in: yii\authclient\BaseOAuth::setAccessToken()

Sets access token to be used.

public void setAccessToken ( $token )
$token array|yii\authclient\OAuthToken|null

Access token or its configuration. Set to null to restore token from token store.

                public function setAccessToken($token)
{
    if (!is_object($token) && $token !== null) {
        $token = $this->createToken($token);
    }
    $this->_accessToken = $token;
    $this->saveAccessToken($token);
}

            
setCache() public method

Sets up a component to be used for caching.

This can be one of the following:

  • an application component ID (e.g. cache)
  • a configuration array
  • a yii\caching\Cache object

When null is passed, it means caching is not enabled.

public void setCache ( $cache )
$cache yii\caching\Cache|array|string|null

The cache object or the ID of the cache application component.

                public function setCache($cache)
{
    $this->_cache = $cache;
}

            
setConfigParams() public method (available since version 2.2.12)

Set the OpenID provider configuration manually, this will bypass the automatic discovery via the /.well-known/openid-configuration endpoint.

public void setConfigParams ( $configParams )
$configParams array

OpenID provider configuration parameters.

                public function setConfigParams($configParams)
{
    $this->_configParams = $configParams;
}

            
setHttpClient() public method (available since version 2.1)

Defined in: yii\authclient\BaseOAuth::setHttpClient()

Sets HTTP client to be used.

public void setHttpClient ( $httpClient )
$httpClient array|yii\httpclient\Client

Internal HTTP client.

                public function setHttpClient($httpClient)
{
    if (is_object($httpClient)) {
        $httpClient = clone $httpClient;
        $httpClient->baseUrl = $this->apiBaseUrl;
    }
    parent::setHttpClient($httpClient);
}

            
setId() public method
public void setId ( $id )
$id string

Service id.

                public function setId($id)
{
    $this->_id = $id;
}

            
setName() public method
public void setName ( $name )
$name string

Service name.

                public function setName($name)
{
    $this->_name = $name;
}

            
setNormalizeUserAttributeMap() public method
public void setNormalizeUserAttributeMap ( $normalizeUserAttributeMap )
$normalizeUserAttributeMap array

Normalize user attribute map.

                public function setNormalizeUserAttributeMap($normalizeUserAttributeMap)
{
    $this->_normalizeUserAttributeMap = $normalizeUserAttributeMap;
}

            
setRequestOptions() public method (available since version 2.1)
public void setRequestOptions ( array $options )
$options array

HTTP request options.

                public function setRequestOptions(array $options)
{
    $this->_requestOptions = $options;
}

            
setReturnUrl() public method
public void setReturnUrl ( $returnUrl )
$returnUrl string

Return URL

                public function setReturnUrl($returnUrl)
{
    $this->_returnUrl = $returnUrl;
}

            
setSignatureMethod() public method

Defined in: yii\authclient\BaseOAuth::setSignatureMethod()

Set signature method to be used.

public void setSignatureMethod ( $signatureMethod )
$signatureMethod array|yii\authclient\signature\BaseMethod

Signature method instance or its array configuration.

throws yii\base\InvalidArgumentException

on wrong argument.

                public function setSignatureMethod($signatureMethod)
{
    if (!is_object($signatureMethod) && !is_array($signatureMethod)) {
        throw new InvalidArgumentException('"' . get_class($this) . '::signatureMethod" should be instance of "\yii\autclient\signature\BaseMethod" or its array configuration. "' . gettype($signatureMethod) . '" has been given.');
    }
    $this->_signatureMethod = $signatureMethod;
}

            
setState() protected method

Defined in: yii\authclient\BaseClient::setState()

Sets persistent state.

protected $this setState ( $key, $value )
$key string

State key.

$value mixed

State value

return $this

The object itself

                protected function setState($key, $value)
{
    $this->getStateStorage()->set($this->getStateKeyPrefix() . $key, $value);
    return $this;
}

            
setStateStorage() public method
public void setStateStorage ( $stateStorage )
$stateStorage yii\authclient\StateStorageInterface|array|string

Stage storage to be used.

                public function setStateStorage($stateStorage)
{
    $this->_stateStorage = $stateStorage;
}

            
setTitle() public method
public void setTitle ( $title )
$title string

Service title.

                public function setTitle($title)
{
    $this->_title = $title;
}

            
setUserAttributes() public method
public void setUserAttributes ( $userAttributes )
$userAttributes array

List of user attributes

                public function setUserAttributes($userAttributes)
{
    $this->_userAttributes = $this->normalizeUserAttributes($userAttributes);
}

            
setValidateAuthNonce() public method

public void setValidateAuthNonce ( $validateAuthNonce )
$validateAuthNonce boolean

Whether to use and validate auth 'nonce' parameter in authentication flow.

                public function setValidateAuthNonce($validateAuthNonce)
{
    $this->_validateAuthNonce = $validateAuthNonce;
}

            
setViewOptions() public method
public void setViewOptions ( $viewOptions )
$viewOptions array

View options in format: optionName => optionValue

                public function setViewOptions($viewOptions)
{
    $this->_viewOptions = $viewOptions;
}

            
trigger() public method

Defined in: yii\base\Component::trigger()

Triggers an event.

This method represents the happening of an event. It invokes all attached handlers for the event including class-level handlers.

public void trigger ( $name, yii\base\Event $event null )
$name string

The event name

$event yii\base\Event|null

The event instance. If not set, a default yii\base\Event object will be created.

                public function trigger($name, Event $event = null)
{
    $this->ensureBehaviors();
    $eventHandlers = [];
    foreach ($this->_eventWildcards as $wildcard => $handlers) {
        if (StringHelper::matchWildcard($wildcard, $name)) {
            $eventHandlers[] = $handlers;
        }
    }
    if (!empty($this->_events[$name])) {
        $eventHandlers[] = $this->_events[$name];
    }
    if (!empty($eventHandlers)) {
        $eventHandlers = call_user_func_array('array_merge', $eventHandlers);
        if ($event === null) {
            $event = new Event();
        }
        if ($event->sender === null) {
            $event->sender = $this;
        }
        $event->handled = false;
        $event->name = $name;
        foreach ($eventHandlers as $handler) {
            $event->data = $handler[1];
            call_user_func($handler[0], $event);
            // stop further handling if the event is handled
            if ($event->handled) {
                return;
            }
        }
    }
    // invoke class-level attached handlers
    Event::trigger($this, $name, $event);
}

            
validateClaims() protected method (available since version 2.2.3)

Validates the claims data received from OpenID provider.

protected void validateClaims ( array $claims )
$claims array

Claims data.

throws yii\web\HttpException

on invalid claims.

                protected function validateClaims(array $claims)
{
    $expectedIssuer = $this->getConfigParam('issuer', $this->issuerUrl);
    if (!isset($claims['iss']) || (strcmp(rtrim($claims['iss'], '/'), rtrim($expectedIssuer, '/')) !== 0)) {
        throw new HttpException(400, 'Invalid "iss"');
    }
    if (!isset($claims['aud'])
        || (!is_string($claims['aud']) && !is_array($claims['aud']))
        || (is_string($claims['aud']) && strcmp($claims['aud'], $this->clientId) !== 0)
        || (is_array($claims['aud']) && !in_array($this->clientId, $claims['aud']))
    ) {
        throw new HttpException(400, 'Invalid "aud"');
    }
}