This package add support for the OAuth2 protocol through a SimpleSAMLphp module installable through Composer. Installation can be as easy as executing:
composer.phar require exeba/simplesamlphp-module-oauth2 ~3.0
Copy the template file to the config directory:
cp modules/oauth2/config-template/module_oauth2.php config/
and edit it. The options are self explained.
The schema is maintaned using doctrine command line tool located at
path/to/simplesaml/modules/oauth2/bin/doctrine
To add and remove Oauth2 clients, you need to logon on simplesaml with an admin account. Open the Federation tab and you will see the OAuth2 Client Registry option.
You can specify as many redirect address as you want.
This module is based on Oauth2 Server from the PHP League and supports the following grants:
- Authorization code grant
- Client credentials grant
- Refresh grant
The oauth2 library used generates Json Web Tokens to create the Access Tokens, so you need to create a public and private cert keys:
To generate the private key run this command on the terminal:
openssl genrsa -out cert/oauth2_module.pem 1024
If you want to provide a passphrase for your private key run this command instead:
openssl genrsa -passout pass:_passphrase_ -out cert/oauth2_module.pem 1024
then extract the public key from the private key:
openssl rsa -in cert/oauth2_module.pem -pubout -out cert/oauth2_module.crt
or use your passphrase if provided on private key generation:
openssl rsa -in cert/oauth2_module.pem -passin pass:_passphrase_ -pubout -out cert/oauth2_module.crt
If you use a passphrase remember to configure it in the module_oauth2.php config file.
- Authorization Endpoint: {{baseurlpath}}/module.php/oauth2/authorize
- Token Endpoint: {{baseurlpath}}/module.php/oauth2/access_token
- Token Introspection Endpoint: {{baseurlpath}}/module.php/oauth2/userinfo