UserInfo

The userinfo_endpoint need the access_token. If it's in session, you don't need to give it back.

The id_token is required to verify the sub claim. If it's in session, you don't need to give it back.

The library support the response in json format and jwt (jwt signed by the OP with a key known in it's jwks_uri endpoint or signed with the client_secret).

$client = new Svgta\OidcClient\init(
  'https://id.provider.com/.well-known/openid-configuration',
  'Your_client_id',
  'Your_client_secret'
);

// ...

$tokenRes = $client->token();
// ...
$tokens = $tokenRes->get_tokens();
// ...
$userInfo = $client->userInfo(); 
// method : $client->userInfo($access_token = null, $id_token = null);
// access_token and id_token are optionals if set in session (the method $tokenRes->get_tokens() do it)

⚠️ userinfo_endpoint not set

Some OP don't give an userinfo_endpoint (Dropbox is an example). If the contents of the id_token is enough for you, you can get the result of the payload

...
$tokenRes = $client->token();
$tokens = $tokenRes->get_tokens();
$payload = $tokenRes->get_id_token_payload(); //result is an array

If you call $client->userInfo() but the OP don't have the userinfo_endpoint set, you will get an Svgta\OidcException

Last updated