Create a script authorization.php in src. This script need to load the vendor autoload.php script.
For authorization, you don't need to authentificate your app
<?php
require dirname(__FILE__, 2) . '/vendor/autoload.php';
$disco_url = 'https://Provider.tld/.well-known/openid-configuration';
$client_id = 'yourClient_id';
$session_key = 'YWQ4Q1Hpb_zQliS5wGYDDPZm2xC7PzyfjgLKBNodkazkN_pEPlm7yVBw5r9_pDzSwHJRsFVZShQyb_LFUSMBGQ';
$callback_url = 'https://yourAPPurl/callback.php';
$client = new Svgta\OidcClient\init($disco_url, $client_id);
$client->setSessionKey($session_key);
$auth = $client->authorization($callback_url);
$auth->addScope('email profile');
$auth->addScope('offline_access'); // To get a refresh_token if needed and accepted by your provider
$auth->set_state(); //RECOMMENDED
$auth->set_nonce(); //RECOMMENDED
$auth->exec();
The user is redirect to the provider login page.
Callback
callback.php is the script in /src directory you have created to deal with the callback after user authentication on the provider. It will be used to get user informations.
At this point, you can authorize the user to your application with the userinfo you get.
You can leave the tokens in the session. But, if you get the refresh_token, it's recommended to save it a database to use it for your personnal reasons.
Refresh token
You need the refresh_token get in your callback script.
In the example, the refresh_token is get from the session.