This module adds support for the OpenID Provider (OP) role from the OpenID Connect protocol to SimpleSAMLphp. It is installable via Composer and is based on the OAuth2 Server from the PHP League.
Supported flows:
- Authorization Code, with PKCE (response_type:
code) - Implicit (response_type:
id_token tokenorid_token) - Refresh Token
OpenID Federation support is in draft, as is the specification. You can expect breaking changes in future releases related to OIDFed capabilities. OIDFed can be enabled or disabled in the module configuration.
Currently supported OIDFed features:
- Automatic client registration using a Request Object (by value)
- Federation participation limiting based on Trust Marks
- Endpoint for issuing a configuration entity statement (about itself)
- Fetch endpoint for issuing statements about subordinates (clients)
- Subordinate listing endpoint
OIDFed is implemented using the SimpleSAMLphp OpenID library.
OpenID4VCI support was done as per draft 15 of the specification and is in the experimental stage. You should NOT use it in production environments.
Currently implemented OpenID4VCI features:
- Grant types:
- Pre-authorized Code flow (new flow defined by the OpenID4VCI spec)
- Authorization Code flow
- Credential formats:
- jwt_vc_json, using VCDM v1.1
- dc+sd-jwt (previously vc+sd-jwt) (SD-JWT VC)
- Proof types:
- jwt
- API for credential offer fetching
OpenID4VCI is also implemented using the SimpleSAMLphp OpenID library.
Minor versions listed show which SimpleSAMLphp versions were used during module development. SimpleSAMLphp follows semantic versioning for its API since v2.0. For example, v5.* of the OIDC module should work with any v2.* of SimpleSAMLphp. PHP version requirements may differ.
| OIDC module | Tested SimpleSAMLphp | PHP | Note |
|---|---|---|---|
| v6.* | v2.3.*, v2.4.* | >=8.2 | Recommended |
| v5.* | v2.1.* | >=8.1 | |
| v4.* | v2.0.* | >=8.0 | |
| v3.* | v2.0.* | >=7.4 | |
| v2.* | v1.19.* | >=7.4 |
Upgrading? See the upgrade guide.
- Getting started: Installation
- Configure and operate: Configuration
- Manage clients and UI: see Configuration
- Endpoints and discovery: see Configuration
- Running with containers: Using Docker
- Conformance tests: OpenID Conformance
- Upgrading between versions: Upgrade guide
- Common questions: FAQ