diff --git a/CHANGELOG.md b/CHANGELOG.md index 26fbf8dcf11e9bd787def74b9ae36e87d2af47ea..4bb13ebba23e034a2eaa7f061dc288586b27cd20 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,11 @@ ## Unreleased +_Release: 2019-? +* Nothing yet! + +## v2.0.0 + _Release: 2018-? * Behavior changes from v1 * User canceling consent sends them to error page rather than throwing USER_ABORT. Behavior is configurable @@ -11,7 +16,7 @@ be query params on user info request * If user cancels consent, send them to page saying consent must be provided. * Perform 1 retry on network errors * Use ssp 1.16.2 as the dependency -* Add php 7.1 and 7.2 to travis buildds +* Add php 7.1 and 7.2 to travis builds * PSR-2 styling * Add Microsoft authsource * Allow logging of id_token json diff --git a/README.md b/README.md index 0e147b11287460b1a391bd8c1bbafc2bae498f38..c671e8990da4d1b4bc268985f33f21a45eff36d7 100644 --- a/README.md +++ b/README.md @@ -3,6 +3,7 @@ **Table of Contents** *generated with [DocToc](https://github.com/thlorenz/doctoc)* - [Installation](#installation) + - [Changelog](#changelog) - [Usage](#usage) - [Redirect URI](#redirect-uri) - [Provider specific Tips](#provider-specific-tips) @@ -20,6 +21,7 @@ - [Migrating from an existing auth module](#migrating-from-an-existing-auth-module) - [Calling OAuth2ResponseHandler](#calling-oauth2responsehandler) - [Development](#development) + - [Code style](#code-style) <!-- END doctoc generated TOC please keep comment here to allow auto update --> @@ -34,8 +36,16 @@ excellent [PHP League OAuth2 Client](http://oauth2-client.thephpleague.com/). The module can be installed with composer. + composer require cirrusidentity/simplesamlphp-module-authoauth2 + +Or you can install the latest from master + composer require cirrusidentity/simplesamlphp-module-authoauth2:dev-master +## Changelog + +[View the change log](CHANGELOG.md) + # Usage The generic OAuth2 client is configured with @@ -157,10 +167,13 @@ or by using the template option ## Samples Several of these samples show how to configure the generic endpoint to authenticate against Facebook, Amazon and Google, etc. -In a lot of cases there are provider specific implementations of the base OAuth2 client and using one of those may -simplify the configuration +In a lot of cases you can use a template from `ConfigTemplate` to make the configuration cleaner or you can use a provider specific implementations of the base OAuth2 client. ### Generic Facebook + +You can use the Facebook template `'template' => 'Facebook',` and then provide just the `clientId` and `clientSecret` to +have a cleaner looking config + ```php 'genericFacebookTest' => array( 'authoauth2:OAuth2', @@ -199,14 +212,16 @@ simplify the configuration ### Generic Google +View [full Google](/docs/GOOGLE.md) instructions. + + ```php 'genericGoogleTest' => array( 'authoauth2:OAuth2', // *** Google Endpoints *** 'urlAuthorize' => 'https://accounts.google.com/o/oauth2/auth', 'urlAccessToken' => 'https://accounts.google.com/o/oauth2/token', - 'urlResourceOwnerDetails' => 'https://www.googleapis.com/plus/v1/people/me/openIdConnect', - //'urlResourceOwnerDetails' => 'https://www.googleapis.com/plus/v1/people/me?fields=id,name', + 'urlResourceOwnerDetails' => 'https://www.googleapis.com/oauth2/v3/userinfo', // *** My application *** 'clientId' => '685947170891-exmaple.apps.googleusercontent.com', 'clientSecret' => 'wV0FdFs_example', @@ -221,6 +236,9 @@ simplify the configuration ### Provider Specific Google + View [full Google](/docs/GOOGLE.md) instructions. + + ```php 'googleProvider' => array( // Must install correct provider with: composer require league/oauth2-google diff --git a/docs/GOOGLE.md b/docs/GOOGLE.md index e3b6e141aa7fe37486227983bd7095fea17e81c7..03fa401177a1ad3961c8776b0537cfcb3c6bebce 100644 --- a/docs/GOOGLE.md +++ b/docs/GOOGLE.md @@ -5,7 +5,7 @@ - [Google as an AuthSource](#google-as-an-authsource) - [Usage](#usage) - [Recommended Config](#recommended-config) - - [Resitricting hosted domain](#resitricting-hosted-domain) + - [Restricting hosted domain](#restricting-hosted-domain) - [Creating Google OIDC Client](#creating-google-oidc-client) <!-- END doctoc generated TOC please keep comment here to allow auto update --> @@ -15,8 +15,9 @@ Google provides both OIDC and Google Plus endpoints for learning about a user. The OIDC endpoints require fewer client API permissions and return data in a standardized format. The Google Plus endpoints can -return more data about a user but require Goolge Plus permissions and -return data in a Google specific format. +return more data about a user but require Google Plus permissions and +return data in a Google specific format. The Google Plus apis will be shutting down sometime in 2019 +so we recommend using the OIDC endpoints You can also choose between using the generic OAuth/OIDC implementation or using a [Google specific library](https://github.com/thephpleague/oauth2-google/). @@ -51,7 +52,7 @@ $metadata['myEntityId'] = array( ) ``` -## Resitricting hosted domain +## Restricting hosted domain If you want to restrict the hosted domain of a user you can pass the `hd` query parameter to Google. You **must** ensure the `hd` value