Skip to content
Snippets Groups Projects
Commit e67a3ac6 authored by Patrick Radtke's avatar Patrick Radtke
Browse files

Update README,etc and prep for new release

parent 13b24f2e
No related branches found
No related tags found
No related merge requests found
...@@ -2,6 +2,11 @@ ...@@ -2,6 +2,11 @@
## Unreleased ## Unreleased
_Release: 2019-?
* Nothing yet!
## v2.0.0
_Release: 2018-? _Release: 2018-?
* Behavior changes from v1 * Behavior changes from v1
* User canceling consent sends them to error page rather than throwing USER_ABORT. Behavior is configurable * User canceling consent sends them to error page rather than throwing USER_ABORT. Behavior is configurable
...@@ -11,7 +16,7 @@ be query params on user info request ...@@ -11,7 +16,7 @@ be query params on user info request
* If user cancels consent, send them to page saying consent must be provided. * If user cancels consent, send them to page saying consent must be provided.
* Perform 1 retry on network errors * Perform 1 retry on network errors
* Use ssp 1.16.2 as the dependency * Use ssp 1.16.2 as the dependency
* Add php 7.1 and 7.2 to travis buildds * Add php 7.1 and 7.2 to travis builds
* PSR-2 styling * PSR-2 styling
* Add Microsoft authsource * Add Microsoft authsource
* Allow logging of id_token json * Allow logging of id_token json
......
...@@ -3,6 +3,7 @@ ...@@ -3,6 +3,7 @@
**Table of Contents** *generated with [DocToc](https://github.com/thlorenz/doctoc)* **Table of Contents** *generated with [DocToc](https://github.com/thlorenz/doctoc)*
- [Installation](#installation) - [Installation](#installation)
- [Changelog](#changelog)
- [Usage](#usage) - [Usage](#usage)
- [Redirect URI](#redirect-uri) - [Redirect URI](#redirect-uri)
- [Provider specific Tips](#provider-specific-tips) - [Provider specific Tips](#provider-specific-tips)
...@@ -20,6 +21,7 @@ ...@@ -20,6 +21,7 @@
- [Migrating from an existing auth module](#migrating-from-an-existing-auth-module) - [Migrating from an existing auth module](#migrating-from-an-existing-auth-module)
- [Calling OAuth2ResponseHandler](#calling-oauth2responsehandler) - [Calling OAuth2ResponseHandler](#calling-oauth2responsehandler)
- [Development](#development) - [Development](#development)
- [Code style](#code-style)
<!-- END doctoc generated TOC please keep comment here to allow auto update --> <!-- END doctoc generated TOC please keep comment here to allow auto update -->
...@@ -34,8 +36,16 @@ excellent [PHP League OAuth2 Client](http://oauth2-client.thephpleague.com/). ...@@ -34,8 +36,16 @@ excellent [PHP League OAuth2 Client](http://oauth2-client.thephpleague.com/).
The module can be installed with composer. The module can be installed with composer.
composer require cirrusidentity/simplesamlphp-module-authoauth2
Or you can install the latest from master
composer require cirrusidentity/simplesamlphp-module-authoauth2:dev-master composer require cirrusidentity/simplesamlphp-module-authoauth2:dev-master
## Changelog
[View the change log](CHANGELOG.md)
# Usage # Usage
The generic OAuth2 client is configured with The generic OAuth2 client is configured with
...@@ -157,10 +167,13 @@ or by using the template option ...@@ -157,10 +167,13 @@ or by using the template option
## Samples ## Samples
Several of these samples show how to configure the generic endpoint to authenticate against Facebook, Amazon and Google, etc. Several of these samples show how to configure the generic endpoint to authenticate against Facebook, Amazon and Google, etc.
In a lot of cases there are provider specific implementations of the base OAuth2 client and using one of those may In a lot of cases you can use a template from `ConfigTemplate` to make the configuration cleaner or you can use a provider specific implementations of the base OAuth2 client.
simplify the configuration
### Generic Facebook ### Generic Facebook
You can use the Facebook template `'template' => 'Facebook',` and then provide just the `clientId` and `clientSecret` to
have a cleaner looking config
```php ```php
'genericFacebookTest' => array( 'genericFacebookTest' => array(
'authoauth2:OAuth2', 'authoauth2:OAuth2',
...@@ -199,14 +212,16 @@ simplify the configuration ...@@ -199,14 +212,16 @@ simplify the configuration
### Generic Google ### Generic Google
View [full Google](/docs/GOOGLE.md) instructions.
```php ```php
'genericGoogleTest' => array( 'genericGoogleTest' => array(
'authoauth2:OAuth2', 'authoauth2:OAuth2',
// *** Google Endpoints *** // *** Google Endpoints ***
'urlAuthorize' => 'https://accounts.google.com/o/oauth2/auth', 'urlAuthorize' => 'https://accounts.google.com/o/oauth2/auth',
'urlAccessToken' => 'https://accounts.google.com/o/oauth2/token', 'urlAccessToken' => 'https://accounts.google.com/o/oauth2/token',
'urlResourceOwnerDetails' => 'https://www.googleapis.com/plus/v1/people/me/openIdConnect', 'urlResourceOwnerDetails' => 'https://www.googleapis.com/oauth2/v3/userinfo',
//'urlResourceOwnerDetails' => 'https://www.googleapis.com/plus/v1/people/me?fields=id,name',
// *** My application *** // *** My application ***
'clientId' => '685947170891-exmaple.apps.googleusercontent.com', 'clientId' => '685947170891-exmaple.apps.googleusercontent.com',
'clientSecret' => 'wV0FdFs_example', 'clientSecret' => 'wV0FdFs_example',
...@@ -221,6 +236,9 @@ simplify the configuration ...@@ -221,6 +236,9 @@ simplify the configuration
### Provider Specific Google ### Provider Specific Google
View [full Google](/docs/GOOGLE.md) instructions.
```php ```php
'googleProvider' => array( 'googleProvider' => array(
// Must install correct provider with: composer require league/oauth2-google // Must install correct provider with: composer require league/oauth2-google
......
...@@ -5,7 +5,7 @@ ...@@ -5,7 +5,7 @@
- [Google as an AuthSource](#google-as-an-authsource) - [Google as an AuthSource](#google-as-an-authsource)
- [Usage](#usage) - [Usage](#usage)
- [Recommended Config](#recommended-config) - [Recommended Config](#recommended-config)
- [Resitricting hosted domain](#resitricting-hosted-domain) - [Restricting hosted domain](#restricting-hosted-domain)
- [Creating Google OIDC Client](#creating-google-oidc-client) - [Creating Google OIDC Client](#creating-google-oidc-client)
<!-- END doctoc generated TOC please keep comment here to allow auto update --> <!-- END doctoc generated TOC please keep comment here to allow auto update -->
...@@ -15,8 +15,9 @@ ...@@ -15,8 +15,9 @@
Google provides both OIDC and Google Plus endpoints for learning about Google provides both OIDC and Google Plus endpoints for learning about
a user. The OIDC endpoints require fewer client API permissions and a user. The OIDC endpoints require fewer client API permissions and
return data in a standardized format. The Google Plus endpoints can return data in a standardized format. The Google Plus endpoints can
return more data about a user but require Goolge Plus permissions and return more data about a user but require Google Plus permissions and
return data in a Google specific format. return data in a Google specific format. The Google Plus apis will be shutting down sometime in 2019
so we recommend using the OIDC endpoints
You can also choose between using the generic OAuth/OIDC implementation or using You can also choose between using the generic OAuth/OIDC implementation or using
a [Google specific library](https://github.com/thephpleague/oauth2-google/). a [Google specific library](https://github.com/thephpleague/oauth2-google/).
...@@ -51,7 +52,7 @@ $metadata['myEntityId'] = array( ...@@ -51,7 +52,7 @@ $metadata['myEntityId'] = array(
) )
``` ```
## Resitricting hosted domain ## Restricting hosted domain
If you want to restrict the hosted domain of a user you can pass the If you want to restrict the hosted domain of a user you can pass the
`hd` query parameter to Google. You **must** ensure the `hd` value `hd` query parameter to Google. You **must** ensure the `hd` value
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment