Skip to content

Releases: stromcom/php-auth-client

v1.1.0 — given_name, family_name, phone_number claims

14 May 08:48
@stromcom stromcom
v1.1.0
06495ad

Choose a tag to compare

View all tags
v1.1.0 — given_name, family_name, phone_number claims Latest
Latest

Added

  • Claims::$givenName / Claims::$familyName — OIDC given_name / family_name claims (scope profile). The auth server now stores given_name and family_name separately from the display name.
  • Claims::$phoneNumber / Claims::$phoneNumberVerified — OIDC phone_number and phone_number_verified claims under the new phone scope. Request scope=phone at beginAuthorization() to receive them.

Notes

  • All new claims are nullable; tokens issued without the relevant scope (or by pre-1.1 servers) keep them as null — no breaking change for consumers that only read email / name / roles / groups.

Server requirement: the new claims require auth.stromcom.cz migration 20260525100000_add_user_personal_fields and scope phone in oauth_scopes. Older servers will simply emit null for the new properties — safe to deploy the client first.

Assets 2
Loading

v1.0.0 — Initial public release

13 May 18:10
@stromcom stromcom
v1.0.0
b973c75

Choose a tag to compare

View all tags
v1.0.0 — Initial public release

First public release of stromcom/auth-client — the official PHP client SDK for the auth.stromcom.cz SSO / OAuth 2.0 / OIDC server.

Highlights

  • OAuth 2.0 Authorization Code + PKCE flow for web apps (Client::beginAuthorization(), Client::exchangeCode())
  • Client Credentials flow for machine-to-machine (Client::clientCredentials())
  • Refresh token grant with rotation support (Client::refresh())
  • Local JWT verification via JWKS with kid-rotation and TTL cache (Client::verify())
  • UserInfo endpoint (Client::userInfo())
  • Logout URL builder (Client::logoutUrl())
  • OIDC discovery (Client::discover())
  • RFC 9068 strict modeiss, token_use, at+jwt required by default

Rich Claims API

hasRole, hasAnyRole, hasAllRoles, hasProjectRole, rolesForProject, hasGroup, hasAnyGroup, hasAllGroups, hasScope, requireRole, requireAnyRole, requireGroup, requireScope, requireUserToken, requireServiceToken, isExpired, secondsUntilExpiration, displayName, audience, claim.

JWKS caching

Pluggable JwksCacheInterface with three implementations out of the box:

  • InMemoryJwksCache — per-process (CLI / workers)
  • ApcuJwksCache — shared memory (recommended for FPM / Lambda)
  • FileJwksCache — single-host fallback when APCu is unavailable

HTTP transport

Tiny HttpClientInterface (one method) with a cURL default — bring your own adapter if you need Guzzle / Symfony HttpClient.

Requirements

  • PHP 8.3+
  • ext-curl, ext-json, ext-openssl
  • One runtime dependency: lcobucci/jwt ^5.5

Installation

```bash
composer require stromcom/auth-client
```

See the README for the quickstart and the docs/ directory for in-depth guides.

Loading