OAuth2ClientMetadata uses ConstantsTrait

Enumeration of OAuth 2.0 / OpenID Connect client metadata field names.

$registration =
[
    OAuth2ClientMetadata::CLIENT_NAME                => 'My App' ,
    OAuth2ClientMetadata::REDIRECT_URIS              => [ 'https://app.example/cb' ] ,
    OAuth2ClientMetadata::GRANT_TYPES                => [ OAuth2GrantType::AUTHORIZATION_CODE ] ,
    OAuth2ClientMetadata::RESPONSE_TYPES             => [ OAuth2ResponseType::CODE ] ,
    OAuth2ClientMetadata::TOKEN_ENDPOINT_AUTH_METHOD => OAuth2TokenEndpointAuthMethod::PRIVATE_KEY_JWT ,
    OAuth2ClientMetadata::SCOPE                      => 'openid profile email' ,
    OAuth2ClientMetadata::JWKS_URI                   => 'https://app.example/jwks.json' ,
] ;

Tags

see

OidcDiscoveryField

OAuth2GrantType

OAuth2ResponseType

OAuth2TokenEndpointAuthMethod

OAuth2SubjectType

JwtAlgorithm

author

Marc Alcaraz (ekameleon)

since

1.1.0

Table of Contents

Constants

APPLICATION_TYPE  : string = 'application_type'

`application_type` — Kind of the application, `web` or `native` (OIDC DCR §2).

BACKCHANNEL_LOGOUT_SESSION_REQUIRED  : string = 'backchannel_logout_session_required'

`backchannel_logout_session_required` — Whether a `sid` is required in the Logout Token (OIDC Back-Channel Logout 1.0).

BACKCHANNEL_LOGOUT_URI  : string = 'backchannel_logout_uri'

`backchannel_logout_uri` — URI invoked for back-channel logout (OIDC Back-Channel Logout 1.0).

CLIENT_ID  : string = 'client_id'

`client_id` — Issued client identifier (RFC 7591 §3.2.1).

CLIENT_ID_ISSUED_AT  : string = 'client_id_issued_at'

`client_id_issued_at` — Time the `client_id` was issued, as a NumericDate (RFC 7591 §3.2.1).

CLIENT_NAME  : string = 'client_name'

`client_name` — Human-readable name of the client (RFC 7591 §2).

CLIENT_SECRET  : string = 'client_secret'

`client_secret` — Issued client secret, when applicable (RFC 7591 §3.2.1).

CLIENT_SECRET_EXPIRES_AT  : string = 'client_secret_expires_at'

`client_secret_expires_at` — Expiration time of the `client_secret`, or `0` if it never expires, as a NumericDate (RFC 7591 §3.2.1).

CLIENT_URI  : string = 'client_uri'

`client_uri` — URL of the client's home page (RFC 7591 §2).

CONTACTS  : string = 'contacts'

`contacts` — Array of e-mail addresses of people responsible for the client (RFC 7591 §2).

DEFAULT_ACR_VALUES  : string = 'default_acr_values'

`default_acr_values` — Default requested Authentication Context Class Reference values (OIDC DCR §2).

DEFAULT_MAX_AGE  : string = 'default_max_age'

`default_max_age` — Default Maximum Authentication Age, in seconds (OIDC DCR §2).

FRONTCHANNEL_LOGOUT_SESSION_REQUIRED  : string = 'frontchannel_logout_session_required'

`frontchannel_logout_session_required` — Whether a `sid` is required at the front-channel logout URI (OIDC Front-Channel Logout 1.0).

FRONTCHANNEL_LOGOUT_URI  : string = 'frontchannel_logout_uri'

`frontchannel_logout_uri` — URI invoked for front-channel logout (OIDC Front-Channel Logout 1.0).

GRANT_TYPES  : string = 'grant_types'

`grant_types` — Array of grant types the client may use (RFC 7591 §2).

ID_TOKEN_ENCRYPTED_RESPONSE_ALG  : string = 'id_token_encrypted_response_alg'

`id_token_encrypted_response_alg` — JWE `alg` for encrypting the ID Token (OIDC DCR §2).

ID_TOKEN_ENCRYPTED_RESPONSE_ENC  : string = 'id_token_encrypted_response_enc'

`id_token_encrypted_response_enc` — JWE `enc` for encrypting the ID Token (OIDC DCR §2).

ID_TOKEN_SIGNED_RESPONSE_ALG  : string = 'id_token_signed_response_alg'

`id_token_signed_response_alg` — JWS `alg` for signing the ID Token (OIDC DCR §2).

INITIATE_LOGIN_URI  : string = 'initiate_login_uri'

`initiate_login_uri` — URI a third party can use to initiate login at the client (OIDC DCR §2).

JWKS  : string = 'jwks'

`jwks` — Client's JSON Web Key Set by value (RFC 7591 §2). Mutually exclusive with {@see self::JWKS_URI}.

JWKS_URI  : string = 'jwks_uri'

`jwks_uri` — URL of the client's JSON Web Key Set document (RFC 7591 §2).

LOGO_URI  : string = 'logo_uri'

`logo_uri` — URL of the client's logo (RFC 7591 §2).

POLICY_URI  : string = 'policy_uri'

`policy_uri` — URL of the client's privacy policy (RFC 7591 §2).

POST_LOGOUT_REDIRECT_URIS  : string = 'post_logout_redirect_uris'

`post_logout_redirect_uris` — Array of redirect URIs allowed after logout (OIDC RP-Initiated Logout 1.0).

REDIRECT_URIS  : string = 'redirect_uris'

`redirect_uris` — Array of redirection URIs used by the client (RFC 7591 §2).

REGISTRATION_ACCESS_TOKEN  : string = 'registration_access_token'

`registration_access_token` — Bearer token to access the client configuration endpoint (RFC 7592 §3).

REGISTRATION_CLIENT_URI  : string = 'registration_client_uri'

`registration_client_uri` — URL of the client configuration endpoint (RFC 7592 §3).

REQUEST_OBJECT_ENCRYPTION_ALG  : string = 'request_object_encryption_alg'

`request_object_encryption_alg` — JWE `alg` for encrypting Request Objects (OIDC DCR §2).

REQUEST_OBJECT_ENCRYPTION_ENC  : string = 'request_object_encryption_enc'

`request_object_encryption_enc` — JWE `enc` for encrypting Request Objects (OIDC DCR §2).

REQUEST_OBJECT_SIGNING_ALG  : string = 'request_object_signing_alg'

`request_object_signing_alg` — JWS `alg` for signing Request Objects (OIDC DCR §2).

REQUEST_URIS  : string = 'request_uris'

`request_uris` — Array of pre-registered `request_uri` values (OIDC DCR §2).

REQUIRE_AUTH_TIME  : string = 'require_auth_time'

`require_auth_time` — Whether the `auth_time` claim is always required (OIDC DCR §2).

RESPONSE_TYPES  : string = 'response_types'

`response_types` — Array of response types the client may use (RFC 7591 §2).

SCOPE  : string = 'scope'

`scope` — Space-separated list of scopes the client may request (RFC 7591 §2).

SECTOR_IDENTIFIER_URI  : string = 'sector_identifier_uri'

`sector_identifier_uri` — URL providing the redirect URIs used to compute a pairwise `sub` value (OIDC DCR §2).

SOFTWARE_ID  : string = 'software_id'

`software_id` — Unique identifier for the client software (RFC 7591 §2).

SOFTWARE_STATEMENT  : string = 'software_statement'

`software_statement` — Signed JWT asserting client metadata (RFC 7591 §2.3).

SOFTWARE_VERSION  : string = 'software_version'

`software_version` — Version of the client software (RFC 7591 §2).

SUBJECT_TYPE  : string = 'subject_type'

`subject_type` — Requested subject identifier type (OIDC DCR §2).

TOKEN_ENDPOINT_AUTH_METHOD  : string = 'token_endpoint_auth_method'

`token_endpoint_auth_method` — Client authentication method for the token endpoint (RFC 7591 §2). See {@see OAuth2TokenEndpointAuthMethod}.

TOKEN_ENDPOINT_AUTH_SIGNING_ALG  : string = 'token_endpoint_auth_signing_alg'

`token_endpoint_auth_signing_alg` — JWS `alg` for client assertions at the token endpoint (OIDC DCR §2).

TOS_URI  : string = 'tos_uri'

`tos_uri` — URL of the client's terms of service (RFC 7591 §2).

USERINFO_ENCRYPTED_RESPONSE_ALG  : string = 'userinfo_encrypted_response_alg'

`userinfo_encrypted_response_alg` — JWE `alg` for encrypting UserInfo responses (OIDC DCR §2).

USERINFO_ENCRYPTED_RESPONSE_ENC  : string = 'userinfo_encrypted_response_enc'

`userinfo_encrypted_response_enc` — JWE `enc` for encrypting UserInfo responses (OIDC DCR §2).

USERINFO_SIGNED_RESPONSE_ALG  : string = 'userinfo_signed_response_alg'

`userinfo_signed_response_alg` — JWS `alg` for signing UserInfo responses (OIDC DCR §2).