Improve OpenID Documentation

[biwerr]

Please add to the openID documentation, that you musst add a new grant type

$config['use_openid_connect'] = true;
$config['issuer'] = 'brentertainment.com';
$server = new OAuth2\Server($config);
$server->addGrantType(new OAuth2\OpenID\GrantType\AuthorizationCode($storage));

[bshaffer]

This line of code should not be necessary. As long as use_openid_connect is true, the grant type above will automatically be added to the server object.

It's possible somewhere else in your code explicitly sets the grant types, and so getDefaultGrantTypes is never called, or something along these lines. Could you paste a full repro case here?

[biwerr]

Yes I set the GranTypes as mentioned in your Documentation

• Get Started With This Library
• Bootstrap your OAuth2 Server

    $storage = new OAuth2\Storage\Pdo(DB::connection()->getPdo());

    $server = new OAuth2\Server($storage,Config::get("oauth2.config"));

    $publicKey  = file_get_contents(Config::get('oauth2.openID.public_key_test'));
    $privateKey = file_get_contents(Config::get('oauth2.openID.private_key'));

    $keyStorage = new OAuth2\Storage\Memory(array('keys' => array(
        'public_key'  => $publicKey,
        'private_key' => $privateKey,
    )));

    $server->addGrantType(new OAuth2\GrantType\ClientCredentials($storage));
    $server->addGrantType(new OAuth2\GrantType\UserCredentials($storage));
    $server->addGrantType(new OAuth2\GrantType\AuthorizationCode($storage));
    $server->addGrantType(new OAuth2\GrantType\RefreshToken($storage,Config::get("oauth2.config")));
    $server->addGrantType(new OAuth2\OpenID\GrantType\AuthorizationCode($storage));
    $server->addStorage($keyStorage, 'public_key');

    return $server;

I'm currently following the this documentation to implement the OpenID connect, but I'm running into a few issues:

1. It is not mentioned that a UserClaimsInterface implementation also needs to be provided.
2. The documentation seems to mix a response_type=code request with an response_type=id_token response.
3. I'm unsure why a public / private keys are needed with the id_token flow. A signed id_token is stored in the authorisation code table, but is not sent over the internet.
4. Although fairly simple to work out, the UserInfoController is not documented.
5. As mentioned earlier, using just using OAuth2\GrantType\AuthorizationCode instead of adding OAuth2\OpenID\GrantType\AuthorizationCode.