OidcDiscovery implements OidcDiscoveryInterface
Discovers OAuth 2.0 / OpenID Connect authorization server metadata.
Supports:
- OAuth 2.0 Authorization Server Metadata (RFC 8414)
- OpenID Connect Discovery 1.0
Tags
Table of Contents
Interfaces
- OidcDiscoveryInterface
- Contract for resolving OAuth/OIDC endpoint metadata from an issuer.
Constants
- CACHE_KEY_PREFIX = 'mcp_oidc_discovery_'
Properties
- $cache : CacheInterface|null
- $cacheTtl : int
- $httpClient : ClientInterface
- $metadataPolicy : OidcDiscoveryMetadataPolicyInterface
- $requestFactory : RequestFactoryInterface
Methods
- __construct() : mixed
- discover() : array<string, mixed>
- Discovers authorization server metadata from the issuer URL.
- getAuthorizationEndpoint() : string
- Gets the authorization endpoint from the authorization server metadata.
- getJwksUri() : string
- Gets the JWKS URI from the authorization server metadata.
- getTokenEndpoint() : string
- Gets the token endpoint from the authorization server metadata.
- fetchJson() : array<string, mixed>
- fetchMetadata() : array<string, mixed>
Constants
CACHE_KEY_PREFIX
private
mixed
CACHE_KEY_PREFIX
= 'mcp_oidc_discovery_'
Properties
$cache read-only
private
CacheInterface|null
$cache
= null
$cacheTtl read-only
private
int
$cacheTtl
= 3600
$httpClient
private
ClientInterface
$httpClient
$metadataPolicy
private
OidcDiscoveryMetadataPolicyInterface
$metadataPolicy
$requestFactory
private
RequestFactoryInterface
$requestFactory
Methods
__construct()
public
__construct([ClientInterface|null $httpClient = null ][, RequestFactoryInterface|null $requestFactory = null ][, CacheInterface|null $cache = null ][, int $cacheTtl = 3600 ][, OidcDiscoveryMetadataPolicyInterface|null $metadataPolicy = null ]) : mixed
Parameters
- $httpClient : ClientInterface|null = null
-
PSR-18 HTTP client (auto-discovered if null)
- $requestFactory : RequestFactoryInterface|null = null
-
PSR-17 request factory (auto-discovered if null)
- $cache : CacheInterface|null = null
-
PSR-16 cache for metadata (optional)
- $cacheTtl : int = 3600
-
Cache TTL in seconds (default: 1 hour)
- $metadataPolicy : OidcDiscoveryMetadataPolicyInterface|null = null
-
Metadata validation policy
discover()
Discovers authorization server metadata from the issuer URL.
public
discover(string $issuer) : array<string, mixed>
Tries endpoints in priority order per RFC 8414 and OpenID Connect Discovery:
- OAuth 2.0 path insertion: /.well-known/oauth-authorization-server/{path}
- OIDC path insertion: /.well-known/openid-configuration/{path}
- OIDC path appending: {path}/.well-known/openid-configuration
Parameters
- $issuer : string
-
The issuer URL (e.g., "https://auth.example.com/realms/mcp")
Tags
Return values
array<string, mixed> —The authorization server metadata
getAuthorizationEndpoint()
Gets the authorization endpoint from the authorization server metadata.
public
getAuthorizationEndpoint(string $issuer) : string
Parameters
- $issuer : string
-
The issuer URL
Tags
Return values
string —The authorization endpoint URL
getJwksUri()
Gets the JWKS URI from the authorization server metadata.
public
getJwksUri(string $issuer) : string
Parameters
- $issuer : string
-
The issuer URL
Tags
Return values
string —The JWKS URI
getTokenEndpoint()
Gets the token endpoint from the authorization server metadata.
public
getTokenEndpoint(string $issuer) : string
Parameters
- $issuer : string
-
The issuer URL
Tags
Return values
string —The token endpoint URL
fetchJson()
private
fetchJson(string $url) : array<string, mixed>
Parameters
- $url : string
Return values
array<string, mixed>fetchMetadata()
private
fetchMetadata(string $issuer) : array<string, mixed>
Parameters
- $issuer : string