SSO
in package
Table of Contents
Properties
Methods
- __construct() : mixed
- authorizeLogout() : SSOLogoutAuthorizeResponse
- Logout Authorize
- deleteConnection() : void
- Delete a Connection
- getAuthorizationUrl() : string
- Initiate SSO
- getConnection() : Connection
- Get a Connection
- getLogoutUrl() : string
- Logout Redirect
- getProfile() : Profile
- Get a User Profile
- getProfileAndToken() : SSOTokenResponse
- Get a Profile and Token
- listConnections() : PaginatedResponse<string|int, Connection>
- List Connections
Properties
$client read-only
private
HttpClient
$client
Methods
__construct()
public
__construct(HttpClient $client) : mixed
Parameters
- $client : HttpClient
authorizeLogout()
Logout Authorize
public
authorizeLogout(string $profileId[, RequestOptions|null $options = null ]) : SSOLogoutAuthorizeResponse
You should call this endpoint from your server to generate a logout token which is required for the Logout Redirect endpoint.
Parameters
- $profileId : string
-
The unique ID of the profile to log out.
- $options : RequestOptions|null = null
Tags
Return values
SSOLogoutAuthorizeResponsedeleteConnection()
Delete a Connection
public
deleteConnection(string $id[, RequestOptions|null $options = null ]) : void
Permanently deletes an existing connection. It cannot be undone.
Parameters
- $id : string
-
Unique identifier for the Connection.
- $options : RequestOptions|null = null
Tags
getAuthorizationUrl()
Initiate SSO
public
getAuthorizationUrl(string $redirectUri[, array<string|int, string>|null $providerScopes = null ][, array<string, string>|null $providerQueryParams = null ][, string|null $domain = null ][, SSOProvider|null $provider = null ][, string|null $state = null ][, string|null $connection = null ][, string|null $organization = null ][, string|null $domainHint = null ][, string|null $loginHint = null ][, string|null $nonce = null ][, RequestOptions|null $options = null ]) : string
Initiates the single sign-on flow.
Parameters
- $redirectUri : string
-
Where to redirect the user after they complete the authentication process. You must use one of the redirect URIs configured via the Redirects page on the dashboard.
- $providerScopes : array<string|int, string>|null = null
-
Additional scopes to request from the identity provider. Applicable when using OAuth or OpenID Connect connections.
- $providerQueryParams : array<string, string>|null = null
-
Key/value pairs of query parameters to pass to the OAuth provider. Only applicable when using OAuth connections.
- $domain : string|null = null
-
(deprecated) Deprecated. Use
connectionororganizationinstead. Used to initiate SSO for a connection by domain. The domain must be associated with a connection in your WorkOS environment. - $provider : SSOProvider|null = null
-
Used to initiate OAuth authentication with various providers.
- $state : string|null = null
-
An optional parameter that can be used to encode arbitrary information to help restore application state between redirects. If included, the redirect URI received from WorkOS will contain the exact
statethat was passed. - $connection : string|null = null
-
Used to initiate SSO for a connection. The value should be a WorkOS connection ID.
You can persist the WorkOS connection ID with application user or team identifiers. WorkOS will use the connection indicated by the connection parameter to direct the user to the corresponding IdP for authentication.
- $organization : string|null = null
-
Used to initiate SSO for an organization. The value should be a WorkOS organization ID.
You can persist the WorkOS organization ID with application user or team identifiers. WorkOS will use the organization ID to determine the appropriate connection and the IdP to direct the user to for authentication.
- $domainHint : string|null = null
-
Can be used to pre-fill the domain field when initiating authentication with Microsoft OAuth or with a Google SAML connection type.
- $loginHint : string|null = null
-
Can be used to pre-fill the username/email address field of the IdP sign-in page for the user, if you know their username ahead of time. Currently supported for OAuth, OpenID Connect, Okta, and Entra ID connections.
- $nonce : string|null = null
-
A random string generated by the client that is used to mitigate replay attacks.
- $options : RequestOptions|null = null
Tags
Return values
stringgetConnection()
Get a Connection
public
getConnection(string $id[, RequestOptions|null $options = null ]) : Connection
Get the details of an existing connection.
Parameters
- $id : string
-
Unique identifier for the Connection.
- $options : RequestOptions|null = null
Tags
Return values
ConnectiongetLogoutUrl()
Logout Redirect
public
getLogoutUrl(string $token[, RequestOptions|null $options = null ]) : string
Logout allows to sign out a user from your application by triggering the identity provider sign out flow. This GET endpoint should be a redirection, since the identity provider user will be identified in the browser session.
Before redirecting to this endpoint, you need to generate a short-lived logout token using the Logout Authorize endpoint.
Parameters
- $token : string
-
The logout token returned from the Logout Authorize endpoint.
- $options : RequestOptions|null = null
Return values
stringgetProfile()
Get a User Profile
public
getProfile([RequestOptions|null $options = null ]) : Profile
Exchange an access token for a user's Profile. Because this profile is returned in the Get a Profile and Token endpoint your application usually does not need to call this endpoint. It is available for any authentication flows that require an additional endpoint to retrieve a user's profile.
Parameters
- $options : RequestOptions|null = null
Tags
Return values
ProfilegetProfileAndToken()
Get a Profile and Token
public
getProfileAndToken(string $code[, RequestOptions|null $options = null ]) : SSOTokenResponse
Get an access token along with the user Profile using the code passed to your Redirect URI.
Parameters
- $code : string
-
The authorization code received from the authorization callback.
- $options : RequestOptions|null = null
Tags
Return values
SSOTokenResponselistConnections()
List Connections
public
listConnections([string|null $before = null ][, string|null $after = null ][, int|null $limit = null ][, EventsOrder $order = EventsOrder::Desc ][, ConnectionsConnectionType|null $connectionType = null ][, string|null $domain = null ][, string|null $organizationId = null ][, string|null $search = null ][, RequestOptions|null $options = null ]) : PaginatedResponse<string|int, Connection>
Get a list of all of your existing connections matching the criteria specified.
Parameters
- $before : string|null = null
-
An object ID that defines your place in the list. When the ID is not present, you are at the end of the list.
- $after : string|null = null
-
An object ID that defines your place in the list. When the ID is not present, you are at the end of the list.
- $limit : int|null = null
-
Upper limit on the number of objects to return, between
1and100. Defaults to 10. - $order : EventsOrder = EventsOrder::Desc
-
Order the results by the creation time. Defaults to "desc".
- $connectionType : ConnectionsConnectionType|null = null
-
Filter Connections by their type.
- $domain : string|null = null
-
Filter Connections by their associated domain.
- $organizationId : string|null = null
-
Filter Connections by their associated organization.
- $search : string|null = null
-
Searchable text to match against Connection names.
- $options : RequestOptions|null = null