, (*1)
The OpenIDConnect Laravel package is meant to provide you an opportunity to easily authenticate users using OpenID Connect protocol., (*2)
, (*3)
Installation
To install this package you will need:
* Laravel 5.5+
* PHP 7.1+, (*4)
Use composer to install, (*5)
composer require muffycompo/oidconnect-laravel:dev-master
Open config/app.php and register the required service providers above your application providers., (*6)
'providers' => [
...
Laravel\Socialite\SocialiteServiceProvider::class,
Furdarius\OIDConnect\ServiceProvider::class
...
]
If you'd like to make configuration changes in the configuration file you can pubish it with the following Aritsan command:, (*7)
php artisan vendor:publish --provider="Furdarius\OIDConnect\ServiceProvider"
After that, roll up migrations:, (*8)
php artisan migrate
Usage
Configuration
At first you will need to add credentials for the OpenID Connect service your application utilizes.
These credentials should be placed in your config/opidconnect.php configuration file., (*9)
<?php
return [
'client_id' => 'CLIENT_ID_HERE',
'client_secret' => 'CLIENT_SECRET_HERE',
'redirect' => env('APP_URL') . '/auth/callback',
'auth' => 'https://oidc.service.com/auth',
'token' => 'https://oidc.service.com/token',
'keys' => 'https://oidc.service.com/keys',
];
Endpoints
Now, your app has auth endpoints:
* GET /auth/redirect - Used to redirect client to Auth Service login page.
* GET /auth/callback - Used when Auth Service redirect client to callback url with code.
* POST /auth/refresh - Used by client for ID Token refreshing., (*10)
Middleware
You need to use Auth Middleware on protected routes.
Open App\Http\Kernel and register middleware in $routeMiddleware:, (*11)
protected $routeMiddleware = [
'token' => \Furdarius\OIDConnect\TokenMiddleware::class
];
And then use it as usual:, (*12)
Route::middleware('token')->get('/protected-resource', function (Illuminate\Http\Request $request) {
return "You are on protected zone";
});
User Auth
Create your own StatelessGuard and setup it in config/auth.php. Example:, (*13)
Guard:, (*14)
<?php
namespace App\Auth;
use Illuminate\Auth\AuthenticationException;
use Illuminate\Auth\GuardHelpers;
use Illuminate\Contracts\Auth\Authenticatable;
use Illuminate\Contracts\Auth\Guard;
use Illuminate\Support\Traits\Macroable;
class StatelessGuard implements Guard
{
use GuardHelpers, Macroable;
/**
* @return \Illuminate\Contracts\Auth\Authenticatable
* @throws AuthenticationException
*/
public function user()
{
if (null === $this->user) {
throw new AuthenticationException('Unauthenticated user');
}
return $this->user;
}
/**
* @param array $credentials
* @return bool
*/
public function validate(array $credentials = [])
{
return $this->user instanceof Authenticatable;
}
}
Config (config/auth.php):, (*15)
'defaults' => [
'guard' => 'stateless',
'passwords' => 'users',
],
...
'guards' => [
'stateless' => [
'driver' => 'stateless'
]
],
Then implement own Authenticator. Example:, (*16)
<?php
namespace App\Auth;
use App\User;
use Furdarius\OIDConnect\Contract\Authenticator;
use Furdarius\OIDConnect\Exception\AuthenticationException;
use Lcobucci\JWT\Token\DataSet;
class PersonAuthenticatorAdapter implements Authenticator
{
/**
* @param DataSet $claims
*
* @return void
*/
public function authUser(DataSet $claims)
{
$email = $claims->get('email');
if (!$email) {
throw new AuthenticationException('User\'s email not present in token');
}
$model = new User(['email' => $email]);
\Auth::setUser($model);
}
}
And implement auth guard service provider. Example:, (*17)
<?php
namespace App\Auth;
use Furdarius\OIDConnect\Contract\Authenticator;
use Illuminate\Support\ServiceProvider;
class AuthenticatorServiceProvider extends ServiceProvider
{
/**
* Bootstrap any application services.
*
* @return void
*/
public function boot()
{
\Auth::extend('stateless', function () {
return new StatelessGuard();
});
}
/**
* Register any application services.
*
* @return void
*/
public function register()
{
$this->app->singleton(Authenticator::class, function ($app) {
return new PersonAuthenticatorAdapter();
});
}
}
Then register it in config/app.php:, (*18)
'providers' => [
...
App\Auth\AuthenticatorServiceProvider::class,
...
]
Now you can use \Auth::user(); for getting current user information., (*19)
Wallogit.com
