alexandergabriel / filament-oauth2
Enable OAuth2 Authentication to FilamentPHP Panels
Fund package maintenance!
AlexanderGabriel
Installs: 3
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 0
Forks: 0
pkg:composer/alexandergabriel/filament-oauth2
Requires
- php: ^8.2
- filament/filament: ^4.0
- league/oauth2-client: ^2.8.1
- spatie/laravel-package-tools: ^1.92.7
Requires (Dev)
- laravel/pint: ^1.25.1
- nunomaduro/collision: ^8.8.2
- nunomaduro/larastan: ^3.8.0
- orchestra/testbench: ^10.6.0
- pestphp/pest: ^4.1.3
- pestphp/pest-plugin-arch: ^4.0.0
- pestphp/pest-plugin-laravel: ^4.0.0
- phpstan/extension-installer: ^1.4.3
- phpstan/phpstan-deprecation-rules: ^2.0.3
- phpstan/phpstan-phpunit: ^2.0.8
README
!!!
This Plugin is still under development and only tested with Keycloak.
This is my first FilamentPHP-Plugin.
Feedback welcome.
!!!
This Plugin enables OAuth2-Login for FilamentPHP Panels.
Login and logout is done by OAuth2-Server.
If the OAuth2-Server provides roles for your client, they will be mapped to the App\Models\Role-Model
Non-existing Roles will be created.
Users will be detached to roles not in the access token any more.
Installation
You can install the package via composer:
composer require alexandergabriel/filament-oauth2
You can publish the config file with:
php artisan vendor:publish --tag="filament-oauth2-config"
This is the contents of the published config file:
return [ 'clientId' => env("OAUTH2_CLIENT_ID"), 'clientSecret' => env("OAUTH2_CLIENT_SECRET"), 'baseUrl' => env("OAUTH2_BASE_URL"), // https://DOMAIN/realms/REALM/protocol/openid-connect 'urlAuthorize' => env("OAUTH2_URL_AUTHORIZE", env("OAUTH2_BASE_URL")."/auth"), 'urlAccessToken' => env("OAUTH2_URL_ACCESS_TOKEN", env("OAUTH2_BASE_URL")."/token"), 'urlResourceOwnerDetails' => env("OAUTH2_URL_RESOURCE_OWNER_DETAILS", env("OAUTH2_BASE_URL")."/userinfo"), 'urlLogout' => env("OAUTH2_URL_LOGOUT", env("OAUTH2_BASE_URL")."/logout"), 'urlAfterlogout' => env("OAUTH2_URL_AFTER_LOGOUT", url('/')), 'scopes' => env("OAUTH2_SCOPES", "profile email openid"), 'updateRoles' => env("OAUTH2_UPDATE_ROLES", false) ];
Usage
Load Plugin in your PanelProvider under filament-oauth2-demo/app/Providers/Filament:
class YOURPanelProvider extends PanelProvider { public function panel(Panel $panel): Panel { return $panel ->plugin( new FilamentOauth2Plugin() )
To configure, add some config to your .env:
- OAUTH2_CLIENT_ID*
- OAuth2 client id, mandatory
- OAUTH2_CLIENT_SECRET*
- OAuth2 client secret, mandatory
- OAUTH2_BASE_URL*
- Base url to OAuth2 authentication server
- must include realm: https://DOMAIN/realms/REALM/protocol/openid-connect
- OAUTH2_URL_AUTHORIZE
- authorization url
- defaults to OAUTH2_BASE_URL+/auth
- OAUTH2_URL_ACCESS_TOKEN
- token url
- defaults to OAUTH2_BASE_URL+/token
- OAUTH2_URL_RESOURCE_OWNER_DETAILS
- resource owner details url
- defaults to OAUTH2_BASE_URL+/userinfo
- todo: needed?
- OAUTH2_URL_LOGOUT
- logout url
- defaults to OAUTH2_BASE_URL+/logout
- OAUTH2_URL_AFTER_LOGOUT
- post_logout_redirect_uri
- defaults to base url of Laravel app (without panel)
- OAUTH2_SCOPES
- scopes
- defaults to "profile email openid"
- OAUTH2_UPDATE_ROLES
- look for roles in token and update/create and map them
- defaults to false
Changelog
Please see CHANGELOG for more information on what has changed recently.
Contributing
Please see CONTRIBUTING for details.
Security Vulnerabilities
Please review our security policy on how to report security vulnerabilities.
Credits
- To all helping developing and keeping alive FilamentPHP, PHP, OAuth2 and the OpenSource Ecosystem!
- Alexander Gabriel
- All Contributors
License
The MIT License (MIT). Please see License File for more information.