andrew-rose/oauth.php

There is no license information available for the latest version (dev-master) of this package.

Maintainers

Details

github.com/AndrewRose/oauth.php

Source

Issues

Installs: 0

Dependents: 0

Suggesters: 0

Security: 0

Stars: 6

Watchers: 3

Forks: 3

Open Issues: 0

dev-master 2021-02-10 10:12 UTC

Unknown License a17fb9a1910f94ccb88e28f770cd75eb067c41a0

This package is not auto-updated.

Last update: 2024-09-20 01:48:10 UTC

README

This little bit of code has one only one aim in life - to allow you to put links to identity providers Google/Microsoft on your login page which allows users to confirm their email address (identity) with a simple click and redirect to your app where if you trust Google/Microsoft you can login the user with the specified email address immediately with no requirement for a username/password, magic.

Currently only Google/Microsoft identify providers are configured but you shouldn't have any issues adding more to oauth.ini.

To install put oauth.php into your web root, configure oauth.ini and place OUTSIDE of your web root with your client id/secrets (see instructions below to obtain) and on your login page embed the login links, you can do this by visiting oauth.php directly and copying the html links and pasting directly onto your login page, or include them directly using jQuery i.e.

<div id="sso"></div>  
<script type="text/javascript">
    jQuery('#sso').load('oauth.php');
</script>

After the user clicks the link to their identity provider, the provider will authentic them (hopefully) and redirect back to oauth.php with the users email address which can then be used in your own login process i.e.

session_start();
$_SESSION['ssoEmail'] = $data[$settings[$idp]['emailIdentifier']];
header('Location: '.$settings['default']['uri']);
session_write_close();

The above sets a session variable ssoEmail and then redirects the user to the main application that checks for this session variable and if set will log the user in. You will need to edit the above code in ouath.php if your requirements are more advanced / different.

To register for Google SSO go to https://console.cloud.google.com and on the left select Credentials -> Create Credentials -> OAuth client ID. Application type is a Web Application and the Redirect URI will need to point to oauth.php in your web root i.e. https://your.domain/oauth.php.

To register for Microsoft SSO goto https://portal.azure.com and Azure Active Director -> App Registrations. Make sure the redirect URI points to oauth.php in your web root i.e. https://your.domain/oauth.php

Contributions more than welcome!