arietimmerman/laravel-scim-server

Laravel Package for creating a SCIM server

Maintainers

Details

github.com/limosa-io/laravel-scim-server

Source

Issues

Installs: 333 051

Dependents: 1

Suggesters: 0

Security: 0

Stars: 68

Watchers: 10

Forks: 38

Open Issues: 5

v1.2.7 2025-08-28 18:04 UTC

Requires

Requires (Dev)

MIT 79056ac4bffa2a4e93df95290b7edce99aa84006

  • Arie Timmerman <arietimmerman.woop@gmail.com>

This package is auto-updated.

Last update: 2025-08-28 19:24:45 UTC

README

Latest Stable Version Total Downloads

Logo of Laravel SCIM Server, the SCIM server implementation from scim.dev, SCIM Playground

SCIM 2.0 Server implementation for Laravel

Add SCIM 2.0 Server capabilities to your Laravel application with ease. This package requires minimal configuration to get started with basic functionalities.

This implementation is used by The SCIM Playground and is therefore one of the most widely tested SCIM servers available.

Docker

To quickly spin up a SCIM test server using Docker, run:

docker run -d -p 8000:8000 --name laravel-scim-server ghcr.io/limosa-io/laravel-scim-server:latest

This command will start the server and bind it to port 8000 on your local machine. You can then access the SCIM endpoints at http://localhost:8000/scim/v2/Users. Other SCIM endpoints like /Groups, /Schemas, and /ResourceTypes will also be available.

Installation

Simply run:

composer require arietimmerman/laravel-scim-server

And optionally

php artisan vendor:publish --tag=laravel-scim

Routes

Method Path
GET|HEAD /
GET|HEAD scim/v1
GET|HEAD scim/v1/{fallbackPlaceholder}
POST scim/v2/.search
POST scim/v2/Bulk
GET|HEAD scim/v2/ResourceTypes
GET|HEAD scim/v2/ResourceTypes/{id}
GET|HEAD scim/v2/Schemas
GET|HEAD scim/v2/Schemas/{id}
GET|HEAD scim/v2/ServiceProviderConfig
GET|HEAD scim/v2/{fallbackPlaceholder}
GET|HEAD scim/v2/{resourceType}
POST scim/v2/{resourceType}
POST scim/v2/{resourceType}/.search
GET|HEAD scim/v2/{resourceType}/{resourceObject}
PUT scim/v2/{resourceType}/{resourceObject}
PATCH scim/v2/{resourceType}/{resourceObject}
DELETE scim/v2/{resourceType}/{resourceObject}

Configuration

The configuration is retrieved from SCIMConfig::class.

Extend this class and register your extension in app/Providers/AppServiceProvider.php like this.

$this->app->singleton('ArieTimmerman\Laravel\SCIMServer\SCIMConfig', YourCustomSCIMConfig::class);

An example override

Here's one way to override the default configuration without copying too much of the SCIMConfig file into your app.

<?php

class YourCustomSCIMConfig extends \ArieTimmerman\Laravel\SCIMServer\SCIMConfig
{
    public function getUserConfig()
    {
        $config = parent::getUserConfig();

        // Modify the $config variable however you need...

        return $config;
    }
}

Security & App Integration

By default, this package does no security checks on its own. This can be dangerous, in that a functioning SCIM Server can view, add, update, delete, or list users. You are welcome to implement your own security checks at the middleware layer, or somehow/somewhere else that makes sense for your application. But make sure to do something.

If you want to integrate into already existing middleware, you'll want to take the following steps -

Turn off automatic publishing of routes

Modify config/scim.php like this:

<?php
return [
    "publish_routes" => false
];

Next, explicitly publish your routes with your choice of middleware

In either your RouteServiceProvider, or in a particular route file, add the following:

use ArieTimmerman\Laravel\SCIMServer\RouteProvider as SCIMServerRouteProvider;

SCIMServerRouteProvider::publicRoutes(); // Make sure to add public routes *first*


Route::middleware('auth:api')->group(function () { // or any other middleware you choose
    SCIMServerRouteProvider::routes(
        [
            'public_routes' => false // but do not hide public routes (metadata) behind authentication
        ]
    );

    SCIMServerRouteProvider::meRoutes();
});

Test server

docker-compose up

Now visit http://localhost:18123/scim/v2/Users.