autisid / laravel-oidc-client
Laravel OpenID Connect client
Requires
- php: >=8.0
- autisid/oidc-client: ^1
Requires (Dev)
- friendsofphp/php-cs-fixer: ^3
- roave/security-advisories: dev-latest
This package is auto-updated.
Last update: 2024-04-30 00:56:49 UTC
README
A Laravel package for delegating authentication to an OpenID Provider.
This package is an heavenly modified fork of cabinetoffice / oidc-client — Bitbucket
Requirements
- PHP 8.0+
- Laravel 8+
- Composer 2
Installation
Begin by adding this package to your depedencies with the command:
composer require autisid/laravel-oidc-client
If you have opted out from auto discovery, you'll need to add the following line to the list of registered service
providers in config/app.php:
Autisid\OIDCClient\OIDCServiceProvider::class
Edit your config/auth.php file to use OpenID as the authentication method for your users:
'guards' => [ 'web' => [ 'driver' => 'oidc', ... ], ... ],
Configuration
You can set the following environment variables to adjust the package settings:
OIDC_CLIENT_ID: Client ID of your app. This is commonly provided by your OIDC provider.OIDC_CLIENT_SECRET: Client secret of your app. This is commonly provided by your OIDC provider.OIDC_PROVIDER_URL: URL of your OIDC provider. This is used if your provider supports OIDC Auto Discovery.OIDC_PROVIDER_NAME: This is a short name for your OpenID provider, which will only appears in your OpenID routes. Do not use spaces. Defaults tooidcOIDC_CALLBACK_ROUTE_PATH: A path (with or without leading slash) to append to the provider name, to make the callback route path. Defaults tocallbackExample with the default values:oidc/callback(OIDC_PROVIDER_NAME+/+OIDC_CALLBACK_ROUTE_PATH)OIDC_VERIFY: Verify SSL when sending requests to the server. Defaults totrue. (Optional: You can setOIDC_CERT_PATHto an SSL certificate path if you set this option tofalse)OIDC_HTTP_PROXY: If you have a proxy, set it here.OIDC_SCOPES: A list of scopes, separated by a comma (,). Defaults to['openid']. Example of valid value:openid,emailOIDC_AUTHORIZATION_ENDPOINT_QUERY_PARAMS: A list of query parameters to add to the authorization endpoint encoded as a JSON object. Example of valid value:{"response_type":"code"}OIDC_DISABLE_STATE_MIDDLEWARE_FOR_POST_CALLBACK: A boolean to disable the registration of theOIDCStateMiddlewaremiddleware.
This middleware rebuilds the session token held in thestateparameter of aPOSTrequest to thecallbackroute.OIDC_SUB_COLUMN: A column name to store uuid from openid to your user table.
You can find other options to set and their env variables in config/oidc.php. Note that some options are not
required (like endpoints) if you use OIDC auto discovery!
You can also publish the config file (config/oidc.php) if you want:
php artisan vendor:publish --provider="Autisid\OIDCClient\OIDCServiceProvider"
How to use
Once everything is set up, you can replace your login system with a call to the route route('oidc.login'). For
logouts, use the route route('oidc.logout').
You can set the following environment variables to specify the routes/URLs you want your users to be redirected to upon
successful authentication/logout: OIDC_REDIRECT_PATH_AFTER_LOGIN and OIDC_REDIRECT_PATH_AFTER_LOGOUT.
You may want to create your own User model. If yes, then you must extend Autisid\OIDCClient\User in order to get
auth working.
Check your auth.providers.users.model config value: it must be set to your custom User model or
to Autisid\OIDCClient\User instead.
Originally developed by Cabinet Office Digital Development in October 2019.
Currently maintained by maicol07 from October 2021
Modified by autisid in Februari 2023