codewiser / socialiteprovider
Zenit OAuth2 Provider for Laravel Socialite
Requires
- php: ^7.4 || ^8.0
- ext-json: *
- league/oauth2-client: ^2.7
- socialiteproviders/manager: ~4.0
README
composer require codewiser/socialiteprovider
Installation & Basic Usage
Please see the Base Installation Guide, then follow the provider specific instructions below.
Add configuration to config/services.php
'zenit' => [ 'base_uri' => env('ZENIT_SERVER'), 'client_id' => env('ZENIT_CLIENT_ID'), 'client_secret' => env('ZENIT_CLIENT_SECRET'), 'redirect' => env('ZENIT_REDIRECT_URI') ],
Add provider event listener
Configure the package's listener to listen for SocialiteWasCalled events.
Add the event to your listen[] array in app/Providers/EventServiceProvider. See the Base Installation Guide for detailed instructions.
protected $listen = [ \SocialiteProviders\Manager\SocialiteWasCalled::class => [ // ... other providers \SocialiteProviders\Zenit\ZenitExtendSocialite::class, ], ];
Usage
You should now be able to use the provider like you would regularly use Socialite (assuming you have the facade installed):
return Socialite::driver('zenit')->redirect();
Returned User fields
idnicknamenameemailavatar
Access Token
Access Token is now an object, not just a string.
$user = Socialite::driver('zenit')->user(); $token = $user->token; // \League\OAuth2\Client\Token\AccessToken
Error Response
Package provides response error handling compliant to rfc6749.
try { $user = Socialite::driver('zenit')->user(); } catch (OAuth2Exception $e) { return match ($e->getError()) { // Show response to the user 'access_denied', 'server_error', 'temporarily_unavailable' => redirect() ->to(route('login')) ->with('error', $e->getMessage()), // Silently 'interaction_required' => redirect()->to('/'), // Unrecoverable default => throw $e, }; }
Token Introspection
Package provides token introspection compliant to rfc7662.
use \Illuminate\Http\Request; use \SocialiteProviders\Zenit\rfc7662\IntrospectedTokenInterface; public function api(Request $request) { /** @var IntrospectedTokenInterface $token */ $token = Socialite::driver('zenit') ->introspectToken($request->bearerToken()); if ($token->isActive()) { // } }
Get user using existing token
$user = Socialite::driver('zenit') ->user($request->bearerToken());
Refreshing Token
$token = Socialite::driver('zenit') ->grantRefresh($refresh_token);
Client Token
$token = Socialite::driver('zenit') ->grantClientCredentials('scope-1 scope-2');
Token by username and password
$token = Socialite::driver('zenit') ->grantPassword($username, $password, 'scope-1 scope-2');
Token by custom grant
$token = Socialite::driver('zenit') ->grant('custom_grant', [/* any request params */]);
Token authorization
Register auth driver, that authorizes incoming requests with bearer tokens, issued by some OAuth 2.0 server.
use SocialiteProviders\Zenit\Auth\TokenAuthorization; use Laravel\Socialite\Facades\Socialite; Auth::viaRequest('access_token', new TokenAuthorization( socialiteProvider: 'zenit', cache: cache()->driver() ));
Next, register driver for the guard:
'guards' => [ 'web' => [ 'driver' => 'session', 'provider' => 'users', ], 'api' => [ 'driver' => 'access_token' ] ]
As access_token may not be associated with a user, the Authenticatable
object is a Bearer class. It exists only during request.
use Illuminate\Http\Request; use SocialiteProviders\Zenit\Auth\Bearer; public function index(Request $request) { $authenticated = $request->user(); if ($authenticated instanceof Bearer) { // Check scope $authenticated->getIntrospectedToken()->scope(); } }
Other hand, you may use the ScopedToken middleware to inspect token scopes:
use Illuminate\Support\Facades\Route; use SocialiteProviders\Zenit\Middlewares\ScopedToken; Route::get('example', 'ctl') ->middleware([ScopedToken::class.':my-scope,foo,bar'])