hengkianggia/sso-helper

PHP Package for SSO Authentication with PKCE

Maintainers

Package info

github.com/hengkianggia/php-package

pkg:composer/hengkianggia/sso-helper

Statistics

Installs: 0

Dependents: 0

Suggesters: 0

Stars: 0

Open Issues: 0

Security

Advisories: 0

Aikido package health analysis

dev-master 2026-04-20 08:33 UTC

Requires

MIT f81f7f7b0abd96f6c142871c2394d4dbd0d6ae5b

  • Hengki Anggia <pengkyjd00.woop@gmail.com>

This package is not auto-updated.

Last update: 2026-04-21 07:08:22 UTC

README

This package makes it easy to integrate SSO Authentication with PKCE (Proof Key for Code Exchange) into your PHP frameworks (such as Laravel or CodeIgniter 4).

Installation

You can install this package via composer (once published to Packagist):

composer require solutest/sso-helper

Requirements

  • PHP 7.4 or 8.x
  • ext-curl
  • ext-json

Usage

Unlike Javascript environments where the code_verifier can be implicitly stored in localStorage, PHP operates on the server-side. You are responsible for saving the code_verifier into your session when generating the Login URL, and retrieving it when exchanging the token.

1. Generating Login URL (Redirecting User)

First, construct the config array and generate the login URL and code verifier:

use Solutest\SsoHelper\SsoClient;

$config = [
    'clientId' => 'YOUR_CLIENT_ID',
    'redirectUri' => 'http://your-app.test/callback',
    'ssoBaseUrl' => 'https://sso.your-mainsite.com'
];

$result = SsoClient::generateSSOLoginUrl($config);

$authUrl = $result['url'];
$codeVerifier = $result['codeVerifier'];

// ===== FRAMEWORK SPECIFIC SESSION HANDLING ===== //

// In Laravel:
// session(['sso_code_verifier' => $codeVerifier]);
// return redirect($authUrl);

// In CodeIgniter 4:
// session()->set('sso_code_verifier', $codeVerifier);
// return redirect()->to($authUrl);

2. Exchanging the Code for a Token (Callback)

On your /callback route, handle the incoming code parameter and retrieve your stored code_verifier:

use Solutest\SsoHelper\SsoClient;
use Solutest\SsoHelper\SSOException;

$code = $_GET['code'] ?? null; // Adjust based on your framework (e.g. $request->query('code'))

// Retrieve the code_verifier from your session
// In Laravel: $codeVerifier = session('sso_code_verifier');
// In CodeIgniter 4: $codeVerifier = session()->get('sso_code_verifier');

try {
    $tokenResponse = SsoClient::exchangeSSOToken($config, $code, $codeVerifier);
    
    // Success! 
    // $tokenResponse['access_token'] will be available here
    $accessToken = $tokenResponse['access_token'];
    
    // You can parse the payload using the built-in helper
    $payload = SsoClient::getSSOTokenPayload($accessToken);
    
    print_r($payload);
    
} catch (SSOException $e) {
    // Handle error during token exchange
    echo "SSO Failed: " . $e->getMessage();
}

Security

This package inherently relies on cryptographically secure random routines (random_int) and SHA-256 for PKCE.

License

The MIT License (MIT).