janboddez / laravel-indieauth
IndieAuth server for Laravel
Requires
- guzzlehttp/guzzle: ^7.0
- laravel/framework: ^8|^9
- laravel/sanctum: ^2|^3
- masterminds/html5: ^2.0
- mf2/mf2: ^0.5
- symfony/dom-crawler: ^5.4
This package is not auto-updated.
Last update: 2024-04-19 00:52:31 UTC
README
Adds the following routes to your Laravel application:
/indieauth (GET/POST)
├── /metadata (GET)
└── /token (GET/POST)
└── /revocation (POST)
After installation, run php artisan migrate. This will add a url column to Laravel's (default) users table, and nothing more.
To modify the simple authorization form, publish it to resources/views/vendor/indieauth:
php artisan vendor:publish --provider="janboddez\IndieAuth\IndieAuthServiceProvider" --tag="views"
Finally, for IndieAuth clients to be able to use your (token) endpoint, add the following to your Laravel application's head:
<link rel="authorization_endpoint" href="/indieauth">
<link rel="token_endpoint" href="/indieauth/token">
Sanctum
This package uses Laravel Sanctum to issue and verify tokens. By default, tokens never expire. It is, however, possible to define an expiration time.
Tokens can be revoked simply by sending a POST request to /token/revocation, using the token (i.e., as a bearer token in an authorization header) you wish to revoke.