kronthto / laravel-oauth2-login
Provides a middleware to protect resources requiring an OAuth2 login
Installs: 15 188
Dependents: 1
Suggesters: 0
Security: 0
Stars: 22
Watchers: 1
Forks: 10
Open Issues: 1
Requires
- php: ^7.4|^8.0
- illuminate/support: ^8.0|^9.0|^10.0
- league/oauth2-client: ^1.0.2|^2.0
Requires (Dev)
- laravel/framework: >=8.0
- orchestra/testbench: ^6.0|^7.0|^8.0
- phpunit/phpunit: ^8.0|^9.0
README
This is a Laravel package that provides a middleware to protect routes requiring an OAuth2 login.
You could describe it as a bridge between Laravel and league/oauth2-client.
Features
- OAuth2 client middleware
- Keeps token in session
- Refreshes expired tokens
- (Cached) resource owner info
- Driver to allow integration with
Auth/auth()
Install
- Using composer:
$ composer require kronthto/laravel-oauth2-login
- Register the service provider (Auto-Discovery enabled):
Kronthto\LaravelOAuth2Login\ServiceProvider
- Publish the config file:
$ artisan vendor:publish --provider="Kronthto\LaravelOAuth2Login\ServiceProvider"
- Put the credentials of your OAuth Provider in the published config
Usage
Add the Kronthto\LaravelOAuth2Login\CheckOAuth2
middleware to the routes (-groups) you want to protect.
Bear in mind that this only ensures that some user is logged in, if you require further authorization checks those will still have to be implemented. This package stores the resource owner info as an Request-attribute to enable you to do so.
This redirects unauthenticated users. If on some routes you only want to check whether a session by this package exists (for instance to display a login/logout button in your template) use Kronthto\LaravelOAuth2Login\OnlyCheckOAuth
.
It will also refresh tokens and pull up to date resource owner data, but never redirect. On failure it just doesn't set the Request attribute.
Auth
guard
This is optional, as adding the middleware redirects the client anyways if not authenticated. If you want to utilize Policies however you will need to define a custom guard. A driver for it is provided by this package.
In your auth config, add the new guard like this:
'oauth2' => [ 'driver' => 'oauth2', // Config: oauth2login.auth_driver_key ]
You will need to assign a higher priority to CheckOAuth2
than \Illuminate\Auth\Middleware\Authenticate
, do this by overriding $middlewarePriority
in your Http-Kernel.
If you want to add the middleware globally, best do it as route-middleware, in middlewareGroups.web
, rather than the very global middleware array.
Changelog
Please see the CHANGELOG for more information on what has changed recently.
Credits
License
The MIT License (MIT). Please see the License File for more information.