serato / sso-auth-request
Library for handling SSO authorisation requests
Installs: 58 092
Dependents: 0
Suggesters: 0
Security: 0
Stars: 1
Watchers: 12
Forks: 6
Open Issues: 0
Requires
- php: ^7.1
- aws/aws-sdk-php: ^3.0
- ramsey/uuid: ^3.0.0
- serato/sws-php-sdk: ^4.0.0
Requires (Dev)
- enlightn/security-checker: ^1.4
- guzzlehttp/guzzle: ^6.0.0
- phpstan/phpstan: ^0.11.0
- phpstan/phpstan-phpunit: ^0.11.0
- phpunit/phpunit: ~7.0
- squizlabs/php_codesniffer: ~3.6
This package is auto-updated.
Last update: 2024-07-11 22:40:51 UTC
README
A PHP library for handling web application authorisation requests to the Serato SSO service.
SSO authorisation request lifecycle
The SSO authorisation request lifecycle for a web application is as follows:
- The web application creates a new authorisation request using the
\Serato\SsoRequest\AuthRequest
class:- The web application provides a return URL that the SSO service will redirect to after the sign on process.
- A storage mechanism is provided to persist the authorisation request details during redirection to the SSO website.
- The new authorisation request returns an ID.
- The browser is redirected to the SSO website providing the authorisation request ID in the
state
URI parameter. - The browser is returned to the web application from the SSO service, with the SSO service providing back the
state
parameter as well as acode
parameter. - The web application creates an
\Serato\SsoRequest\AuthRequest
instance by providing the authorisation id passed via thestate
URI parameter. - The web application receives access and refresh tokens from the SSO service by using the
\Serato\SsoRequest\AuthRequest
instance and the value provided in thecode
URI parameter.
Storing authorisation requests during SSO redirection
A Serato\SsoRequest\AuthRequestStorageInterface
storage interface is defined for storing authorisation requests during SSO redirection.
A AuthRequestStorageInterface
implementation stores the application ID, request ID and redirect URL values used during the authorisation lifecyle, as well as timestamps and a means of indication that the authorisation process is complete.
The Serato\SsoRequest\AuthRequestDynamoDbStorage
class provides an implementation of Serato\SsoRequest\AuthRequestStorageInterface
using a DynamoDB table as the storage mechanism.
Using the \Serato\SsoRequest\AuthRequest
class in the request lifecycle
Note: All examples use Serato\SsoRequest\AuthRequestDynamoDbStorage
as the storage mechanism.
Create a new authorisation request (Step 1. above)
use Serato\SsoRequest\AuthRequest; use Serato\SsoRequest\AuthRequestDynamoDbStorage; // Application ID of the web application $appId = 'my-app-id'; // URI that the SSO service will redirect to after sign on $redirectUri = 'http://my.server.com/uri/after/soo'; // Create a new AuthRequest // Assumes `$awsSdk` is a correctly configured `Aws\Sdk` instance $authRequest = AuthRequest::create( $appId, $redirectUri, new AuthRequestDynamoDbStorage($awsSdk) ); // Get the new request ID $requestId = $authRequest->getId(); // Construct the SSO service URI to redirect the browser to $ssoStartUri = 'http://sso.service.com?' . http_build_query([ 'app_id' => $appId, 'state' => $authRequest->getId(), 'redirect_uri' => $redirectUri ]); ## Redirect the browser to the SSO service
Create a AuthRequest
instance after returning to the web applicaton after sign on (Step 5. above), and use it to fetch refresh and access tokens from the SSO service (Step 6. above)
use Serato\SsoRequest\AuthRequest; use Serato\SsoRequest\AuthRequestDynamoDbStorage; // Application ID of the web application $appId = 'my-app-id'; // Create a new AuthRequest // Assumes `$awsSdk` is a correctly configured `Aws\Sdk` instance // Assumes `$requestId` is obtained from the `state` URI parameter $authRequest = AuthRequest::createFromStorage( $requestId, $appId, new AuthRequestDynamoDbStorage($awsSdk) ); // Now fetch refresh and access tokens from the SSO service // Assumes `$swsSdk` a configured `Serato\SwsSdk\Sdk` instance; // Assumes `$code` is obtained from the `code` URI parameter $result = $authRequest->getTokens($swsSdk, $code); ## $result is a `Serato\SwsSdk\Result` instance ## Use array access syntax to access result data