furdarius / oidconnect-laravel Goto Github PK

The OpenIDConnect Laravel package is meant to provide you an opportunity to easily authenticate users using OpenID Connect protocol.

License: MIT License

PHP 100.00%

openid-connect openidconnect oidc sso authentication oauth2 laravel authorization oauth openidconnect-client

oidconnect-laravel's Introduction

The OpenIDConnect Laravel package is meant to provide you an opportunity to easily authenticate users using OpenID Connect protocol.

Installation

To install this package you will need:

Laravel 5.4+
PHP 7.1+

Use composer to install

composer require furdarius/oidconnect-laravel:dev-master

Open config/app.php and register the required service providers above your application providers.

'providers' => [
    ...
    Laravel\Socialite\SocialiteServiceProvider::class,
    Furdarius\OIDConnect\ServiceProvider::class
    ...
]

If you'd like to make configuration changes in the configuration file you can pubish it with the following Aritsan command:

php artisan vendor:publish --provider="Furdarius\OIDConnect\ServiceProvider"

After that, roll up migrations:

php artisan migrate

Usage

Configuration

At first you will need to add credentials for the OpenID Connect service your application utilizes. These credentials should be placed in your config/opidconnect.php configuration file.

<?php

return [
    'client_id' => 'CLIENT_ID_HERE',
    'client_secret' => 'CLIENT_SECRET_HERE',
    'redirect' => env('APP_URL') . '/auth/callback',
    'auth' => 'https://oidc.service.com/auth',
    'token' => 'https://oidc.service.com/token',
    'keys' => 'https://oidc.service.com/keys',
];

Endpoints

Now, your app has auth endpoints:

GET /auth/redirect - Used to redirect client to Auth Service login page.
GET /auth/callback - Used when Auth Service redirect client to callback url with code.
POST /auth/refresh - Used by client for ID Token refreshing.

Middleware

You need to use Auth Middleware on protected routes. Open App\Http\Kernel and register middleware in $routeMiddleware:

protected $routeMiddleware = [
    'token' => \Furdarius\OIDConnect\TokenMiddleware::class
];

And then use it as usual:

Route::middleware('token')->get('/protected', function (Illuminate\Http\Request $request) {
    return "You are on protected zone";
});

User Auth

Create your own StatelessGuard and setup it in config/auth.php. Example:

Guard:

<?php

namespace App\Auth;

use Illuminate\Auth\AuthenticationException;
use Illuminate\Auth\GuardHelpers;
use Illuminate\Contracts\Auth\Authenticatable;
use Illuminate\Contracts\Auth\Guard;
use Illuminate\Support\Traits\Macroable;

class StatelessGuard implements Guard
{
    use GuardHelpers, Macroable;

    /**
     * @return \Illuminate\Contracts\Auth\Authenticatable
     * @throws AuthenticationException
     */
    public function user()
    {
        if (null === $this->user) {
            throw new AuthenticationException('Unauthenticated user');
        }

        return $this->user;
    }

    /**
     * @param array $credentials
     * @return bool
     */
    public function validate(array $credentials = [])
    {
        return $this->user instanceof Authenticatable;
    }
}

Config (config/auth.php):

'defaults' => [
    'guard' => 'stateless',
    'passwords' => 'users',
],

...

'guards' => [
    'stateless' => [
        'driver' => 'stateless'
    ]
],

Then implement own Authenticator. Example:

<?php

namespace App\Auth;

use App\User;
use Furdarius\OIDConnect\Contract\Authenticator;
use Furdarius\OIDConnect\Exception\AuthenticationException;
use Lcobucci\JWT\Token\DataSet;

class PersonAuthenticatorAdapter implements Authenticator
{
    /**
     * @param DataSet $claims
     *
     * @return void
     */
    public function authUser(DataSet $claims)
    {
        $email = $claims->get('email');
        if (!$email) {
            throw new AuthenticationException('User\'s email not present in token');
        }

        $model = new User(['email' => $email]);

        \Auth::setUser($model);
    }
}

And implement auth guard service provider. Example:

<?php

namespace App\Auth;

use Furdarius\OIDConnect\Contract\Authenticator;
use Illuminate\Support\ServiceProvider;

class AuthenticatorServiceProvider extends ServiceProvider
{
    /**
     * Bootstrap any application services.
     *
     * @return void
     */
    public function boot()
    {
        \Auth::extend('stateless', function () {
            return new StatelessGuard();
        });
    }

    /**
     * Register any application services.
     *
     * @return void
     */
    public function register()
    {
        $this->app->singleton(Authenticator::class, function ($app) {
            return new PersonAuthenticatorAdapter();
        });
    }
}

Then register it in config/app.php:

'providers' => [
    ...
    App\Auth\AuthenticatorServiceProvider::class,
    ...
]

Now you can use \Auth::user(); for getting current user information.

oidconnect-laravel's People

Contributors

Stargazers

Watchers

oidconnect-laravel's Issues

Issue with installing package in laravel 5.5

When require the package in composer it shows me the following error

Your requirements could not be resolved to an installable set of packages.

Problem 1
- Installation request for furdarius/oidconnect-laravel dev-master -> satisf iable by furdarius/oidconnect-laravel[dev-master].
- furdarius/oidconnect-laravel dev-master requires lcobucci/jwt ^4.0-dev -> satisfiable by lcobucci/jwt[4.0.0-alpha1, 4.0.x-dev] but these conflict with you r requirements or minimum-stability.

Installation failed, reverting ./composer.json to its original content.

Argument 1 passed to Furdarius\OIDConnect\OIDConnectSocialiteProvider::mapUserToObject() must be of the type array, object given

After receiving the 'sub' with user's id, I routed it to the main blade (index). Before i can see the blade i got the error:
Argument 1 passed to Furdarius\OIDConnect\OIDConnectSocialiteProvider::mapUserToObject() must be of the type array, object given, called in [...]\OIDConnectSocialiteProvider.php line 97.
Any clue?

ACR values

Is it somehow possible to set ACR values?

Request doesn't contain auth token

Hi!
Sorry that I've created this issue again, but I didn't find an answer in the previous topic.

I've managed to connect to my provider and I get the JWT, I can view and parse it, however when I redirect to /protected or access the link I get this error: Client error 'POST to the IDP resulted in a 400 Bad Request' response: {'error':'invalid_request', 'error_description':'OAuth Client Authentication Failure because code parameter is missing}. Now, I understand the error message, but I don't know how to fix it, how or where can I add the code to the protected request.

The guide is not clear enough for me.
After parsing the JSON with the data, how can I use it? I've tried to use the method Auth::setUser($user), but it doesn't work, somehow the data doesn't persist!?

Argument 1 passed to GuzzleHttp\Client::__construct() must be of the type array, null given,

Hi, then i try to protect a resource with midleware 'auth' i get this ugly error:
Argument 1 passed to GuzzleHttp\Client::__construct() must be of the type array, null given, called in C:\wamp\www\advoca\vendor\furdarius\oidconnect-laravel\src\ServiceProvider.php on line 68
I have folowed all intructions. I use laravel 5.6 any ideas?

getAccessTokenResponse() undefined

Call to undefined method Furdarius\OIDConnect\OIDConnectSocialiteProvider::getAccessTokenResponse()

Request doesn't contain auth token

Probably this is not a project issue, but it will be good to clarify something i didint find in the docs:
After set the configuration as it says in the docs (-the provider works in another projects without laravel-), im trying to use \Auth::user() from url localhost:8000/protected, but im getting "Request doesn't contain auth token".
After some research i think the var $request passed in routes to the middleware 'token' (TokenMiddleware.php) doesnt have some key parameters. Is that it? Im feeling im not connecting to my provider, since a cant see where am i using the configuration of opidconnect.php.

Route::middleware('token')->get('/protected', function (Illuminate\Http\Request $request) {
    return "You are on protected zone";
});

Minimum Laravel Version?

Hi-- in the docs it's specified Laravel 5.1 is the minimum supported version. I'm on Laravel 5.2 and getting the following errors when installing:

    - Installation request for furdarius/oidconnect-laravel dev-master -> satisfiable by furdarius/oidconnect-laravel[dev-master].
    - Conclusion: remove laravel/framework v5.2.45
    - Conclusion: don't install laravel/framework v5.2.45
    - furdarius/oidconnect-laravel dev-master requires illuminate/routing ^5.4 -> satisfiable by illuminate/routing[5.4.x-dev, 5.5.x-dev, 5.6.x-dev, v5.4.0, v5.4.13, v5.4.17, v5.4.19, v5.4.27, v5.4.36, v5.4.9, v5.5.0, v5.5.16, v5.5.17, v5.5.2].
    - don't install illuminate/routing 5.4.x-dev|don't install laravel/framework v5.2.45

Is there a way to use this with Laravel 5.2?

SSO

Hi any guide on how to utilize this package to build SSO between Laravel application?

Thanks

Token printed

Ok, now im receiving the token, but its been printed in the browser. Something like:

{
    "name": null,
    "email": null,
    "token": "lwTokenkpXVCTokenbGciOTokenMTokenkpXVCTokenaWQiTokenFlTokenYzcToken"
}

As far as i could debug this, its coming from the callback() in AuthController. So, whats the next step? Should i send it to some other uri to get the user data from provider?

Client error: `POST https://preprod.signicat.com/oidc/token` resulted in a `400 Bad Request` response: {"error":"invalid_request","error_description":"Your client is configured to authenticate using CLIENT_SECRET_BASIC"}

Then I try do get token from oidc server i Get this error:

Client error: POST https://preprod.signicat.com/oidc/token resulted in a 400 Bad Request response: {"error":"invalid_request","error_description":"Your client is configured to authenticate using CLIENT_SECRET_BASIC"}

I debugget and find out that some how i need to set a parameter "auth" in order to switch to authorization: Basic.
Anyone now how to change this authentication from Client_secret_basic to basic? thankyou in advance