maicol07/laravel-oidc-client

OpenID Connect Client for Laravel

Maintainers

Details

github.com/maicol07/laravel-oidc-client

Source

Issues

Fund package maintenance!
maicol07
paypal.me/maicol072001/10eur

Installs: 290

Dependents: 0

Suggesters: 0

Security: 0

Stars: 25

Watchers: 2

Forks: 11

Open Issues: 0

pkg:composer/maicol07/laravel-oidc-client

1.1 2025-10-01 08:35 UTC

Requires

Requires (Dev)

MIT c7b0a7d33c21b598ec427b2c9f4c8a1dbe5706cb

  • Cabinet Office Digital Development <webmaster.woop@cabinetoffice.gov.uk>
  • Maicol Battistini <webmaster.woop@maicol07.it>

OpenIdAuthenticationoauth2SSOlaraveloidc

This package is auto-updated.

Last update: 2025-10-01 08:36:59 UTC

README

A Laravel package for delegating authentication to an OpenID Provider.

This package is an heavenly modified fork of cabinetoffice / oidc-client — Bitbucket

Requirements

  • PHP 8.3+
  • Laravel 11+
  • Composer 2

Installation

Begin by adding this package to your depedencies with the command:

composer require maicol07/laravel-oidc-client

If you have opted out from auto discovery, you'll need to add the following line to the list of registered service providers in config/app.php:

Maicol07\OIDCClient\OIDCServiceProvider::class

Edit your config/auth.php file to use OpenID as the authentication method for your users:

'guards' => [
    'web' => [
        'driver' => 'oidc',
        ...
    ],
    ...
],

Configuration

You can set the following environment variables to adjust the package settings:

  • OIDC_CLIENT_ID: Client ID of your app. This is commonly provided by your OIDC provider.
  • OIDC_CLIENT_SECRET: Client secret of your app. This is commonly provided by your OIDC provider.
  • OIDC_PROVIDER_URL: URL of your OIDC provider. This is used if your provider supports OIDC Auto Discovery.
  • OIDC_CALLBACK_ROUTE: A path (with or without leading slash) to append to the provider name, to make the callback route path. Defaults to callback Example with the default values: oidc/callback (oidc/ + OIDC_CALLBACK_ROUTE_PATH)
  • OIDC_VERIFY: Verify SSL when sending requests to the server. Defaults to true. (Optional: You can set OIDC_CERT_PATH to an SSL certificate path if you set this option to false)
  • OIDC_HTTP_PROXY: If you have a proxy, set it here.
  • OIDC_SCOPES: A list of scopes, separated by a space ( ). Defaults to ['openid']. Example of valid value: openid email
  • OIDC_AUTHORIZATION_ENDPOINT_QUERY_PARAMS: A list of query parameters to add to the authorization endpoint encoded as a JSON object. Example of valid value: {"response_type":"code"}
  • OIDC_DISABLE_STATE_MIDDLEWARE_FOR_POST_CALLBACK: A boolean to disable the registration of the OIDCStateMiddleware middleware.
    This middleware rebuilds the session token held in the state parameter of a POST request to the callback route.

You can find other options to set and their env variables in config/oidc.php. Note that some options are not required (like endpoints) if you use OIDC auto discovery!

You can also publish the config file (config/oidc.php) if you want:

php artisan vendor:publish --provider="Maicol07\OIDCClient\OIDCServiceProvider"

How to use

Once everything is set up, you can replace your login system with a call to the route route('oidc.login'). For logouts, use the route route('oidc.logout').

You can set the following environment variables to specify the routes/URLs you want your users to be redirected to upon successful authentication/logout: OIDC_REDIRECT_PATH_AFTER_LOGIN and OIDC_REDIRECT_PATH_AFTER_LOGOUT.

You should add the Maicol07\OIDCClient\Models\Traits\LogsInWithOidc to your User model if you want to use the get the mapping relation.

Customizing user mappings

You can customize how the user information received from the OIDC provider is mapped to your User model by overriding the mapOIDCUserinfo method from the LogsInWithOidc trait in your User model. Here's an example of how to do this:

use Maicol07\OIDCClient\Models\Traits\LogsInWithOidc;
use Maicol07\OIDCClient\Models\OIDCUserinfo;
use Illuminate\Foundation\Auth\User as Authenticatable;
use Illuminate\Notifications\Notifiable;
use Laravel\Sanctum\HasApiTokens;
use Illuminate\Database\Eloquent\Factories\HasFactory;
class User extends Authenticatable
{
    use HasApiTokens, HasFactory, Notifiable, LogsInWithOidc;

    // Other model properties and methods...

    /**
     * Map OIDC UserInfo attributes to User model attributes.
     * 
     * This method can be overridden in the User model to customize the mapping.
     * 
     * @param string $issuer The OIDC issuer.
     * @param UserInfo $user_info The OIDC UserInfo object.
     * @param OidcAuthMapping $mapping The OIDC Auth Mapping instance.
     */
    public function mapOIDCUserinfo(string $issuer, UserInfo $user_info, OidcAuthMapping $mapping): void
    {
        // Custom mapping logic here
        $this->name = $user_info->get('name', $this->name);
        $this->email = $user_info->get('email', $this->email);
        // Add more mappings as needed
    }
}

Originally developed by Cabinet Office Digital Development in October 2019.

Currently maintained by maicol07 from October 2021