admin9/laravel-oidc-client
Composer 安装命令:
composer require admin9/laravel-oidc-client
包简介
Laravel OIDC Client package with PKCE support for SSO/SLO authentication
README 文档
README
English | 简体中文
A Laravel package for OIDC (OpenID Connect) authentication with PKCE support. Architecture-agnostic — works with Blade, Livewire, Inertia, or any Laravel stack.
Features
- OIDC Authorization Code Flow with PKCE
- Pluggable authentication strategy via
OidcAuthenticatorinterface - Automatic user provisioning from OIDC claims
- Flexible user mapping configuration
- Token revocation and SSO logout support
- Rate limiting on all endpoints
- Event system for authentication lifecycle
Requirements
- PHP 8.2+
- Laravel 11.x or 12.x
- Persistent session driver (redis, database, file)
Installation
composer require admin9/laravel-oidc-client php artisan vendor:publish --tag="oidc-client-config" php artisan vendor:publish --tag="oidc-client-migrations" php artisan migrate
Configuration
Add to .env:
OIDC_AUTH_SERVER_HOST=https://auth.example.com OIDC_CLIENT_ID=your-client-id OIDC_CLIENT_SECRET=your-client-secret OIDC_REDIRECT_URI=http://localhost:8000/auth/callback
Update app/Models/User.php:
protected $fillable = [ 'name', 'email', 'password', 'oidc_sub', 'auth_server_refresh_token', ]; protected $hidden = [ 'password', 'remember_token', 'auth_server_refresh_token', ]; protected function casts(): array { return [ 'email_verified_at' => 'datetime', 'password' => 'hashed', 'auth_server_refresh_token' => 'encrypted', ]; }
Usage
Routes
The package registers these routes:
| Method | URI | Description |
|---|---|---|
| GET | /auth/redirect |
Start OIDC flow |
| GET | /auth/callback |
Handle callback, create session, redirect |
How It Works
- User visits
/auth/redirect— redirected to your OIDC provider - After authentication, the provider redirects back to
/auth/callback - The package exchanges the authorization code for tokens, fetches user info, and creates/updates the local user
- The configured
OidcAuthenticatorhandles login (default: web session guard) and returns a response
Authentication Flow
Browser Your App OIDC Provider
│ │ │
├── GET /auth/redirect ──→ │ │
│ ├── Generate state + PKCE │
│ ├── Store in session │
│ ←── 302 Redirect ──────┤ │
├──────────────────────────────── Authorization ──────→ │
│ │ ├── User authenticates
│ ←───────────────────────────── 302 + code ──────────┤
├── GET /auth/callback ──→ │ │
│ ├── Validate state │
│ ├── Exchange code → tokens ─→│
│ │←── access_token ───────────┤
│ ├── Fetch userinfo ─────────→│
│ │←── user claims ────────────┤
│ ├── Find/create local user │
│ ├── OidcAuthenticator │
│ ←── Response ───────────┤ │
Login Link
<a href="/auth/redirect">Login with SSO</a>
Handling Errors
Authentication errors are flashed to the session:
@if (session('oidc_error')) <div class="alert alert-danger"> Authentication failed: {{ session('oidc_error_description') }} </div> @endif
Logout
Create a logout controller using OidcService:
use Admin9\OidcClient\Services\OidcService; public function logout(Request $request, OidcService $oidcService) { $user = $request->user(); $oidcService->revokeAuthServerToken($user); Auth::guard('web')->logout(); $request->session()->invalidate(); $request->session()->regenerateToken(); if ($oidcService->isOidcUser($user)) { return redirect($oidcService->getSsoLogoutUrl()); } return redirect('/'); }
Custom Authenticator
By default, the package uses SessionAuthenticator which logs in via Laravel's web guard. For SPA/JWT scenarios, implement the OidcAuthenticator interface:
use Admin9\OidcClient\Contracts\OidcAuthenticator; use Illuminate\Http\Request; use Symfony\Component\HttpFoundation\Response; class JwtAuthenticator implements OidcAuthenticator { public function authenticate(Request $request, mixed $user, array $tokens, array $userInfo): Response { $jwt = /* generate your JWT */; return response()->json(['token' => $jwt]); } }
Register it in config/oidc-client.php:
'authenticator' => \App\Services\JwtAuthenticator::class,
Events
The package dispatches two events during the authentication lifecycle:
| Event | Properties | When |
|---|---|---|
OidcUserAuthenticated |
$user, $userInfo, $isNewUser |
After successful authentication |
OidcAuthFailed |
$errorCode, $errorMessage |
When authentication fails |
Example listener:
// app/Listeners/LogOidcLogin.php use Admin9\OidcClient\Events\OidcUserAuthenticated; class LogOidcLogin { public function handle(OidcUserAuthenticated $event): void { logger()->info('OIDC login', [ 'user_id' => $event->user->getKey(), 'new' => $event->isNewUser, ]); } }
Optional Configuration
OIDC_REDIRECT_URL=/dashboard # Where to redirect after login (default: /dashboard) OIDC_POST_LOGOUT_REDIRECT_URL=/ # Where Auth Server redirects after SSO logout (default: /)
Documentation
- Configuration - All config options and environment variables
- Troubleshooting - Common issues and solutions
License
MIT
admin9/laravel-oidc-client 适用场景与选型建议
admin9/laravel-oidc-client 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 14 次下载、GitHub Stars 达 0, 最近一次更新时间为 2026 年 02 月 07 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「Authentication」 「oauth」 「SSO」 「laravel」 「oidc」 「pkce」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 admin9/laravel-oidc-client 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 admin9/laravel-oidc-client 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 admin9/laravel-oidc-client 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
WeChat OAuth SDK
Automatically logs-in users if they are already authenticated by a remote source. (e.g. environment variable REMOTE_USER)
GraphQL authentication for your headless Craft CMS applications.
Ory-Hydra OAuth 2.0 Client Provider for The PHP League OAuth2-Client
Library for ORCID web services
A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants. This library will allow you to secure your API with OAuth and allow your applications users to approve apps that want to access their data from your API.
统计信息
- 总下载量: 14
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 0
- 点击次数: 26
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2026-02-07