承接 admin9/laravel-oidc-client 相关项目开发

从需求分析到上线部署,全程专人跟进,保证项目质量与交付效率

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

admin9/laravel-oidc-client

Composer 安装命令:

composer require admin9/laravel-oidc-client

包简介

Laravel OIDC Client package with PKCE support for SSO/SLO authentication

README 文档

README

Latest Version on Packagist GitHub Tests Action Status PHPStan Total Downloads

English | 简体中文

A Laravel package for OIDC (OpenID Connect) authentication with PKCE support. Architecture-agnostic — works with Blade, Livewire, Inertia, or any Laravel stack.

Features

  • OIDC Authorization Code Flow with PKCE
  • Pluggable authentication strategy via OidcAuthenticator interface
  • Automatic user provisioning from OIDC claims
  • Flexible user mapping configuration
  • Token revocation and SSO logout support
  • Rate limiting on all endpoints
  • Event system for authentication lifecycle

Requirements

  • PHP 8.2+
  • Laravel 11.x or 12.x
  • Persistent session driver (redis, database, file)

Installation

composer require admin9/laravel-oidc-client
php artisan vendor:publish --tag="oidc-client-config"
php artisan vendor:publish --tag="oidc-client-migrations"
php artisan migrate

Configuration

Add to .env:

OIDC_AUTH_SERVER_HOST=https://auth.example.com
OIDC_CLIENT_ID=your-client-id
OIDC_CLIENT_SECRET=your-client-secret
OIDC_REDIRECT_URI=http://localhost:8000/auth/callback

Update app/Models/User.php:

protected $fillable = [
    'name',
    'email',
    'password',
    'oidc_sub',
    'auth_server_refresh_token',
];

protected $hidden = [
    'password',
    'remember_token',
    'auth_server_refresh_token',
];

protected function casts(): array
{
    return [
        'email_verified_at' => 'datetime',
        'password' => 'hashed',
        'auth_server_refresh_token' => 'encrypted',
    ];
}

Usage

Routes

The package registers these routes:

Method URI Description
GET /auth/redirect Start OIDC flow
GET /auth/callback Handle callback, create session, redirect

How It Works

  1. User visits /auth/redirect — redirected to your OIDC provider
  2. After authentication, the provider redirects back to /auth/callback
  3. The package exchanges the authorization code for tokens, fetches user info, and creates/updates the local user
  4. The configured OidcAuthenticator handles login (default: web session guard) and returns a response

Authentication Flow

Browser                    Your App                   OIDC Provider
  │                          │                            │
  ├── GET /auth/redirect ──→ │                            │
  │                          ├── Generate state + PKCE    │
  │                          ├── Store in session         │
  │  ←── 302 Redirect ──────┤                            │
  ├──────────────────────────────── Authorization ──────→ │
  │                          │                            ├── User authenticates
  │  ←───────────────────────────── 302 + code ──────────┤
  ├── GET /auth/callback ──→ │                            │
  │                          ├── Validate state           │
  │                          ├── Exchange code → tokens ─→│
  │                          │←── access_token ───────────┤
  │                          ├── Fetch userinfo ─────────→│
  │                          │←── user claims ────────────┤
  │                          ├── Find/create local user   │
  │                          ├── OidcAuthenticator        │
  │  ←── Response ───────────┤                            │

Login Link

<a href="/auth/redirect">Login with SSO</a>

Handling Errors

Authentication errors are flashed to the session:

@if (session('oidc_error'))
    <div class="alert alert-danger">
        Authentication failed: {{ session('oidc_error_description') }}
    </div>
@endif

Logout

Create a logout controller using OidcService:

use Admin9\OidcClient\Services\OidcService;

public function logout(Request $request, OidcService $oidcService)
{
    $user = $request->user();
    $oidcService->revokeAuthServerToken($user);

    Auth::guard('web')->logout();
    $request->session()->invalidate();
    $request->session()->regenerateToken();

    if ($oidcService->isOidcUser($user)) {
        return redirect($oidcService->getSsoLogoutUrl());
    }

    return redirect('/');
}

Custom Authenticator

By default, the package uses SessionAuthenticator which logs in via Laravel's web guard. For SPA/JWT scenarios, implement the OidcAuthenticator interface:

use Admin9\OidcClient\Contracts\OidcAuthenticator;
use Illuminate\Http\Request;
use Symfony\Component\HttpFoundation\Response;

class JwtAuthenticator implements OidcAuthenticator
{
    public function authenticate(Request $request, mixed $user, array $tokens, array $userInfo): Response
    {
        $jwt = /* generate your JWT */;
        return response()->json(['token' => $jwt]);
    }
}

Register it in config/oidc-client.php:

'authenticator' => \App\Services\JwtAuthenticator::class,

Events

The package dispatches two events during the authentication lifecycle:

Event Properties When
OidcUserAuthenticated $user, $userInfo, $isNewUser After successful authentication
OidcAuthFailed $errorCode, $errorMessage When authentication fails

Example listener:

// app/Listeners/LogOidcLogin.php
use Admin9\OidcClient\Events\OidcUserAuthenticated;

class LogOidcLogin
{
    public function handle(OidcUserAuthenticated $event): void
    {
        logger()->info('OIDC login', [
            'user_id' => $event->user->getKey(),
            'new' => $event->isNewUser,
        ]);
    }
}

Optional Configuration

OIDC_REDIRECT_URL=/dashboard              # Where to redirect after login (default: /dashboard)
OIDC_POST_LOGOUT_REDIRECT_URL=/           # Where Auth Server redirects after SSO logout (default: /)

Documentation

License

MIT

admin9/laravel-oidc-client 适用场景与选型建议

admin9/laravel-oidc-client 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 14 次下载、GitHub Stars 达 0, 最近一次更新时间为 2026 年 02 月 07 日, 在 PHP 生态内属于活跃度较高的组件。

它主要适用于以下技术方向: 「Authentication」 「oauth」 「SSO」 「laravel」 「oidc」 「pkce」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。

我们在过去多个企业项目中使用过 admin9/laravel-oidc-client 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 admin9/laravel-oidc-client 我们能提供哪些服务?
定制开发 / 二次开发

基于 admin9/laravel-oidc-client 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 14
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 0
  • 点击次数: 26
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 0
  • Watchers: 0
  • Forks: 0
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2026-02-07