creativecrafts/laravel-openid-connect 问题修复 & 功能扩展

解决BUG、新增功能、兼容多环境部署,快速响应你的开发需求

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

creativecrafts/laravel-openid-connect

Composer 安装命令:

composer require creativecrafts/laravel-openid-connect

包简介

A simple package that will provide a fluent api to interact with third party authentication providers

README 文档

README

Latest Version on Packagist GitHub Tests Action Status GitHub Code Style Action Status Total Downloads

The LaravelOpenIdConnect package offers seamless integration of OpenID Connect authentication for Laravel applications. It allows your app to securely authenticate users via OpenID Connect providers, enabling effortless access token management, user information retrieval, and token refreshment. With a clean and straightforward API, this package abstracts the complexity of managing OAuth 2.0 flows behind the scenes, so developers can focus on building applications rather than managing authentication processes. This is package was forked from "jumbojett/OpenID-Connect-PHP" and modified to work the Laravel way.

Key Features

  • Authorization URL Generation: Easily generate the URL to redirect users for OpenID Connect authentication.
  • Access Token Retrieval: Obtain access tokens using an authorization code in compliance with OAuth 2.0 standards.
  • User Information: Retrieve user information (claims) from the OpenID Connect provider with ease.
  • Token Refreshing: Automatically refresh tokens when they expire using the refresh token.
  • Customizable Configurations: Define multiple OpenID Connect providers in the configuration for multi-provider support.

Installation

  1. Install the package via Composer:
composer require creativecrafts/laravel-openid-connect

Next, publish the package's configuration file:

php artisan vendor:publish  --tag="openid-connect-config"

This will create a config/openid-connect.php file in your Laravel project. This is the contents of the published config file:

/**
 * This configuration file is used to manage the OpenID Connect (OIDC) settings for the Laravel application.
 * The 'default' key specifies the default authentication provider to be used.
 * The 'providers' key contains the configuration details for different OIDC providers.
 */

return [
    /** The default authentication provider to be used. if a provider is not specified */
    'default_provider' => env('OPENID_CONNECT_DEFAULT_PROVIDER', ''),
    /** The default redirect URL to be used. if a provider redirect url is not provided. */
    'default_redirect_url' => env(
        'OPENID_CONNECT_DEFAULT_REDIRECT_URI',
        ''
    ),
    /** List of providers. */
    'providers' => [
        'example' => [
            'provider_url' => env('EXAMPLE_PROVIDER_URI'),
            'issuer' => env('EXAMPLE_ISSUER_URI'),
            'client_id' => env('EXAMPLE_CLIENT_ID'),
            'client_secret' => env('EXAMPLE_CLIENT_SECRET'),
            'scopes' => ['openid', 'email', 'profile'],
            'response_type' => 'code',
            'redirect_url' => env('EXAMPLE_REDIRECT_URI'),
            "token_endpoint_auth_methods_supported" => [
                "client_secret_post",
                "client_secret_basic",
            ],
        ],
    ],
];
EXAMPLE_CLIENT_ID=your-client-id
EXAMPLE_CLIENT_SECRET=your-client-secret
EXAMPLE_REDIRECT_URI=https://your-app.com/callback

Usage

1.Configure the providers in the config/openid-connect.php file.

2.Authenticate users by redirecting them to the provider’s authorization page.:

use CreativeCrafts\LaravelOpenidConnect\LaravelOpenIdConnect;

$openIdConnect = new LaravelOpenIdConnect();
/** @var bool $authorisation */
$authorisation = $openIdConnect
    ->acceptProvider('providerName'))
    ->authenticate();
    
2.Get User Information:
Once the user is authenticated, retrieve user information from the OpenID Connect provider.
// optionally pass the $authorisation attribute you want to retrieve
if ($authorisation) {
    $userInfo = $openIdConnect->retrieveUserInfo();
}

Error Handling:
If the configuration for the provider is missing or misconfigured, the package throws an InvalidProviderConfigurationException. Ensure that all necessary configurations, such as the issuer URL, client ID, and client secret, are correctly set.

State and session management

  • This package uses a state-scoped bundle stored in session or cache as the single source of truth for transient values (nonce and PKCE code_verifier). Direct per-key usage (e.g. separate nonce/state keys) is deprecated; rely on saveStateBundle()/loadStateBundle() behavior.
  • Multiple outstanding authorizations per session are supported by scoping bundles to the state value.
  • On successful or failed callback processing, the bundle is cleared and a short-lived tombstone is written to prevent replay of the same state.
  • When using session storage, ensure cookies are configured with Secure, HttpOnly, and an appropriate SameSite setting for your deployment.

Potential pitfalls and guidance

  • Regenerating the session ID mid-flow: If your app regenerates IDs aggressively (e.g., on each request), the sid check will reject the callback. Consider deferring regeneration until after OIDC completes, or disable mid-request regeneration for the callback route.
  • Distributed systems: When using cache storage (OPENID_CONNECT_STORAGE=cache), ensure all app instances point to the same cache backend and share a common prefix (OPENID_CONNECT_KEY_PREFIX). Also ensure clock skew is tolerable and cache TTLs are sufficient across nodes.
  • Long consent screens: Increase OPENID_CONNECT_CACHE_TTL when using cache storage, or prefer session storage if your session persistence is more reliable during long user interactions.
  • Legacy keys: Direct usage of nonce/state/code_verifier per-key in storage is deprecated. The manager still cleans legacy keys for backwards compatibility, but your integration should rely on the state-bundled APIs.

Storage configuration quick reference

  • OPENID_CONNECT_STORAGE: session (default) | cache | none
  • OPENID_CONNECT_KEY_PREFIX: Key prefix for both session and cache storages.
  • OPENID_CONNECT_CACHE_STORE: Named Laravel cache store to use when storage is cache.
  • OPENID_CONNECT_CACHE_TTL: Integer seconds; increase for longer flows or set to null in config to store forever (not recommended for security).

Testing

This package is built with a focus on quality and reliability.

To run the tests, use the following command:
./vendor/bin/pest

Changelog

Please see CHANGELOG for more information on what has changed recently.

Contributing

Please see CONTRIBUTING for details.

Security Vulnerabilities

Please review our security policy on how to report security vulnerabilities.

Credits

License

The MIT License (MIT). Please see License File for more information.

creativecrafts/laravel-openid-connect 适用场景与选型建议

creativecrafts/laravel-openid-connect 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 1.94k 次下载、GitHub Stars 达 2, 最近一次更新时间为 2024 年 10 月 21 日, 在 PHP 生态内属于活跃度较高的组件。

它主要适用于以下技术方向: 「laravel」 「OpenID Connect」 「creativeCrafts」 「laravel-openid-connect」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。

我们在过去多个企业项目中使用过 creativecrafts/laravel-openid-connect 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 creativecrafts/laravel-openid-connect 我们能提供哪些服务?
定制开发 / 二次开发

基于 creativecrafts/laravel-openid-connect 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 1.94k
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 2
  • 点击次数: 10
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 2
  • Watchers: 1
  • Forks: 0
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2024-10-21