faithfm/laravel-simple-auth0
最新稳定版本:1.1.0
Composer 安装命令:
composer require faithfm/laravel-simple-auth0
包简介
Simple Auth0 Authentication for Laravel (with Eloquent Models)
README 文档
README
A simple/lightweight way to integrate Auth0 into your Laravel Application:
- Minimal configuration.
- Based on Laravel's default authentication guard ('session' / SessionGuard) - ie: no special authentication drivers required.
- Provides a genuine User model. (A lot of Laravel libraries (including Nova) break if a user-provider provides something else.)
- The only dependency is Auth0's PHP SDK.
This library was developed after spending a many hours re-integrating our Laravel apps with each major update of Auth0's official Laravel SDK (auth0/login package). Our applications are stateful "PHP Web Applications" (rather than stateless "PHP Backend APIs" interfacing to an SPA with JWTs), and we did not need a lot of the advanced features included in the Laravel SDK, so we decided to develop a simple package based around the Auth0 QuickStart for a simple PHP Web Application.
If you would like a simple way to integrate Auth0 with Laravel but would prefer not to use this library, you can simply clone our three controllers, register these routes manually, and customise them to your hearts content. You'll soon see that
Installation:
Important
PHP 8.2+ required — This package requires PHP 8.2 or higher due to security updates in the underlying Auth0 SDK.
Assuming you have a standard Laravel application (with the default 'session' driver in config/auth.php), you can add this package using composer and run the database migration to prepare the users table for Auth0 (vs password-based) logins.
composer require faithfm/laravel-simple-auth0
composer require doctrine/dbal ## ONLY required if you are using the SQLite DB driver
php artisan vendor:publish --tag=laravel-simple-auth0-migrations
php artisan migrate
Note
In modifying the users table, the published migration adds the sub field, drops the unique constraint on the email field, and drops the password and email_verified fields. if your users field contains existing user/password entries you with to retain, you should modify the default migration to retain your existing fields.
Modify Models\User.php to reflect these changes:
protected $fillable = [
'name',
'email',
'password',
+ 'sub',
];
protected $hidden = [
- 'password',
'remember_token',
];
protected $casts = [
- 'email_verified_at' => 'datetime',
- 'password' => 'hashed',
];
Migrating from Earlier Versions:
If you're upgrading from version 1.0.2 or earlier, please follow these steps:
-
Update PHP requirement: This package now requires PHP 8.2 or higher. Ensure your server meets this requirement.
-
Update composer dependencies:
composer update faithfm/laravel-simple-auth0
-
Clear your application cache:
php artisan config:clear php artisan cache:clear
This update pulls in upstream fixes for 5 Auth0 SDK advisories, including one Critical CVSS 9.1 issue.
Configuration:
- Create a "Regular Web Application" in your Auth0 Dashboard, and configure the allowed Callback + Logout URLs as required. (See Laravel Auth0 SDK docs for more details)
- Use these details to configure your
.envfile, replacing them with your own credentials:
AUTH0_DOMAIN=XXXX.xx.auth0.com AUTH0_CLIENT_ID=XXXXXXXXXXX AUTH0_CLIENT_SECRET=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
- Add the following lines to your
web.phpfile:
use FaithFM\SimpleAuth0\SimpleAuth0ServiceProvider; // Register login/logout/callback routes (for Auth0) SimpleAuth0ServiceProvider::registerLoginLogoutCallbackRoutes();
Basic Usage:
You can now use any of Laravel's normal authentication methods to check if logged in, protect routes, retrieve a user, etc:
$loggedIn = Auth::check(); // check if logged in Route::get(...)->middleware('auth') // protect a route using 'auth' middleware $user = auth()->user(); // get logged-in current User model (using helper function) $user = Auth::user(); // ditto (using Facades) // etc...
Don't forget, Authentication (AuthN) is about knowing who is using a system. Whether or not a user has permission to use the system is a separate topic referred to as Authorization (AuthZ) - see Laravel Authorization documentation.
For a simple table/model-based approach to user permissions / Authorization you might like to try our Laravel Simple Permissions package.
Note
These packages are both part of our overall AuthN/AuthZ pattern that we deploy for our apps. (Our Faith FM Laravel Auth0 Pattern package is more opinionated than the underlying packages, and includes a number of published template files that may be less helpful for a wider audience, but you're welcome to use them if they are helpful.)
How it works:
Three routes are registered: /login, /logout, /callback
- The
/loginroute redirects to the Auth0 login page, which redirects back to the/callbackroute on success.
Important
This route seeks to capture the 'previous' URL as the 'intended' URL for the callback to redirect to after a successful login
- The
/callbackroute:- Validate callback request parameters and retrieves an Auth0 user (using Auth0 PHP SDK)
- Load (or creates) a matching User model
- Auth0's
subproperty is used for model retrieval. - Auth0's
email+nameproperties are additionally used for model creation.
- Auth0's
- Initialise Laravel's default authentication guard ('session' / SessionGuard) to "login" this retrieved User model.
- Laravel's SessionGuard stores model's
idin the session, and uses it to retrieve the User model for all future requests.
faithfm/laravel-simple-auth0 适用场景与选型建议
faithfm/laravel-simple-auth0 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 285 次下载、GitHub Stars 达 0, 最近一次更新时间为 2024 年 04 月 25 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「package」 「template」 「composer」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 faithfm/laravel-simple-auth0 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 faithfm/laravel-simple-auth0 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 faithfm/laravel-simple-auth0 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
This composer plugin enables installation of GravityForms WordPress plugin and its addons.
Simple ASCII output of array data
E2E Studios PHP Framework adaptation of leafsphp/blade package
Generate a Composer repository from installed WordPress plugins and themes.
统计信息
- 总下载量: 285
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 0
- 点击次数: 21
- 依赖项目数: 1
- 推荐数: 0
其他信息
- 授权协议: GPL-3.0-or-later
- 更新时间: 2024-04-25
