承接 faithfm/laravel-simple-auth0 相关项目开发

从需求分析到上线部署,全程专人跟进,保证项目质量与交付效率

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

faithfm/laravel-simple-auth0

最新稳定版本:1.1.0

Composer 安装命令:

composer require faithfm/laravel-simple-auth0

包简介

Simple Auth0 Authentication for Laravel (with Eloquent Models)

README 文档

README

laravel-simple-auth0-logo

A simple/lightweight way to integrate Auth0 into your Laravel Application:

  • Minimal configuration.
  • Based on Laravel's default authentication guard ('session' / SessionGuard) - ie: no special authentication drivers required.
  • Provides a genuine User model. (A lot of Laravel libraries (including Nova) break if a user-provider provides something else.)
  • The only dependency is Auth0's PHP SDK.

This library was developed after spending a many hours re-integrating our Laravel apps with each major update of Auth0's official Laravel SDK (auth0/login package). Our applications are stateful "PHP Web Applications" (rather than stateless "PHP Backend APIs" interfacing to an SPA with JWTs), and we did not need a lot of the advanced features included in the Laravel SDK, so we decided to develop a simple package based around the Auth0 QuickStart for a simple PHP Web Application.

If you would like a simple way to integrate Auth0 with Laravel but would prefer not to use this library, you can simply clone our three controllers, register these routes manually, and customise them to your hearts content. You'll soon see that

Installation:

Important

PHP 8.2+ required — This package requires PHP 8.2 or higher due to security updates in the underlying Auth0 SDK.

Assuming you have a standard Laravel application (with the default 'session' driver in config/auth.php), you can add this package using composer and run the database migration to prepare the users table for Auth0 (vs password-based) logins.

composer require faithfm/laravel-simple-auth0
composer require doctrine/dbal                   ## ONLY required if you are using the SQLite DB driver
php artisan vendor:publish --tag=laravel-simple-auth0-migrations
php artisan migrate

Note

In modifying the users table, the published migration adds the sub field, drops the unique constraint on the email field, and drops the password and email_verified fields. if your users field contains existing user/password entries you with to retain, you should modify the default migration to retain your existing fields.

Modify Models\User.php to reflect these changes:

    protected $fillable = [
        'name',
        'email',
        'password',
+       'sub',
    ];

    protected $hidden = [
-       'password',
        'remember_token',
    ];

    protected $casts = [
-       'email_verified_at' => 'datetime',
-       'password' => 'hashed',
    ];

Migrating from Earlier Versions:

If you're upgrading from version 1.0.2 or earlier, please follow these steps:

  1. Update PHP requirement: This package now requires PHP 8.2 or higher. Ensure your server meets this requirement.

  2. Update composer dependencies:

    composer update faithfm/laravel-simple-auth0
  3. Clear your application cache:

    php artisan config:clear
    php artisan cache:clear

This update pulls in upstream fixes for 5 Auth0 SDK advisories, including one Critical CVSS 9.1 issue.

Configuration:

  1. Create a "Regular Web Application" in your Auth0 Dashboard, and configure the allowed Callback + Logout URLs as required. (See Laravel Auth0 SDK docs for more details)
  2. Use these details to configure your .env file, replacing them with your own credentials:
AUTH0_DOMAIN=XXXX.xx.auth0.com
AUTH0_CLIENT_ID=XXXXXXXXXXX
AUTH0_CLIENT_SECRET=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
  1. Add the following lines to your web.php file:
use FaithFM\SimpleAuth0\SimpleAuth0ServiceProvider;

// Register login/logout/callback routes (for Auth0)
SimpleAuth0ServiceProvider::registerLoginLogoutCallbackRoutes();

Basic Usage:

You can now use any of Laravel's normal authentication methods to check if logged in, protect routes, retrieve a user, etc:

$loggedIn = Auth::check();            // check if logged in
Route::get(...)->middleware('auth')   // protect a route using 'auth' middleware
$user = auth()->user();               // get logged-in current User model (using helper function)
$user = Auth::user();                 // ditto (using Facades)
// etc...

Don't forget, Authentication (AuthN) is about knowing who is using a system. Whether or not a user has permission to use the system is a separate topic referred to as Authorization (AuthZ) - see Laravel Authorization documentation.

For a simple table/model-based approach to user permissions / Authorization you might like to try our Laravel Simple Permissions package.

Note

These packages are both part of our overall AuthN/AuthZ pattern that we deploy for our apps. (Our Faith FM Laravel Auth0 Pattern package is more opinionated than the underlying packages, and includes a number of published template files that may be less helpful for a wider audience, but you're welcome to use them if they are helpful.)

How it works:

Three routes are registered: /login, /logout, /callback

  • The /login route redirects to the Auth0 login page, which redirects back to the /callback route on success.

Important

This route seeks to capture the 'previous' URL as the 'intended' URL for the callback to redirect to after a successful login

  • The /callback route:
    • Validate callback request parameters and retrieves an Auth0 user (using Auth0 PHP SDK)
    • Load (or creates) a matching User model
      • Auth0's sub property is used for model retrieval.
      • Auth0's email + name properties are additionally used for model creation.
    • Initialise Laravel's default authentication guard ('session' / SessionGuard) to "login" this retrieved User model.
    • Laravel's SessionGuard stores model's id in the session, and uses it to retrieve the User model for all future requests.

faithfm/laravel-simple-auth0 适用场景与选型建议

faithfm/laravel-simple-auth0 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 285 次下载、GitHub Stars 达 0, 最近一次更新时间为 2024 年 04 月 25 日, 在 PHP 生态内属于活跃度较高的组件。

它主要适用于以下技术方向: 「package」 「template」 「composer」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。

我们在过去多个企业项目中使用过 faithfm/laravel-simple-auth0 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 faithfm/laravel-simple-auth0 我们能提供哪些服务?
定制开发 / 二次开发

基于 faithfm/laravel-simple-auth0 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 285
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 0
  • 点击次数: 21
  • 依赖项目数: 1
  • 推荐数: 0

GitHub 信息

  • Stars: 0
  • Watchers: 2
  • Forks: 0
  • 开发语言: PHP

其他信息

  • 授权协议: GPL-3.0-or-later
  • 更新时间: 2024-04-25