定制 finmetrik/console-sso-sdk 二次开发

按需修改功能、优化性能、对接业务系统,提供一站式技术支持

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

finmetrik/console-sso-sdk

Composer 安装命令:

composer require finmetrik/console-sso-sdk

包简介

PHP SDK for Console SSO Hub integration - Single Sign-On client library

README 文档

README

Latest Version on Packagist Total Downloads License

PHP SDK for integrating with the Console SSO Hub. Enables Single Sign-On (SSO) authentication for your PHP applications.

Requirements

  • PHP 8.1 or higher
  • Composer
  • GuzzleHTTP 7.0+

Installation

composer require finmetrik/console-sso-sdk

Configuration

Laravel

The package auto-discovers in Laravel. Publish the config file:

php artisan vendor:publish --tag=sso-config

Add to your .env:

SSO_HUB_URL=https://console.example.com
SSO_APP_KEY=your-app-key
SSO_APP_SECRET=your-app-secret
SSO_CALLBACK_URL=/sso/callback
SSO_VERIFY_SSL=true

Other PHP Frameworks

use Finmetrik\ConsoleSso\SsoClient;

$sso = new SsoClient([
    'hub_url' => 'https://console.example.com',
    'app_key' => 'your-app-key',
    'app_secret' => 'your-app-secret',
    'verify_ssl' => true,
]);

Quick Start (Recommended Flow)

The recommended flow is to redirect users to Console's /sso/authorize endpoint, which handles the login UI and redirects back with a token.

1. Redirect to Console SSO

// In your controller
public function redirectToSso()
{
    $hubUrl = config('sso.hub_url');
    $appKey = config('sso.app_key');
    $callbackUrl = urlencode(route('sso.callback'));
    
    // Redirect to Console's authorization endpoint
    return redirect("{$hubUrl}/sso/authorize?app_key={$appKey}&redirect_uri={$callbackUrl}");
}

2. Handle Callback

use Finmetrik\ConsoleSso\Laravel\Facades\Sso;
use Finmetrik\ConsoleSso\Exceptions\TokenExpiredException;
use Finmetrik\ConsoleSso\Exceptions\CompanyNotSubscribedException;

public function callback(Request $request)
{
    // Check for errors from Console
    if ($request->has('error')) {
        return redirect('/login')->withErrors([
            'sso' => $request->error_description ?? 'Authentication failed'
        ]);
    }
    
    $token = $request->query('token');
    
    if (!$token) {
        return redirect('/login')->withErrors(['sso' => 'No token received']);
    }
    
    try {
        // Verify token - only sends the token, Console returns user data
        $result = Sso::verifyToken($token);
        
        // $result contains:
        // - user: ['id', 'email', 'name', 'role']
        // - company: ['id', 'uuid', 'name']
        // - session: ['id', 'expires_at']
        
        // Create or update local user
        $user = User::updateOrCreate(
            ['email' => $result['user']['email']],
            ['name' => $result['user']['name']]
        );
        
        Auth::login($user, true);
        
        // Store SSO session for later validation
        session(['sso_session_id' => $result['session']['id']]);
        
        return redirect('/dashboard');
        
    } catch (TokenExpiredException $e) {
        return redirect('/login')->withErrors(['sso' => 'Login link expired']);
    } catch (CompanyNotSubscribedException $e) {
        return redirect('/login')->withErrors(['sso' => 'Access denied']);
    } catch (\Exception $e) {
        Log::error('SSO Error', ['message' => $e->getMessage()]);
        return redirect('/login')->withErrors(['sso' => 'Authentication failed']);
    }
}

3. Logout

public function logout(Request $request)
{
    $sessionId = session('sso_session_id');
    
    if ($sessionId) {
        try {
            Sso::destroySession($sessionId);
        } catch (\Exception $e) {
            // Log but don't fail
            Log::warning('SSO session destroy failed', ['error' => $e->getMessage()]);
        }
    }
    
    Auth::logout();
    $request->session()->invalidate();
    $request->session()->regenerateToken();
    
    return redirect('/login');
}

SSO Flow Diagram

┌─────────────────┐                  ┌─────────────────┐
│   Your App      │                  │    Console      │
│  (Client App)   │                  │   (SSO Hub)     │
└────────┬────────┘                  └────────┬────────┘
         │                                    │
         │  1. User clicks "Login with SSO"  │
         │                                    │
         │  2. Redirect to Console:           │
         │     /sso/authorize?                │
         │       app_key=xxx&                 │
         │       redirect_uri=xxx             │
         │ ─────────────────────────────────> │
         │                                    │
         │                    3. User logs in │
         │                       (if needed)  │
         │                                    │
         │  4. Redirect back with token:      │
         │     /sso/callback?token=abc123     │
         │ <───────────────────────────────── │
         │                                    │
         │  5. Verify token via API:          │
         │     POST /api/hub/sso/verify       │
         │     Body: { "token": "abc123" }    │
         │ ─────────────────────────────────> │
         │                                    │
         │  6. Return user data + session     │
         │ <───────────────────────────────── │
         │                                    │
         │  7. Create local user & login      │
         │                                    │
         ▼                                    ▼
    User is now logged in!

Signature Algorithm

The SDK automatically signs all API requests using HMAC-SHA256:

signature = HMAC-SHA256(app_key + timestamp + request_body, app_secret)

Headers sent with each request:

  • X-App-Key: Your application key
  • X-Timestamp: Unix timestamp
  • X-Signature: HMAC signature

Session Validation Middleware

Laravel

Register the middleware:

// app/Http/Kernel.php (Laravel 10 and below)
protected $middlewareAliases = [
    'sso.session' => \Finmetrik\ConsoleSso\Laravel\Middleware\ValidateSsoSession::class,
];

// bootstrap/app.php (Laravel 11+)
->withMiddleware(function (Middleware $middleware) {
    $middleware->alias([
        'sso.session' => \Finmetrik\ConsoleSso\Laravel\Middleware\ValidateSsoSession::class,
    ]);
})

Apply to routes:

Route::middleware(['auth', 'sso.session'])->group(function () {
    Route::get('/dashboard', [DashboardController::class, 'index']);
});

Manual Validation

try {
    $session = Sso::validateSession($sessionId);
    // Session is valid
} catch (SessionExpiredException $e) {
    Auth::logout();
    return redirect('/login');
}

API Reference

SsoClient Methods

Method Description
bootstrap() Fetch app configuration from SSO Hub
verifyToken(string $token) Verify SSO token and get user data
validateSession(string $sessionId) Check if session is valid
refreshSession(string $sessionId) Extend session expiry
destroySession(string $sessionId) Logout / destroy session
isConfigured() Check if client is configured
getAppInfo() Get app information

Exceptions

Exception When Thrown
ConfigurationException Missing or invalid configuration
ApiException API request failed
TokenExpiredException SSO token has expired
TokenUsedException Token already consumed
SessionExpiredException Session has expired
CompanyNotSubscribedException Company not subscribed to app
UserNotFoundException User not found in company

Error Handling

use Finmetrik\ConsoleSso\Exceptions\{
    TokenExpiredException,
    TokenUsedException,
    SessionExpiredException,
    CompanyNotSubscribedException,
    UserNotFoundException,
    ApiException
};

try {
    $result = Sso::verifyToken($token);
} catch (TokenExpiredException $e) {
    // Token expired (5 min validity), redirect to login
} catch (TokenUsedException $e) {
    // Token already used, possible replay attack
} catch (CompanyNotSubscribedException $e) {
    // Company doesn't have access to this app
} catch (UserNotFoundException $e) {
    // User not found in company
} catch (ApiException $e) {
    // General API error
    Log::error('SSO Error: ' . $e->getMessage());
}

Debugging

Enable debug mode by passing a PSR-3 logger:

use Monolog\Logger;
use Monolog\Handler\StreamHandler;

$logger = new Logger('sso');
$logger->pushHandler(new StreamHandler('path/to/sso.log', Logger::DEBUG));

$sso = new SsoClient([
    'hub_url' => '...',
    'app_key' => '...',
    'app_secret' => '...',
    'logger' => $logger,
]);

Security

  • Never expose app_secret in client-side code
  • Always use HTTPS in production
  • Store session IDs server-side only
  • Implement CSRF protection on callback endpoints
  • Validate the state parameter if using one

Changelog

v1.0.1

  • Fixed token verification to only require token parameter
  • Console now returns user data from token record
  • Updated documentation with correct flow

v1.0.0

  • Initial release

License

MIT License. See LICENSE for details.

Support

  • Documentation: See docs/plan/ in Console repository
  • Issues: Contact your Console administrator

finmetrik/console-sso-sdk 适用场景与选型建议

finmetrik/console-sso-sdk 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 1.54k 次下载、GitHub Stars 达 0, 最近一次更新时间为 2025 年 12 月 05 日, 在 PHP 生态内属于活跃度较高的组件。

它主要适用于以下技术方向: 「Authentication」 「console」 「SSO」 「single-sign-on」 「finmetrik」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。

我们在过去多个企业项目中使用过 finmetrik/console-sso-sdk 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 finmetrik/console-sso-sdk 我们能提供哪些服务?
定制开发 / 二次开发

基于 finmetrik/console-sso-sdk 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 1.54k
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 0
  • 点击次数: 16
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 0
  • Watchers: 0
  • Forks: 0
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2025-12-05