jeffersongoncalves/filament-oidc
Composer 安装命令:
composer require jeffersongoncalves/filament-oidc
包简介
Filament 5 plugin for OpenID Connect (OIDC) single sign-on, powered by jeffersongoncalves/laravel-oidc.
关键字:
README 文档
README
Filament OIDC
Drop-in OpenID Connect single sign-on for Filament v5 panels, powered by jeffersongoncalves/laravel-oidc. Works in single- and multi-panel apps, supports per-panel guards, and stores OIDC identities in a polymorphic table so the host application's users table is never altered.
Compatibility
| Plugin branch | Filament |
|---|---|
1.x |
v5 |
This plugin is published only for Filament v5. Branch
1.xis the first major of the plugin and does not follow the legacy table where1.xhistorically targeted Filament v3.
Installation
composer require jeffersongoncalves/filament-oidc
Publish and run the migration that creates the oidc_identities table:
php artisan vendor:publish --tag="filament-oidc-migrations"
php artisan migrate
Optionally publish the configuration and translations:
php artisan vendor:publish --tag="filament-oidc-config" php artisan vendor:publish --tag="filament-oidc-translations"
Configure the underlying laravel-oidc driver via the standard environment variables:
OIDC_ISSUER_URL=https://idp.example.com OIDC_CLIENT_ID=your-client-id OIDC_CLIENT_SECRET=your-client-secret
The plugin computes the redirect URI from the panel route, so you do not need to set
OIDC_REDIRECT_URI. Registerhttps://your-app.test/{panel}/oidc/callbackwith your Identity Provider for every panel that exposes the plugin.
Registering the plugin in a panel
use JeffersonGoncalves\Filament\Oidc\FilamentOidcPlugin; public function panel(Panel $panel): Panel { return $panel ->id('admin') ->path('admin') ->login() ->plugin( FilamentOidcPlugin::make() ->guard('web') ->autoCreateUsers(true) ); }
Multi-panel setup
Register the plugin once per panel. Each panel gets its own routes (filament.{panel-id}.oidc.{redirect|callback|logout}), its own callback URL, and may opt into a different guard or user model.
// AdminPanelProvider $panel->plugin( FilamentOidcPlugin::make() ->guard('web') ->userModel(\App\Models\User::class) ); // CustomerPanelProvider $panel->plugin( FilamentOidcPlugin::make() ->guard('customer') ->userModel(\App\Models\Customer::class) ->autoCreateUsers(false) );
Register the per-panel callback URL with your IdP:
https://your-app.test/admin/oidc/callback
https://your-app.test/customer/oidc/callback
Linking identities to users
The plugin stores every IdP/subject pair in the oidc_identities table and links it to the authenticated model through a polymorphic relationship. Add the HasOidcIdentities trait to expose the oidcIdentities() relation on your authenticatable model:
use JeffersonGoncalves\Filament\Oidc\Concerns\HasOidcIdentities; class User extends Authenticatable { use HasOidcIdentities; }
The default callback handler:
- Looks up
oidc_identities.{issuer, subject}. - Falls back to matching the local user by email.
- Creates a new user when
auto_create_usersis enabled, otherwise throwsOidcAuthenticationException::autoCreateDisabled().
Customising user provisioning
Override either the attribute mapping or the full resolution closure:
FilamentOidcPlugin::make() ->userAttributesUsing(fn (\Laravel\Socialite\Two\User $oidcUser) => [ 'name' => $oidcUser->getName(), 'email' => $oidcUser->getEmail(), 'tenant_id' => $oidcUser->user['tenant'] ?? null, 'password' => bcrypt(\Illuminate\Support\Str::random(40)), ]) ->resolveUserUsing(function (\App\Models\User $template, \Laravel\Socialite\Two\User $oidcUser) { return \App\Models\User::query()->updateOrCreate( ['email' => $oidcUser->getEmail()], ['name' => $oidcUser->getName()], ); });
Logout (RP-initiated)
Enable IdP logout to redirect users to the issuer's end_session_endpoint after the local logout completes:
FilamentOidcPlugin::make()->logoutFromIdp(true);
Use the named route from your blade templates (e.g. inside a custom user menu):
<form method="POST" action="{{ route('filament.admin.oidc.logout') }}"> @csrf <button type="submit">Log out</button> </form>
Events
| Event | When |
|---|---|
JeffersonGoncalves\Filament\Oidc\Events\OidcUserAuthenticated |
Every successful callback, before the redirect. |
JeffersonGoncalves\Filament\Oidc\Events\OidcUserCreated |
Only when a brand-new user is provisioned. |
Testing
composer test
Credits
License
The MIT License (MIT). Please see License File for more information.
jeffersongoncalves/filament-oidc 适用场景与选型建议
jeffersongoncalves/filament-oidc 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 18 次下载、GitHub Stars 达 2, 最近一次更新时间为 2026 年 04 月 26 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「Authentication」 「SSO」 「laravel」 「single-sign-on」 「oidc」 「socialite」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 jeffersongoncalves/filament-oidc 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 jeffersongoncalves/filament-oidc 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 jeffersongoncalves/filament-oidc 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
Automatically logs-in users if they are already authenticated by a remote source. (e.g. environment variable REMOTE_USER)
GraphQL authentication for your headless Craft CMS applications.
Laravel middleware to restrict a site or specific routes using HTTP basic authentication
Email Toolkit Plugin for CakePHP
Simple Single Sign-On
Azure Active Directory OAuth 2.0 Client Provider for The PHP League OAuth2-Client
统计信息
- 总下载量: 18
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 2
- 点击次数: 45
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2026-04-26
