juniyasyos/auth-bridge-client
最新稳定版本:v1.2.16
Composer 安装命令:
composer require juniyasyos/auth-bridge-client
包简介
Laravel package for IAM SSO integration with JIT user provisioning
关键字:
README 文档
README
Laravel package for IAM Single Sign-On (SSO), JWT verification, and JIT user provisioning.
Why use this package?
This package is designed for client applications that need to:
- authenticate users via IAM
- provision users automatically during login
- synchronize roles and application access
- verify tokens on every request
- support optional unit kerja sync
Highlights
- ✅ Minimal setup for a Laravel client
- ✅ IIS-compatible JWT verification
- ✅ JIT user provisioning from the IAM token
- ✅ Optional role sync with Spatie Permission
- ✅ Built-in IAM sync endpoints for user/role data
- ✅ Optional Livewire app switcher for current IAM applications
Requirements
- PHP
^8.1 - Laravel
^10.0 | ^11.0 | ^12.0 firebase/php-jwtspatie/laravel-permission(optional)
Quick setup
1. Install the package
composer require juniyasyos/auth-bridge-client
2. Publish config
php artisan vendor:publish --tag=iam-config
3. Run migrations
php artisan migrate
4. Set environment variables
IAM_ENABLED=true IAM_APP_KEY=your-app-key IAM_JWT_SECRET=your-jwt-secret IAM_BASE_URL=https://iam.example.com IAM_VERIFY_ENDPOINT=https://iam.example.com/api/verify IAM_PRESERVE_SESSION_ID=true IAM_SYNC_ROLES=true
5. Configure your User model
use Illuminate\Foundation\Auth\User as Authenticatable; use Spatie\Permission\Traits\HasRoles; class User extends Authenticatable { use HasRoles; protected $fillable = [ 'iam_id', 'name', 'email', 'status', ]; }
Use
statusinstead ofactive. The package expectsstatusvalues likeactive,inactive, orsuspended.
6. Configure routes
The package already registers the main IAM routes automatically when enabled.
If you need protected pages, use middleware:
Route::middleware(['iam.auth:web'])->group(function () { Route::get('/dashboard', DashboardController::class); });
7. Add a login link
Use the built-in login route:
<a href="{{ route('iam.sso.login') }}">Login via IAM</a>
Configuration overview
Open config/iam.php and adjust the following sections.
SSO settings
iam.app_key— IAM application keyiam.jwt_secret— shared JWT secret for validating tokensiam.base_url— base URL of the IAM serveriam.login_route/iam.callback_route— local login/callback URLsiam.default_redirect_after_login— where to send users after loginiam.guard— auth guard used by default
User sync settings
iam.user_fields— map database columns to JWT claimsiam.identifier_field— primary field used to identify usersiam.sync_users— exposes/api/iam/sync-usersiam.sync_roles— enable role sync during provisioning
Token verification
iam.verify_each_request— validate token on every requestiam.attach_verify_middleware— automatically pushiam.verifyinto thewebmiddleware group
Unit Kerja sync (optional)
iam.unit_kerja_field— JWT claim name for unit/org dataiam.require_unit_kerja— reject login if unit/org is missingiam.sync_unit_kerja— syncunitKerjas()relation on the user modeliam.unit_kerja_model— model for unit/org records
Routes registered by the package
The package exposes these routes when enabled:
iam.sso.login— redirect user to IAM loginiam.sso.callback— handle callback and provisioningiam.logout— logout and clear IAM sessioniam.sync-users— IAM pulls client user dataiam.sync-roles— IAM pulls client role dataiam.push-roles— IAM pushes authoritative role updatesiam.push-users— IAM pushes user updates to clientiam.health— health check endpoint
Middleware aliases
iam.auth— ensures the user is authenticatediam.verify— verifies token on each requestiam.backchannel.verify— verifies IAM back-channel payload signatures
Usage steps for client apps
- Install the package and publish config.
- Run migrations.
- Set
IAM_ENABLED=true,IAM_APP_KEY,IAM_JWT_SECRET, andIAM_BASE_URL. - Confirm your
Usermodel hasiam_id,email,name, andstatus. - Protect routes with
iam.auth:web. - Add a login link using
route('iam.sso.login'). - If needed, publish views for customization:
php artisan vendor:publish --tag=iam-views
Example token payload
IAM should send a JWT payload like:
{
"type": "access",
"app_key": "your-app-key",
"sub": 123,
"name": "John Doe",
"email": "john@example.com",
"nip": "123456",
"roles": [{"slug": "admin"}],
"unit_kerja": ["Finance", "IT"],
"exp": 1234567890
}
Custom field mapping
Update config/iam.php:
'user_fields' => [ 'iam_id' => 'sub', 'name' => 'name', 'email' => 'email', 'nip' => 'nip', 'nik' => 'nik', ], 'identifier_field' => 'iam_id',
Events
A successful login dispatches the IamAuthenticated event. Use it for auditing or custom actions.
use Juniyasyos\IamClient\Events\IamAuthenticated; Event::listen(IamAuthenticated::class, function ($event) { // $event->user // $event->payload // $event->guard });
License
MIT
'guards' => [ 'web' => [ 'guard' => 'web', 'redirect_route' => '/', 'login_route_name' => 'login', 'logout_redirect_route' => 'home', ], ],
To add a new guard, register your own route and set `defaults('guard', 'your_guard')` or pass the guard parameter to the controller.
## Event Hooks
A successful login dispatches the `IamAuthenticated` event. Listen to this event for auditing, downstream provisioning, or custom logging.
```php
use Juniyasyos\IamClient\Events\IamAuthenticated;
Event::listen(IamAuthenticated::class, function ($event) {
// $event->user, $event->payload, $event->guard
});
License
MIT
juniyasyos/auth-bridge-client 适用场景与选型建议
juniyasyos/auth-bridge-client 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 105 次下载、GitHub Stars 达 0, 最近一次更新时间为 2026 年 04 月 22 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「Authentication」 「SSO」 「laravel」 「jwt」 「iam」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 juniyasyos/auth-bridge-client 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 juniyasyos/auth-bridge-client 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 juniyasyos/auth-bridge-client 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
Automatically logs-in users if they are already authenticated by a remote source. (e.g. environment variable REMOTE_USER)
GraphQL authentication for your headless Craft CMS applications.
Laravel middleware to restrict a site or specific routes using HTTP basic authentication
Email Toolkit Plugin for CakePHP
Simple Single Sign-On
Azure Active Directory OAuth 2.0 Client Provider for The PHP League OAuth2-Client
统计信息
- 总下载量: 105
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 0
- 点击次数: 42
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2026-04-22