nucleardog
/
authkit2
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
20 Commits
1 Branch
0 Tags
166 KiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
authkit2/docs/INTERNALS.md

70 lines
3.1 KiB
Raw Permalink Normal View History

Documentation updates
3 years ago
# authkit2 - Code Overview
A brief overview of the code layout and design decisions.
The bulk of the code provides the out-of-the-box Laravel integration, however
all of that is just a wrapper around the core authkit2 library.
# Core
The core of the library is the `Authkit2` class and the objects and flows under
`src/Oidc/`.
The `Authkit2` class acts as both an entrypoint to the library as well as
abstraction layer to allow the core of the library to function on both native
PHP and within Laravel, while making the best use of the facilities available
in Laravel when possible.
The code under `src/Oidc/` implements a fairly minimal OIDC library. It manages
tokens, encodes flows (e.g., three-legged oauth, service account), and provides
an authentication system for PSR7 compatible HTTP client libraries (e.g.,
Guzzle) to authenticate outgoing requests.
* `Client`: Provides a minimal interface for working with an OIDC provider,
implementing basic protocol operations, and encapsulating some of the logic
around determining which endpoint to call and how to call it.
* `Token`: Provides an encapsulation for an access token or (access token,
refresh token) tuple and an interface for validating, decoding and extracting
data, from tokens. Creates authenticated clients for making requests with a
given token.
* `Authentication/`: Primarily internal classes for authenticating outgoing
HTTP requests using a given method.
* `Flows/`: Implementations of the discrete steps of various oauth flows
(three-legged, service account) to ease integration.
# Laravel Integration
The remainder of the code in the library is for Laravel integration. The
library generally follows the layout of a typical Laravel project:
* `config/`: Configuration file
* `database/`: Database migrations
* `routes/`: Login routes
* `src/Events/`: Events published when a user is registered/logged in/logged out
* `src/Http/`: Basic controller for implementing the three-legged oauth flow
* `src/Models/`: Eloquent models
* `src/Observers/`: Observers for eloquent models
* `src/Providers/`: Service providers
When installed as a package, Laravel discovers the `extra.laravel.providers`
section in `composer.json`, which tells it to register the
`Authkit2ServiceProvider` class as a provider. Everything flows out of there.
The `Authkit2ServiceProvider` will, if enabled, register the
`AuthnServiceProvider` (which provides authentication) and the
`AuthzServiceProvider` (which provides authorization).
These register or make available several publishable resources:
* `authkit2_config`: The configuration file at `config/authkit.php`. Allows
customizing the integration between authkit2 and Laravel.
* `authkit2_migrate_new_project`: A database migration to generate the tokens
table, as well as one to remove the password and email_verified_at columns
from the default Laravel users table.
* `authkit2_migrate_existing_project`: A database migration to generate the
tokens table, as well as one to make the existing password column nullable so
OIDC users can be created.
The providers handle registering the necessary routes (defined in the routes
file) to act as an entrypoint for everything else.