|
|
|
# authkit2 - Laravel Usage
|
|
|
|
|
|
|
|
How to use authkit2 in your Laravel project.
|
|
|
|
|
|
|
|
This requires that you have [installed](LARAVEL_INSTALL.md) and
|
|
|
|
[configured](LARAVEL_CONFIG.md) authkit2.
|
|
|
|
|
|
|
|
# Basic Usage
|
|
|
|
|
|
|
|
For basic usage in a new application there's nothing more to do. authkit2
|
|
|
|
integrates with the default Laravel authentication system and will work out of
|
|
|
|
the box to sign users in and out of your application.
|
|
|
|
|
|
|
|
You can explicitly trigger a login or logout by redirecting to:
|
|
|
|
|
|
|
|
* `/auth/login` and
|
|
|
|
* `/auth/logout`
|
|
|
|
|
|
|
|
|
|
|
|
# Events
|
|
|
|
|
|
|
|
Your application will be notified of logins, logins, and new users (to your
|
|
|
|
application) through [Laravel Events](https://laravel.com/docs/master/events).
|
|
|
|
|
|
|
|
* `UserRegistration`
|
|
|
|
* `UserLogin`
|
|
|
|
* `UserLogout`
|
|
|
|
|
|
|
|
## UserRegistration
|
|
|
|
|
|
|
|
This event is fired when a user authenticated that has _not_ previously
|
|
|
|
authenticated through the OIDC provider. The event is passed the fields
|
|
|
|
returned by the OIDC provider (e.g., email, name).
|
|
|
|
|
|
|
|
If a listener is registered, it is expected to return an instance of your User
|
|
|
|
model, initialized and saved, that will be tied to the OIDC ID the user has
|
|
|
|
authenticated with.
|
|
|
|
|
|
|
|
For example, a minimal implementation to recreate the default behaviour would
|
|
|
|
be:
|
|
|
|
|
|
|
|
```php
|
|
|
|
public function handle($event)
|
|
|
|
{
|
|
|
|
$user = new \App\Models\User();
|
|
|
|
$user->name = $event->fields['name'];
|
|
|
|
$user->email = $event->fields['email'];
|
|
|
|
$user->save();
|
|
|
|
return $user;
|
|
|
|
}
|
|
|
|
```
|
|
|
|
|
|
|
|
If you wanted an implementation to help migrate existing users to OIDC users,
|
|
|
|
something like the following may work:
|
|
|
|
|
|
|
|
```php
|
|
|
|
public function handle($event)
|
|
|
|
{
|
|
|
|
// Try and load an existing user with the given email address
|
|
|
|
$user = \App\Models\User::where('email', $event->fields['email'])->first();
|
|
|
|
|
|
|
|
if (!isset($user))
|
|
|
|
{
|
|
|
|
// If that user wasn't found, this is an entirely new user
|
|
|
|
$user = new \App\Models\User();
|
|
|
|
$user->name = $event->fields['name'];
|
|
|
|
$user->email = $event->fields['email'];
|
|
|
|
$user->save();
|
|
|
|
return $user;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
// If the user was found, then we can tie them to the OIDC
|
|
|
|
// user.
|
|
|
|
$user->name = $event->fields['name'];
|
|
|
|
$user->email = $event->fields['email'];
|
|
|
|
// Clear the user's password to prevent non-OIDC logins going
|
|
|
|
// forward.
|
|
|
|
$user->password = null;
|
|
|
|
$user->save();
|
|
|
|
return $user;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
```
|
|
|
|
|
|
|
|
## UserLogin
|
|
|
|
|
|
|
|
This event is fired when a user is authenticated (whether an existing user, or
|
|
|
|
after a UserRegistration event). The event is passed the user model and the
|
|
|
|
fields returned by the OIDC provider (e.g., email, name).
|
|
|
|
|
|
|
|
If a listener is registered, it is expected to update the user model with any
|
|
|
|
updated fields returned by the OIDC provider.
|
|
|
|
|
|
|
|
For example, a minimal implementation to recreate the default behaviour would
|
|
|
|
be:
|
|
|
|
|
|
|
|
```php
|
|
|
|
public function handle($event)
|
|
|
|
{
|
|
|
|
$user = $event->user;
|
|
|
|
$user->name = $event->fields['name'];
|
|
|
|
$user->email = $event->fields['email'];
|
|
|
|
$user->save();
|
|
|
|
}
|
|
|
|
```
|
|
|
|
|
|
|
|
## UserLogout
|
|
|
|
|
|
|
|
This event is fired when the user tries to log out of your application. The
|
|
|
|
event is fired _before_ the user is logged out of the Laravel authentication
|
|
|
|
system or redirected to the OIDC provider to logout.
|
|
|
|
|