Adam Pippin
3 years ago
2 changed files with 72 additions and 0 deletions
@ -0,0 +1,69 @@ |
|||
# authkit2 - Code Overview |
|||
|
|||
A brief overview of the code layout and design decisions. |
|||
|
|||
The bulk of the code provides the out-of-the-box Laravel integration, however |
|||
all of that is just a wrapper around the core authkit2 library. |
|||
|
|||
# Core |
|||
|
|||
The core of the library is the `Authkit2` class and the objects and flows under |
|||
`src/Oidc/`. |
|||
|
|||
The `Authkit2` class acts as both an entrypoint to the library as well as |
|||
abstraction layer to allow the core of the library to function on both native |
|||
PHP and within Laravel, while making the best use of the facilities available |
|||
in Laravel when possible. |
|||
|
|||
The code under `src/Oidc/` implements a fairly minimal OIDC library. It manages |
|||
tokens, encodes flows (e.g., three-legged oauth, service account), and provides |
|||
an authentication system for PSR7 compatible HTTP client libraries (e.g., |
|||
Guzzle) to authenticate outgoing requests. |
|||
|
|||
* `Client`: Provides a minimal interface for working with an OIDC provider, |
|||
implementing basic protocol operations, and encapsulating some of the logic |
|||
around determining which endpoint to call and how to call it. |
|||
* `Token`: Provides an encapsulation for an access token or (access token, |
|||
refresh token) tuple and an interface for validating, decoding and extracting |
|||
data, from tokens. Creates authenticated clients for making requests with a |
|||
given token. |
|||
* `Authentication/`: Primarily internal classes for authenticating outgoing |
|||
HTTP requests using a given method. |
|||
* `Flows/`: Implementations of the discrete steps of various oauth flows |
|||
(three-legged, service account) to ease integration. |
|||
|
|||
# Laravel Integration |
|||
|
|||
The remainder of the code in the library is for Laravel integration. The |
|||
library generally follows the layout of a typical Laravel project: |
|||
|
|||
* `config/`: Configuration file |
|||
* `database/`: Database migrations |
|||
* `routes/`: Login routes |
|||
* `src/Events/`: Events published when a user is registered/logged in/logged out |
|||
* `src/Http/`: Basic controller for implementing the three-legged oauth flow |
|||
* `src/Models/`: Eloquent models |
|||
* `src/Observers/`: Observers for eloquent models |
|||
* `src/Providers/`: Service providers |
|||
|
|||
When installed as a package, Laravel discovers the `extra.laravel.providers` |
|||
section in `composer.json`, which tells it to register the |
|||
`Authkit2ServiceProvider` class as a provider. Everything flows out of there. |
|||
|
|||
The `Authkit2ServiceProvider` will, if enabled, register the |
|||
`AuthnServiceProvider` (which provides authentication) and the |
|||
`AuthzServiceProvider` (which provides authorization). |
|||
|
|||
These register or make available several publishable resources: |
|||
|
|||
* `authkit2_config`: The configuration file at `config/authkit.php`. Allows |
|||
customizing the integration between authkit2 and Laravel. |
|||
* `authkit2_migrate_new_project`: A database migration to generate the tokens |
|||
table, as well as one to remove the password and email_verified_at columns |
|||
from the default Laravel users table. |
|||
* `authkit2_migrate_existing_project`: A database migration to generate the |
|||
tokens table, as well as one to make the existing password column nullable so |
|||
OIDC users can be created. |
|||
|
|||
The providers handle registering the necessary routes (defined in the routes |
|||
file) to act as an entrypoint for everything else. |
Loading…
Reference in new issue