nucleardog
/
authkit2
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
20 Commits
1 Branch
0 Tags
166 KiB
 
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
authkit2/docs/INTERNALS.md

3.1 KiB
Raw Permalink Blame History

authkit2 - Code Overview

A brief overview of the code layout and design decisions.

The bulk of the code provides the out-of-the-box Laravel integration, however all of that is just a wrapper around the core authkit2 library.

Core

The core of the library is the Authkit2 class and the objects and flows under src/Oidc/.

The Authkit2 class acts as both an entrypoint to the library as well as abstraction layer to allow the core of the library to function on both native PHP and within Laravel, while making the best use of the facilities available in Laravel when possible.

The code under src/Oidc/ implements a fairly minimal OIDC library. It manages tokens, encodes flows (e.g., three-legged oauth, service account), and provides an authentication system for PSR7 compatible HTTP client libraries (e.g., Guzzle) to authenticate outgoing requests.

  • Client: Provides a minimal interface for working with an OIDC provider, implementing basic protocol operations, and encapsulating some of the logic around determining which endpoint to call and how to call it.
  • Token: Provides an encapsulation for an access token or (access token, refresh token) tuple and an interface for validating, decoding and extracting data, from tokens. Creates authenticated clients for making requests with a given token.
  • Authentication/: Primarily internal classes for authenticating outgoing HTTP requests using a given method.
  • Flows/: Implementations of the discrete steps of various oauth flows (three-legged, service account) to ease integration.

Laravel Integration

The remainder of the code in the library is for Laravel integration. The library generally follows the layout of a typical Laravel project:

  • config/: Configuration file
  • database/: Database migrations
  • routes/: Login routes
  • src/Events/: Events published when a user is registered/logged in/logged out
  • src/Http/: Basic controller for implementing the three-legged oauth flow
  • src/Models/: Eloquent models
  • src/Observers/: Observers for eloquent models
  • src/Providers/: Service providers

When installed as a package, Laravel discovers the extra.laravel.providers section in composer.json, which tells it to register the Authkit2ServiceProvider class as a provider. Everything flows out of there.

The Authkit2ServiceProvider will, if enabled, register the AuthnServiceProvider (which provides authentication) and the AuthzServiceProvider (which provides authorization).

These register or make available several publishable resources:

  • authkit2_config: The configuration file at config/authkit.php. Allows customizing the integration between authkit2 and Laravel.
  • authkit2_migrate_new_project: A database migration to generate the tokens table, as well as one to remove the password and email_verified_at columns from the default Laravel users table.
  • authkit2_migrate_existing_project: A database migration to generate the tokens table, as well as one to make the existing password column nullable so OIDC users can be created.

The providers handle registering the necessary routes (defined in the routes file) to act as an entrypoint for everything else.