Usage

The SSOfy Laravel package provides middleware for protecting your endpoints. You must first add SSOfy's guard and, if required, the user provider to your config/auth.php file.

This guarantees that SSOfy-generated authentication tokens will be used by the protected endpoints.

...
    'guards' => [
        'web' => [
            'driver' => 'ssofy',
            'provider' => 'users',
        ],
        'api' => [
            'driver' => 'ssofy',
            'provider' => 'users',
        ],
    ],
...

Once the Guards have been set up, you can secure your endpoints by using the standard Laravel auth:web and auth:api middleware.

If you want to access user data through SSOfy rather than Laravel's built-in user provider (SSOfy as the user provider microservice), you should enable the SSOfy package's user provider.

...
    'providers' => [
        'ssofy' => [
            'driver' => 'ssofy',
            'cache' => true,
        ],
    ],
...

If you wish your guard(s) to use the SSOfy User Provider, make the following changes to the guards:

...
    'guards' => [
        'web' => [
            'driver' => 'ssofy',
            'provider' => 'ssofy',
        ],
        'api' => [
            'driver' => 'ssofy',
            'provider' => 'ssofy',
        ],
    ],
...

In addition to Laravel's standard auth middleware, the SSOfy Laravel package includes ssofy middleware, which provides several extra benefits.

The middleware supports different attributes:

  • ssofy
  • ssofy:redirect
  • ssofy:passive

The default behavior (ssofy middleware with no attributes set) prohibits access to the resource and results in a 401 error message.

ssofy:passive essentially disregards the authentication and moves on to the next handler if the token is invalid. This is useful if you're approaching Authorized and Unauthorized endpoints in separate ways and don't want an error message to be thrown if the token is invalid. For instance, the username is displayed only when the user is login. Yet, the page still functions even if the user is not log in. You might utilize Laravel's auth()->check() method to decide how to render your page.

ssofy:redirect would forward the user to the login page if an authentication (or authorization) is required. Note that it does not redirect if the endpoint just serves API (JSON). As long as the OAuth2 Client Configurations are properly configured, the ssofy:redirect can be used for Web/Html endpoints.

You may wish to add a global passive middleware to the entire application to ensure that the latest state is recovered with each page open.

src/app/Http/Kernel.php

...
    protected $middlewareGroups = [
        'web' => [
            ...
            'ssofy:passive',
            ...
        ],
    ];
...
ssofy Knowledge Base
At our core, we believe that staying up-to-date with the latest trends and advancements in Authentication and related areas is essential. That's why we take great pride in keeping you informed with the latest insights, updates, and news in this rapidly evolving landscape.


Do you need support?
SSOfy is by Cubelet Ltd.
Copyright © 2024 Cubelet Ltd. All rights reserved.