Download the PHP package samyapp/laravel-external-authentication without Composer

On this page you can find all versions of the php package samyapp/laravel-external-authentication. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Example code of samyapp/laravel-external-authentication

Informations about the package laravel-external-authentication

Laravel External Authentication

Laravel authentication package that authenticates users based on HTTP request headers or environment variables set by an external authentication source such as Apache with basic authentication, SAML2 SSO via mod_auth_mellon, or a custom implementation using Nginx's http_auth_request.

This package focuses on authenticating users and setting properties or attributes on your user model based on those set via the external identity provider.

Build Status

Security

If you rely on HTTP headers to determine whether or not a user is authenticated you must ensure that these headers have been sent to your Laravel app from a trusted source and not spoofed by the client.

For example:

Both of these cases should be safe, provided you ensure the web servers set the variables to blank values when no user is authenticated.

In addition, if your authentication servers (Apache or Nginx in the examples above) are proxying to php on one or more different servers (over a network) you should ensure that php only responds to requests from those specific upstream servers to avoid other users on the network being able to make requests with forged headers.

Quickstart

  1. Install: composer require samyapp/laravel-external-authentication

  2. Publish the configuration:

  3. Configure your application to use the External Guard:

    config/auth.php:

  4. If using transient users in your app, configure the user provider and model:

    config/auth.php:

  5. Edit config/external-auth.php with your configuration.

  6. Add authentication to the routes you want to protect.
  7. Access the authenticated user the same way you would in any normal Laravel app. Any user attributes defined in your config/external-auth.php 'attributeMap' should be available on your user model.

Troubleshooting

When configuring an external authentication source such as Apache mod_mellon_auth it can be useful to see what attributes and values it is sending to PHP.

You can enable logging of this data (using your app's Laravel logging configuration) by setting 'logInput' => true, in your config. You must also ensure that 'logLevel' is set at least to the minimum level that your app's logging level is (e.g. info, debug, warning, etc).

Be aware that this will (except when developmentMode = true) dump the contents of Request::server() into your Laravel logs so it should only be enabled when essential for troubleshooting.

Development / Testing Configuration

Configuring an authentication service such as Apache mod mellon Instead of configuring an authentication service during development you can enable development mode and specify the headers that you want set:

config/external-auth.php

The attribute names should be the same ones that would be set in your live environment.

In the example above the authenticated user would be one with a username of 'foo', and the user model would have the 'role' property set to the value 'admin'.

Authenticating Users

ExternalAuthGuard can work with your app's user model in one of the following ways:

  1. Users exist within your app (the configured user provider can retrieve one that matches the credentials) and authentication fails if credential attributes do not match an existing user.
  2. Users do not exist in your app, but a "Transient" user model should be created to represent the authenticated user for each request.

Authorizing Users

Use the standard Laravel methods to authorize users for specific routes or actions.

Configuration

Working with your existing users and User model

ExternalAuthGuard uses the user provider and user model configured in your config/auth.php for the guard in the same way as the default Laravel SessionGuard, calling UserProvider::retrieveByCredentials() with the values (for example, email) from the server named in the config/external-auth.php credentialAttributes setting.

Creating "missing" users

If you prefer to create users in your database "on-demand" when the guard authenticates them for the first time, you can listen for the UnknownUserAuthenticating event which is dispatched when all expected user attributes are present in the request but the user provider cannot find an existing user.

You can create and persist the user in your listener similar to the example below (you might want to add some validation though):

app/Providers/EventServiceProvider.php

Alternatively, you might want to log whenever a user is authenticated externally but does not have a matching user account in your app.

Updating User Attributes

If you need to sync your apps' users table with the attribute values passed in from your external authentication provider (for example, name, roles, or some other attributes) you can listen for the Illuminate\Auth\Events\Login event which is fired when the guard's login($user) method has been called.

This event will have the authenticated User model in its $user property which will have the values of the properties set by the external authentication source.

For a standard Laravel User model, you can just call $event->user->save() to sync it with your app database, e.g:

app/Providers/EventServiceProvider.php

Working with "Transient" users

ExternalAuthGuard can be used for applications which do not have a separate users database table, relying entirely on the external authentication source to set the attributes that define a user.

You can use the provided TransientUserProvider which is automatically registered by the package service provider, and which accepts the attributes passed in from the external authentication source and will return a user object with the values of each attribute assigned to it without attempting to retrieve an existing user from a database.

The Transient user provider can be configured to use any class as the created user object.

The package includes a very simple TransientUser object which just allows setting and getting attribute values but will work with any class which allows setting and getting attributes on.

To configure the TransientUserProvider as the user provider for this guard, edit your auth configuration:

config/auth.php

To use your own class (i.e. App\Models\User) for the authenticated user objects, just set the providers.transient.model parameter as above, e.g.:

Additional Options

Custom Attribute Mapping

If you require additional logic to map the externally set attributes to your user model you can create a callable and set the mapAttributes configuration setting to it.

See the DefaultAttributeMapper implementation for reference.

For example, create a \My\App\MyAttributeMapper class with a static mapAttributes(AuthConfig $config, array $input): array method, and in your externa-auth.php config set:

config/external-auth.php

Authentication Guard Driver ID

To specify that your app should use the ExternalAuthGuard to authenticate its users you specify external-auth as the name of the guard driver in your config/auth.php.

This is the name that the ExternalAuthServiceProvider registers the guard under by default.

If you need to use a different name you can set the id configuration option (ensuring you also update the guards driver value to match).

config/external-auth.php

All versions of laravel-external-authentication with dependencies

PHP Build Version
Package Version
Requires illuminate/support Version ^10.0|^11.0|^12
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package samyapp/laravel-external-authentication contains the following files

Loading the files please wait ....