Download the PHP package tharangakothalawala/sso without Composer

TSK Single Sign On

This is a library which can provision new accounts and can authenticate users utilizing third party vendor connections.

Supported Vendors

• Amazon
• Facebook
• GitHub
• Google
• LinkedIn
• Slack
• Spotify
• Stripe
• Twitter
• Yahoo
• Zoom

Structure

There are three(3) main functions.

• Third Party Login action
• Authentication process
• Revoking access to your client application

Third Party Login action

Use the following code to redirect a user to the vendor's login page. The following uses Google as an example.

Authentication process

Use the following code to do a signup/signin. The following uses Google as an example. Please note that you will have to implement the TSK\SSO\AppUser\AppUserRepository to provision and validate users according to your application logic. See my example in the examples directory.

DefaultAuthenticator Usage

Please note that using the TSK\SSO\Auth\DefaultAuthenticator will just do a simple lookup of the user store using your logic. If you want to support multiple vendors and to avoid creating new users per each of their specific email address, you will have to use this TSK\SSO\Auth\PersistingAuthenticator.

PersistingAuthenticator Usage

This uses File System by default as the storage for the user mappings.

MySQL

There are two classes available for you to use MySQL as the storage.

For MySQL, I have provided a schema file under sql folder. Please use that.

• TSK\SSO\Storage\PdoThirdPartyStorageRepository

• TSK\SSO\Storage\MysqliThirdPartyStorageRepository

MongoDB

• TSK\SSO\Storage\PeclMongoDbThirdPartyStorageRepository

Of course you can use your own storage by just implementing this interface : TSK\SSO\Storage\ThirdPartyStorageRepository.

Revoking vendor access to your client application

Connecting multiple accounts while logged in.

• A user may have multiple accounts on one(1) vendor. ex: Multiple Facebook/Google accounts with different email addresses.

• Or a user can have accounts on other vendors such as Facebook and Google at the same time. You may want to let them connect other accounts to make it easier for them to authenticate/access using multiple vendors.

You can use the TSK\SSO\Auth\AppUserAwarePersistingAuthenticator to validate the account that they selecting.

What Next?

To add any missing vendor support and any other storage systems.

Demo

Creating your own apps [Optional]

I have created several demo apps and have registered them in Amazon, GitHub, Google, Twitter & Yahoo. Optionally you may register your own apps if you want to test.

• Amazon : https://sellercentral.amazon.com/hz/home
• GitHub : https://github.com/settings/developers
• Google : https://console.developers.google.com
• Twitter : https://developer.twitter.com/en/apps - You must at least have 'Read-only' access permission and have ticked 'Request email address from users' under additional permissions.
• Spotify : https://developer.spotify.com/dashboard/applications
• Yahoo : https://developer.yahoo.com/apps - You must at least select 'Read/Write Public and Private' of 'Profiles (Social Directory)' API permissions.

Host File Entry

And add the localhost.com into the host file as following. (Linux : /etc/hosts, Windows: C:\Windows\System32\drivers\etc\hosts)

Start Demo

Then go to http://localhost.com