bambamboole/laravel-oidc
Composer 安装命令:
composer require bambamboole/laravel-oidc
包简介
OpenID Connect provider layer for Laravel Passport
README 文档
README
An OIDC-capable auth server built as a Laravel package — turn your Laravel app into a full OpenID Connect identity provider that other applications authenticate their users against.
The package provides the complete protocol surface of an identity provider and, optionally, a complete authentication engine (login, registration, MFA) that your app fills with its own views and actions.
What you get
OIDC provider
- Signed RS256
id_tokens, a/.well-known/openid-configurationdiscovery document, and a JWKS endpoint (RFC 7638kids). userinfo, RP-initiated logout, OIDC back-channel logout, RFC 7662 introspection, and RFC 7009 revocation.- RFC 9068 structured
at+jwtaccess tokens. - RFC 8693 token exchange, with a self-contained
CheckAudienceresource-server middleware. - Per-grant claim hooks and a swappable
ClaimsResolver/ScopeRepository/ExchangePolicy. - Env-based signing keys (
OIDC_PRIVATE_KEY/OIDC_PUBLIC_KEY) with a built-in rotation command.
Auth engine (optional)
- Package-owned login, registration, password reset, email verification, and password confirmation, driven by view and action seams your app fills.
- Multi-factor authentication: TOTP, recovery codes, and passkeys (WebAuthn).
- A post-login pipeline with a single decision hook (
requireMfa/deny/ add claims) andacr/amremission.
Requirements
- PHP
^8.4 - Laravel 11, 12, or 13
laravel/passport^13.4— the OAuth2 core the package builds on
Installation
composer require bambamboole/laravel-oidc # Publish and run the migrations (extends oauth_clients + adds the package's own tables) php artisan vendor:publish --tag=oidc-migrations php artisan migrate # Generate env-based, rotatable RSA signing keys (OIDC_PRIVATE_KEY / OIDC_PUBLIC_KEY) php artisan oidc:rotate-keys # Optional: publish the config php artisan vendor:publish --tag=oidc-config
The service provider is auto-discovered. Set OIDC_ISSUER to your provider's public origin —
every URL advertised in discovery is derived from it.
See the Installation guide
for the full walkthrough, and Configuration
for every config/oidc.php key.
Built on Passport
Under the hood, the OAuth2 core is Laravel Passport 13 — the package extends and
reconfigures it rather than reimplementing an authorization server. On registration it calls
Passport::ignoreRoutes() and registers the full /oauth/* route surface itself, so that:
- OIDC scopes,
max_age, and theid_tokenresponse type are wired in. - PKCE is required on every authorization request (OAuth 2.1 §4.1.1/§7.6), for confidential clients too.
- Passport's optional JSON API management routes are not registered — register them yourself if you need them.
- The access-token entity is swapped to
OidcAccessTokenand the response type toIdTokenResponse.
Documentation
The full documentation lives at bambamboole.github.io/laravel-oidc and is built with Starlight. To run it locally:
npm install npm run docs:dev
Testing
composer check # pint --test, phpstan (level 6), and the pest suite
CI runs the suite across Laravel 11/12/13 on every push and pull request.
License
MIT. See LICENSE.
bambamboole/laravel-oidc 适用场景与选型建议
bambamboole/laravel-oidc 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 0 次下载、GitHub Stars 达 0, 最近一次更新时间为 2026 年 07 月 15 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「oauth2」 「laravel」 「passport」 「oidc」 「openid-connect」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 bambamboole/laravel-oidc 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 bambamboole/laravel-oidc 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 bambamboole/laravel-oidc 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants. This library will allow you to secure your API with OAuth and allow your applications users to approve apps that want to access their data from your API.
A package to allow laravel/passport use with mongodb/laravel-mongodb
Multiauth and custom grants for laravel passport
Email Toolkit Plugin for CakePHP
Simple laravel passport multiple user authentication
This is a Laravel passport grant for the SMS.
统计信息
- 总下载量: 0
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 0
- 点击次数: 0
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2026-07-15