定制 tuahweb/php-sso-client-connect 二次开发

按需修改功能、优化性能、对接业务系统,提供一站式技术支持

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

tuahweb/php-sso-client-connect

Composer 安装命令:

composer require tuahweb/php-sso-client-connect

包简介

SSO Client Connect — Laravel package for connecting client apps to an OAuth2 SSO server. Socialite provider, webhook receiver, middleware, and user sync.

README 文档

README

A reusable Laravel package that connects client applications to a Laravel Passport-based SSO Identity Provider (like sso-server). Handles OAuth2 authentication, webhook-driven user sync, role/permission middleware, and automatic user provisioning.

Features

  • 🔐 Custom Socialite Provider — OAuth2 Authorization Code + PKCE with SsoServerProvider
  • 🔄 Webhook Receiver — HMAC-signed webhook handler for user sync from SSO server
  • 🛡️ MiddlewareCheckSsoActive (role access enforcement), VerifySsoSignature (webhook HMAC)
  • 👤 User Provisioning — Automatic user create/update from SSO data
  • 🧩 Fully Configurable — Override User model, jobs, controllers, middleware, and commands via config

Requirements

  • PHP 8.3+
  • Laravel 11.x, 12.x, or 13.x
  • laravel/socialite ^5.28
  • MySQL (or any database supported by Laravel)

Installation

composer require tuahweb/php-sso-client-connect

Publish Configuration

php artisan vendor:publish --tag=sso-client-config

Configuration

1. Environment Variables (.env)

Setel SSO_PROVIDER sebagai base URL SSO server. Semua endpoint OAuth2 akan diturunkan secara otomatis.

APP_URL=https://your-app.test
SSO_PROVIDER=https://sso-server.test
SSO_CLIENT_ID=your-oauth-client-id
SSO_CLIENT_SECRET=your-oauth-client-secret
SSO_WEBHOOK_SECRET=your-webhook-secret

Gunakan variabel berikut jika ingin override endpoint individual (opsional):

SSO_REDIRECT_URI=https://your-app.test/auth/sso/callback
SSO_AUTHORIZE_URL=https://sso-server.test/oauth/authorize
SSO_TOKEN_URL=https://sso-server.test/oauth/token
SSO_USER_INFO_URL=https://sso-server.test/api/user
SSO_DASHBOARD_URL=https://sso-server.test/dashboard

2. Service Configuration (config/services.php)

redirect, authorize_url, token_url, user_info_url, dan server_url diturunkan dari SSO_PROVIDER secara otomatis — cukup setel di .env.

Contoh minimal:

'sso' => [
    'client_id' => env('SSO_CLIENT_ID'),
    'client_secret' => env('SSO_CLIENT_SECRET'),
    'redirect' => env('SSO_REDIRECT_URI', env('APP_URL').'/auth/sso/callback'),
    'webhook_secret' => env('SSO_WEBHOOK_SECRET'),
    'server_url' => env('SSO_PROVIDER'),

    // Endpoint berikut diturunkan dari SSO_PROVIDER.
    // Override via env jika path default tidak sesuai.
    'authorize_url' => env('SSO_AUTHORIZE_URL', rtrim(env('SSO_PROVIDER', 'http://sso-server.test'), '/').'/oauth/authorize'),
    'token_url' => env('SSO_TOKEN_URL', rtrim(env('SSO_PROVIDER', 'http://sso-server.test'), '/').'/oauth/token'),
    'user_info_url' => env('SSO_USER_INFO_URL', rtrim(env('SSO_PROVIDER', 'http://sso-server.test'), '/').'/api/user'),
],

3. User Model

Your User model (or any class specified in config('sso.user_model')) should have these columns/methods:

Migration columns:

  • uuid('id')->primary() — UUID from SSO server as primary key
  • string('name')
  • string('email')->unique()
  • boolean('is_active')->default(true)
  • json('roles')->nullable()
  • json('permissions')->nullable()
  • timestamp('sso_synced_at')->nullable()

Methods expected by the package (optional, for Gate-based auth):

  • hasRole(string $role): bool
  • hasPermission(string $permission): bool

4. Middleware Registration (bootstrap/app.php for Laravel 11+)

->withMiddleware(function (Middleware $middleware) {
    $middleware->alias([
        'verify.sso.signature' => \Tuahweb\SsoClient\Middleware\VerifySsoSignature::class,
        'check.sso.active' => \Tuahweb\SsoClient\Middleware\CheckSsoActive::class,
    ]);
})

5. Optional: Gate Registration

In App\Providers\AuthServiceProvider:

Gate::before(function ($user, $ability) {
    if (method_exists($user, 'hasPermission')) {
        return $user->hasPermission($ability) ?: null;
    }
    return null;
});

Usage

Routes (Auto-Registered)

The package automatically registers these routes:

Method URI Name Description
GET /auth/sso/redirect auth.sso.redirect Redirect to SSO login
GET /auth/sso/callback auth.sso.callback Handle SSO callback
POST /webhook/sso-sync webhook.sso-sync Webhook receiver

You can disable auto-routing in config/sso.php:

'routes' => [
    'auth' => false,    // Disable SSO auth routes
    'webhook' => false, // Disable webhook route
],

Console Commands

# Trigger full sync from SSO server
php artisan sso:full-sync

Logout Behavior

When a user logs out from a client application:

  1. Local session only — The client app clears its local session (Auth::logout())
  2. SSO session preserved — The user remains authenticated on the SSO server
  3. Redirect to SSO dashboard — User is redirected to the SSO server dashboard after logout
  4. Access other apps — User can immediately access other client apps without re-authenticating

Example flow:

  • User is logged into Client A and Client B
  • User clicks logout in Client A
  • Client A session is destroyed
  • User is redirected to SSO server dashboard
  • User can still access Client B without logging in again

Configuration:

# .env
SSO_DASHBOARD_URL=https://sso-server.test/dashboard
// config/sso.php
'routes' => [
    'dashboard_url' => env('SSO_DASHBOARD_URL', 'http://sso-server.test/dashboard'),
],

To implement full SSO logout (log out from SSO server and all clients), you would need to implement a separate logout endpoint on the SSO server that revokes tokens and triggers logout webhooks to all clients.

Customization

Override the User Model

// config/sso.php
'user_model' => App\Models\YourCustomUser::class,

Override the Webhook Job

Create your own job class that extends the default:

namespace App\Jobs;

use Tuahweb\SsoClient\Jobs\ProcessSsoWebhookJob;

class CustomProcessSsoWebhookJob extends ProcessSsoWebhookJob
{
    public function handle(): void
    {
        // Custom logic before/after sync
        \Log::info('Processing webhook', ['event' => $this->event]);

        parent::handle();
    }
}

Then update config:

// config/sso.php
'jobs' => [
    'process_webhook' => \App\Jobs\CustomProcessSsoWebhookJob::class,
],

Override Controllers

Extend any package controller and override methods:

namespace App\Http\Controllers\Auth;

use Tuahweb\SsoClient\Http\Controllers\SsoController as BaseSsoController;

class SsoController extends BaseSsoController
{
    protected function authenticatedRedirect($user): RedirectResponse
    {
        return redirect()->intended('/custom-dashboard');
    }

    protected function loginFailedRedirect(string $message): RedirectResponse
    {
        return redirect()->route('custom.login')
            ->with('error', $message);
    }
}

Then update config:

// config/sso.php
'controllers' => [
    'sso' => \App\Http\Controllers\Auth\SsoController::class,
],

Development

For local development, add a path repository in your consuming project's composer.json:

"repositories": [
    {
        "type": "path",
        "url": "../packages/tuahweb/php-sso-client-connect"
    }
],
"require": {
    "tuahweb/php-sso-client-connect": "*"
}

tuahweb/php-sso-client-connect 适用场景与选型建议

tuahweb/php-sso-client-connect 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 0 次下载、GitHub Stars 达 0, 最近一次更新时间为 2026 年 07 月 15 日, 在 PHP 生态内属于活跃度较高的组件。

它主要适用于以下技术方向: 「oauth2」 「SSO」 「laravel」 「passport」 「socialite」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。

我们在过去多个企业项目中使用过 tuahweb/php-sso-client-connect 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 tuahweb/php-sso-client-connect 我们能提供哪些服务?
定制开发 / 二次开发

基于 tuahweb/php-sso-client-connect 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 0
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 0
  • 点击次数: 2
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 0
  • Watchers: 0
  • Forks: 0
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2026-07-15