PHPackages admin9/laravel-oidc-client - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. admin9/laravel-oidc-client ActiveLibrary[Authentication & Authorization](/categories/authentication) admin9/laravel-oidc-client ========================== Laravel OIDC Client package with PKCE support for SSO/SLO authentication v2.1.1(1mo ago)08MITPHPPHP ^8.2CI passing Since Feb 8Pushed 1mo agoCompare [ Source](https://github.com/admin9-labs/laravel-oidc-client)[ Packagist](https://packagist.org/packages/admin9/laravel-oidc-client)[ Docs](https://github.com/admin9-labs/laravel-oidc-client)[ GitHub Sponsors](https://github.com/admin9-labs)[ RSS](/packages/admin9-laravel-oidc-client/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (5)Dependencies (28)Versions (9)Used By (0) Laravel OIDC Client =================== [](#laravel-oidc-client) [![Latest Version on Packagist](https://camo.githubusercontent.com/b8fea7129ec969ca63f145b6834200d9d41c46bc8d02e0b4531fadc0628885fa/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f61646d696e392f6c61726176656c2d6f6964632d636c69656e742e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/admin9/laravel-oidc-client)[![GitHub Tests Action Status](https://camo.githubusercontent.com/e3324d51dcea9a39943c698c2f677d2eded25098935e00ec7e82937422f95d76/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f61646d696e392d6c6162732f6c61726176656c2d6f6964632d636c69656e742f72756e2d74657374732e796d6c3f6272616e63683d6d61696e266c6162656c3d7465737473267374796c653d666c61742d737175617265)](https://github.com/admin9-labs/laravel-oidc-client/actions?query=workflow%3Arun-tests+branch%3Amain)[![PHPStan](https://camo.githubusercontent.com/4470f8df20a6d13b9eac69d9a1f3abcd72eb30f8436f5355e69f06cb6bd970ab/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f5048505374616e2d6c6576656c253230352d627269676874677265656e2e7376673f7374796c653d666c61742d737175617265)](https://github.com/admin9-labs/laravel-oidc-client/actions?query=workflow%3Aphpstan)[![Total Downloads](https://camo.githubusercontent.com/1977883df500db51c351c7fb95bb839d770e8575590e5d3a2f617a569861f22d/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f61646d696e392f6c61726176656c2d6f6964632d636c69656e742e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/admin9/laravel-oidc-client) English | [简体中文](docs/zh-CN/README.md) A Laravel package for OIDC (OpenID Connect) authentication with PKCE support. Architecture-agnostic — works with Blade, Livewire, Inertia, or any Laravel stack. Features -------- [](#features) - OIDC Authorization Code Flow with PKCE - Pluggable authentication strategy via `OidcAuthenticator` interface - Automatic user provisioning from OIDC claims - Flexible user mapping configuration - Token revocation and SSO logout support - Rate limiting on all endpoints - Event system for authentication lifecycle Requirements ------------ [](#requirements) - PHP 8.2+ - Laravel 11.x or 12.x - Persistent session driver (redis, database, file) Installation ------------ [](#installation) ``` composer require admin9/laravel-oidc-client php artisan vendor:publish --tag="oidc-client-config" php artisan vendor:publish --tag="oidc-client-migrations" php artisan migrate ``` Configuration ------------- [](#configuration) Add to `.env`: ``` OIDC_AUTH_SERVER_HOST=https://auth.example.com OIDC_CLIENT_ID=your-client-id OIDC_CLIENT_SECRET=your-client-secret OIDC_REDIRECT_URI=http://localhost:8000/auth/callback ``` Update `app/Models/User.php`: ``` protected $fillable = [ 'name', 'email', 'password', 'oidc_sub', 'auth_server_refresh_token', ]; protected $hidden = [ 'password', 'remember_token', 'auth_server_refresh_token', ]; protected function casts(): array { return [ 'email_verified_at' => 'datetime', 'password' => 'hashed', 'auth_server_refresh_token' => 'encrypted', ]; } ``` Usage ----- [](#usage) ### Routes [](#routes) The package registers these routes: MethodURIDescriptionGET`/auth/redirect`Start OIDC flowGET`/auth/callback`Handle callback, create session, redirect### How It Works [](#how-it-works) 1. User visits `/auth/redirect` — redirected to your OIDC provider 2. After authentication, the provider redirects back to `/auth/callback` 3. The package exchanges the authorization code for tokens, fetches user info, and creates/updates the local user 4. The configured `OidcAuthenticator` handles login (default: web session guard) and returns a response ### Authentication Flow [](#authentication-flow) ``` Browser Your App OIDC Provider │ │ │ ├── GET /auth/redirect ──→ │ │ │ ├── Generate state + PKCE │ │ ├── Store in session │ │ ←── 302 Redirect ──────┤ │ ├──────────────────────────────── Authorization ──────→ │ │ │ ├── User authenticates │ ←───────────────────────────── 302 + code ──────────┤ ├── GET /auth/callback ──→ │ │ │ ├── Validate state │ │ ├── Exchange code → tokens ─→│ │ │←── access_token ───────────┤ │ ├── Fetch userinfo ─────────→│ │ │←── user claims ────────────┤ │ ├── Find/create local user │ │ ├── OidcAuthenticator │ │ ←── Response ───────────┤ │ ``` ### Login Link [](#login-link) ``` Login with SSO ``` ### Handling Errors [](#handling-errors) Authentication errors are flashed to the session: ``` @if (session('oidc_error')) Authentication failed: {{ session('oidc_error_description') }} @endif ``` ### Logout [](#logout) Create a logout controller using `OidcService`: ``` use Admin9\OidcClient\Services\OidcService; public function logout(Request $request, OidcService $oidcService) { $user = $request->user(); $oidcService->revokeAuthServerToken($user); Auth::guard('web')->logout(); $request->session()->invalidate(); $request->session()->regenerateToken(); if ($oidcService->isOidcUser($user)) { return redirect($oidcService->getSsoLogoutUrl()); } return redirect('/'); } ``` ### Custom Authenticator [](#custom-authenticator) By default, the package uses `SessionAuthenticator` which logs in via Laravel's web guard. For SPA/JWT scenarios, implement the `OidcAuthenticator` interface: ``` use Admin9\OidcClient\Contracts\OidcAuthenticator; use Illuminate\Http\Request; use Symfony\Component\HttpFoundation\Response; class JwtAuthenticator implements OidcAuthenticator { public function authenticate(Request $request, mixed $user, array $tokens, array $userInfo): Response { $jwt = /* generate your JWT */; return response()->json(['token' => $jwt]); } } ``` Register it in `config/oidc-client.php`: ``` 'authenticator' => \App\Services\JwtAuthenticator::class, ``` ### Events [](#events) The package dispatches two events during the authentication lifecycle: EventPropertiesWhen`OidcUserAuthenticated``$user`, `$userInfo`, `$isNewUser`After successful authentication`OidcAuthFailed``$errorCode`, `$errorMessage`When authentication failsExample listener: ``` // app/Listeners/LogOidcLogin.php use Admin9\OidcClient\Events\OidcUserAuthenticated; class LogOidcLogin { public function handle(OidcUserAuthenticated $event): void { logger()->info('OIDC login', [ 'user_id' => $event->user->getKey(), 'new' => $event->isNewUser, ]); } } ``` ### Optional Configuration [](#optional-configuration) ``` OIDC_REDIRECT_URL=/dashboard # Where to redirect after login (default: /dashboard) OIDC_POST_LOGOUT_REDIRECT_URL=/ # Where Auth Server redirects after SSO logout (default: /) ``` Documentation ------------- [](#documentation) - [Configuration](docs/configuration.md) - All config options and environment variables - [Troubleshooting](docs/troubleshooting.md) - Common issues and solutions License ------- [](#license) MIT ### Health Score 42 — FairBetter than 89% of packages Maintenance96 Actively maintained with recent releases Popularity5 Limited adoption so far Community6 Small or concentrated contributor base Maturity51 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~6 days Total 7 Last Release 50d ago Major Versions v1.1.0 → v2.0.02026-03-11 v1.0.0 → v2.1.12026-03-20 ### Community Maintainers ![](https://www.gravatar.com/avatar/89f9c7018c46dc8dcaa27f05cb2cd4ee65b698b38afe4791d2d9e4302fa5013d?d=identicon)[qiyue2015](/maintainers/qiyue2015) --- Top Contributors [![qiyue2015](https://avatars.githubusercontent.com/u/11554433?v=4)](https://github.com/qiyue2015 "qiyue2015 (27 commits)") --- Tags authenticationlaravellaravel-packageoidcopenid-connectphppkceslossolaravelAuthenticationSSOoauthoidcpkceslo ### Code Quality TestsPest Static AnalysisPHPStan Code StyleLaravel Pint ### Embed Badge ![Health badge](/badges/admin9-laravel-oidc-client/health.svg) ``` [![Health](https://phpackages.com/badges/admin9-laravel-oidc-client/health.svg)](https://phpackages.com/packages/admin9-laravel-oidc-client) ``` ### Alternatives [auth0/login Auth0 Laravel SDK. Straight-forward and tested methods for implementing authentication, and accessing Auth0's Management API endpoints. 2745.0M3](/packages/auth0-login)[kovah/laravel-socialite-oidc OpenID Connect OAuth2 Provider for Laravel Socialite 2073.7k](/packages/kovah-laravel-socialite-oidc)[authlete/authlete-laravel Authlete Library for Laravel 4226.0k](/packages/authlete-authlete-laravel)[maicol07/laravel-oidc-client OpenID Connect Client for Laravel 251.1k](/packages/maicol07-laravel-oidc-client) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)