PHPackages                             andcarpi/laravel-sso-server - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. andcarpi/laravel-sso-server

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

andcarpi/laravel-sso-server
===========================

A Laravel Package that makes your project a SSO Server

795[1 issues](https://github.com/andcarpi/laravel-sso-server/issues)PHP

Since Nov 21Pushed 6y ago2 watchersCompare

[ Source](https://github.com/andcarpi/laravel-sso-server)[ Packagist](https://packagist.org/packages/andcarpi/laravel-sso-server)[ RSS](/packages/andcarpi-laravel-sso-server/feed)WikiDiscussions master Synced yesterday

READMEChangelogDependenciesVersions (1)Used By (0)

Simple PHP SSO integration for Laravel
======================================

[](#simple-php-sso-integration-for-laravel)

[![Latest Stable Version](https://camo.githubusercontent.com/191bd3775cc2e245ed12f1cef8ed04fd9b5fd782d11038f04c5ec4fa52d342f1/68747470733a2f2f706f7365722e707567782e6f72672f7a6566792f6c61726176656c2d73736f2f762f737461626c65)](https://packagist.org/packages/zefy/laravel-sso)[![Total Downloads](https://camo.githubusercontent.com/e925605badc337b5461e400b20c1503e4cc66c5f7f70bb54b993c96ac47e5211/68747470733a2f2f706f7365722e707567782e6f72672f7a6566792f6c61726176656c2d73736f2f646f776e6c6f616473)](https://packagist.org/packages/zefy/laravel-sso)[![Latest Unstable Version](https://camo.githubusercontent.com/9fa9258e184558c43257d19122cd228dca00d44e3590ed53be7c87dfab3bd84e/68747470733a2f2f706f7365722e707567782e6f72672f7a6566792f6c61726176656c2d73736f2f762f756e737461626c65)](https://packagist.org/packages/zefy/laravel-sso)[![License](https://camo.githubusercontent.com/f911616e20d8720b3b43fa8c5117b85bee404d37d9dcc539fff88ac32f7ecf01/68747470733a2f2f706f7365722e707567782e6f72672f7a6566792f6c61726176656c2d73736f2f6c6963656e7365)](https://packagist.org/packages/zefy/laravel-sso)[![Scrutinizer Code Quality](https://camo.githubusercontent.com/d0811625fc1efb7995ea4347abeee1be388cc40fc053cacc67620ab6ea97be87/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f7a6566792f6c61726176656c2d73736f2f6261646765732f7175616c6974792d73636f72652e706e673f623d6d6173746572)](https://scrutinizer-ci.com/g/zefy/laravel-sso/?branch=master)[![Build Status](https://camo.githubusercontent.com/ba0a45558d1c4bef9a5604c2c1b0607361cf98a17e29277a8a49b2a9e09a3ba3/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f7a6566792f6c61726176656c2d73736f2f6261646765732f6275696c642e706e673f623d6d6173746572)](https://scrutinizer-ci.com/g/zefy/laravel-sso/build-status/master)[![Code Intelligence Status](https://camo.githubusercontent.com/901ca9b15919822152f6caa608a23984abe8b1f75f29c4880a6429503d23a529/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f7a6566792f6c61726176656c2d73736f2f6261646765732f636f64652d696e74656c6c6967656e63652e7376673f623d6d6173746572)](https://scrutinizer-ci.com/code-intelligence)

### Requirements

[](#requirements)

- Laravel 5.5+
- PHP 7.1+

### Words meanings

[](#words-meanings)

- ***SSO*** - Single Sign-On.
- ***Server*** - page which works as SSO server, handles authentications, stores all sessions data.
- ***Broker*** - your page which is used visited by clients/users.
- ***Client/User*** - your every visitor.

### How it works?

[](#how-it-works)

Client visits Broker and unique token is generated. When new token is generated we need to attach Client session to his session in Broker so he will be redirected to Server and back to Broker at this moment new session in Server will be created and associated with Client session in Broker's page. When Client visits other Broker same steps will be done except that when Client will be redirected to Server he already use his old session and same session id which associated with Broker#1.

Installation
============

[](#installation)

### Server

[](#server)

Install this package using composer.

```
$ composer require zefy/laravel-sso
```

Copy config file to Laravel project `config/` folder.

```
$ php artisan vendor:publish --provider="andcarpi\LaravelSSOServer\SSOServiceProvider"
```

Create table where all brokers will be saved.

```
$ php artisan migrate --path=vendor/zefy/laravel-sso/database/migrations
```

Edit your `app/Http/Kernel.php` by removing throttle middleware and adding sessions middleware to `api` middlewares array. This is necessary because we need sessions to work in API routes and throttle middleware can block connections which we need.

```
'api' => [
    'bindings',
    \Illuminate\Session\Middleware\StartSession::class,
],
```

Now you should create brokers. You can create new broker using following Artisan CLI command:

```
$ php artisan sso:broker:create {name}
```

---

### Broker

[](#broker)

Install this package using composer.

```
$ composer require zefy/laravel-sso
```

Copy config file to Laravel project `config/` folder.

```
$ php artisan vendor:publish --provider="andcarpi\LaravelSSOServer\SSOServiceProvider"
```

Change `type` value in `config/laravel-sso.php` file from `server`to `broker`.

Set 3 new options in your `.env` file:

```
SSO_SERVER_URL=
SSO_BROKER_NAME=
SSO_BROKER_SECRET=
```

`SSO_SERVER_URL` is your server's http url without trailing slash. `SSO_BROKER_NAME` and `SSO_BROKER_SECRET` must be data which exists in your server's `brokers` table.

Edit your `app/Http/Kernel.php` by adding `\andcarpi\LaravelSSOServer\Middleware\SSOAutoLogin::class` middleware to `web` middleware group. It should look like this:

```
protected $middlewareGroups = [
        'web' => [
            ...
            \andcarpi\LaravelSSOServer\Middleware\SSOAutoLogin::class,
        ],

        'api' => [
            ...
        ],
    ];
```

Last but not least, you need to edit `app/Http/Controllers/Auth/LoginController.php`. You should add two functions into `LoginController` class which will authenticate your client through SSO server but not your Broker page.

```
protected function attemptLogin(Request $request)
{
    $broker = new \andcarpi\LaravelSSOServer\LaravelSSOBroker;

    $credentials = $this->credentials($request);
    return $broker->login($credentials[$this->username()], $credentials['password']);
}

public function logout(Request $request)
{
    $broker = new \andcarpi\LaravelSSOServer\LaravelSSOBroker;

    $broker->logout();

    $this->guard()->logout();

    $request->session()->invalidate();

    return redirect('/');
}
```

That's all. For other Broker pages you should repeat everything from the beginning just changing your Broker name and secret in configuration file.

Example `.env` options:

```
SSO_SERVER_URL=https://server.test
SSO_BROKER_NAME=site1
SSO_BROKER_SECRET=892asjdajsdksja74jh38kljk2929023
```

###  Health Score

21

—

LowBetter than 19% of packages

Maintenance17

Infrequent updates — may be unmaintained

Popularity13

Limited adoption so far

Community14

Small or concentrated contributor base

Maturity35

Early-stage or recently created project

 Bus Factor1

Top contributor holds 57.1% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

### Community

Maintainers

![](https://www.gravatar.com/avatar/0c586fc964760abd9779aa38cf47f05c54874a59f6fafdd5e679d807df11ef8e?d=identicon)[andcarpi](/maintainers/andcarpi)

---

Top Contributors

[![martynaszaliaduonis](https://avatars.githubusercontent.com/u/43949022?v=4)](https://github.com/martynaszaliaduonis "martynaszaliaduonis (24 commits)")[![zefy](https://avatars.githubusercontent.com/u/5538557?v=4)](https://github.com/zefy "zefy (12 commits)")[![andcarpi](https://avatars.githubusercontent.com/u/13441557?v=4)](https://github.com/andcarpi "andcarpi (6 commits)")

### Embed Badge

![Health badge](/badges/andcarpi-laravel-sso-server/health.svg)

```
[![Health](https://phpackages.com/badges/andcarpi-laravel-sso-server/health.svg)](https://phpackages.com/packages/andcarpi-laravel-sso-server)
```

###  Alternatives

[namshi/jose

JSON Object Signing and Encryption library for PHP.

1.8k99.6M101](/packages/namshi-jose)[league/oauth1-client

OAuth 1.0 Client Library

99698.8M106](/packages/league-oauth1-client)[bezhansalleh/filament-shield

Filament support for `spatie/laravel-permission`.

2.8k2.9M88](/packages/bezhansalleh-filament-shield)[gesdinet/jwt-refresh-token-bundle

Implements a refresh token system over Json Web Tokens in Symfony

70516.4M35](/packages/gesdinet-jwt-refresh-token-bundle)[league/oauth2-google

Google OAuth 2.0 Client Provider for The PHP League OAuth2-Client

41721.2M118](/packages/league-oauth2-google)[illuminate/auth

The Illuminate Auth package.

9327.3M1.0k](/packages/illuminate-auth)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)