PHPackages                             finmetrik/console-sso-sdk - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [CLI &amp; Console](/categories/cli)
4. /
5. finmetrik/console-sso-sdk

ActiveLibrary[CLI &amp; Console](/categories/cli)

finmetrik/console-sso-sdk
=========================

PHP SDK for Console SSO Hub integration - Single Sign-On client library

1.0.1(7mo ago)01.5k↓92.9%MITPHPPHP ^8.1

Since Dec 5Pushed 7mo agoCompare

[ Source](https://github.com/finmetrik/console-sso-sdk)[ Packagist](https://packagist.org/packages/finmetrik/console-sso-sdk)[ Docs](https://github.com/finmetrik/console-sso-sdk)[ RSS](/packages/finmetrik-console-sso-sdk/feed)WikiDiscussions main Synced 2d ago

READMEChangelogDependencies (4)Versions (3)Used By (0)

Console SSO SDK
===============

[](#console-sso-sdk)

[![Latest Version on Packagist](https://camo.githubusercontent.com/d37de691eb8aefd8b3f0d895a649a5e0c088eaa5fe3664ddd4c54a9495a70e62/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f66696e6d657472696b2f636f6e736f6c652d73736f2d73646b2e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/finmetrik/console-sso-sdk)[![Total Downloads](https://camo.githubusercontent.com/43c04380d221a86bf558d0f821524b51560e21ddcdcabd14e7e80479b1afc5e3/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f66696e6d657472696b2f636f6e736f6c652d73736f2d73646b2e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/finmetrik/console-sso-sdk)[![License](https://camo.githubusercontent.com/503e4c8e785e809e63dd2e34ce5fcac57bc5a671f9db482e5965a99bfa90e5e9/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f6c2f66696e6d657472696b2f636f6e736f6c652d73736f2d73646b2e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/finmetrik/console-sso-sdk)

PHP SDK for integrating with the Console SSO Hub. Enables Single Sign-On (SSO) authentication for your PHP applications.

Requirements
------------

[](#requirements)

- PHP 8.1 or higher
- Composer
- GuzzleHTTP 7.0+

Installation
------------

[](#installation)

```
composer require finmetrik/console-sso-sdk
```

Configuration
-------------

[](#configuration)

### Laravel

[](#laravel)

The package auto-discovers in Laravel. Publish the config file:

```
php artisan vendor:publish --tag=sso-config
```

Add to your `.env`:

```
SSO_HUB_URL=https://console.example.com
SSO_APP_KEY=your-app-key
SSO_APP_SECRET=your-app-secret
SSO_CALLBACK_URL=/sso/callback
SSO_VERIFY_SSL=true
```

### Other PHP Frameworks

[](#other-php-frameworks)

```
use Finmetrik\ConsoleSso\SsoClient;

$sso = new SsoClient([
    'hub_url' => 'https://console.example.com',
    'app_key' => 'your-app-key',
    'app_secret' => 'your-app-secret',
    'verify_ssl' => true,
]);
```

Quick Start (Recommended Flow)
------------------------------

[](#quick-start-recommended-flow)

The recommended flow is to redirect users to Console's `/sso/authorize` endpoint, which handles the login UI and redirects back with a token.

### 1. Redirect to Console SSO

[](#1-redirect-to-console-sso)

```
// In your controller
public function redirectToSso()
{
    $hubUrl = config('sso.hub_url');
    $appKey = config('sso.app_key');
    $callbackUrl = urlencode(route('sso.callback'));

    // Redirect to Console's authorization endpoint
    return redirect("{$hubUrl}/sso/authorize?app_key={$appKey}&redirect_uri={$callbackUrl}");
}
```

### 2. Handle Callback

[](#2-handle-callback)

```
use Finmetrik\ConsoleSso\Laravel\Facades\Sso;
use Finmetrik\ConsoleSso\Exceptions\TokenExpiredException;
use Finmetrik\ConsoleSso\Exceptions\CompanyNotSubscribedException;

public function callback(Request $request)
{
    // Check for errors from Console
    if ($request->has('error')) {
        return redirect('/login')->withErrors([
            'sso' => $request->error_description ?? 'Authentication failed'
        ]);
    }

    $token = $request->query('token');

    if (!$token) {
        return redirect('/login')->withErrors(['sso' => 'No token received']);
    }

    try {
        // Verify token - only sends the token, Console returns user data
        $result = Sso::verifyToken($token);

        // $result contains:
        // - user: ['id', 'email', 'name', 'role']
        // - company: ['id', 'uuid', 'name']
        // - session: ['id', 'expires_at']

        // Create or update local user
        $user = User::updateOrCreate(
            ['email' => $result['user']['email']],
            ['name' => $result['user']['name']]
        );

        Auth::login($user, true);

        // Store SSO session for later validation
        session(['sso_session_id' => $result['session']['id']]);

        return redirect('/dashboard');

    } catch (TokenExpiredException $e) {
        return redirect('/login')->withErrors(['sso' => 'Login link expired']);
    } catch (CompanyNotSubscribedException $e) {
        return redirect('/login')->withErrors(['sso' => 'Access denied']);
    } catch (\Exception $e) {
        Log::error('SSO Error', ['message' => $e->getMessage()]);
        return redirect('/login')->withErrors(['sso' => 'Authentication failed']);
    }
}
```

### 3. Logout

[](#3-logout)

```
public function logout(Request $request)
{
    $sessionId = session('sso_session_id');

    if ($sessionId) {
        try {
            Sso::destroySession($sessionId);
        } catch (\Exception $e) {
            // Log but don't fail
            Log::warning('SSO session destroy failed', ['error' => $e->getMessage()]);
        }
    }

    Auth::logout();
    $request->session()->invalidate();
    $request->session()->regenerateToken();

    return redirect('/login');
}
```

SSO Flow Diagram
----------------

[](#sso-flow-diagram)

```
┌─────────────────┐                  ┌─────────────────┐
│   Your App      │                  │    Console      │
│  (Client App)   │                  │   (SSO Hub)     │
└────────┬────────┘                  └────────┬────────┘
         │                                    │
         │  1. User clicks "Login with SSO"  │
         │                                    │
         │  2. Redirect to Console:           │
         │     /sso/authorize?                │
         │       app_key=xxx&                 │
         │       redirect_uri=xxx             │
         │ ─────────────────────────────────> │
         │                                    │
         │                    3. User logs in │
         │                       (if needed)  │
         │                                    │
         │  4. Redirect back with token:      │
         │     /sso/callback?token=abc123     │
         │  │
         │                                    │
         │  6. Return user data + session     │
         │  \Finmetrik\ConsoleSso\Laravel\Middleware\ValidateSsoSession::class,
];

// bootstrap/app.php (Laravel 11+)
->withMiddleware(function (Middleware $middleware) {
    $middleware->alias([
        'sso.session' => \Finmetrik\ConsoleSso\Laravel\Middleware\ValidateSsoSession::class,
    ]);
})
```

Apply to routes:

```
Route::middleware(['auth', 'sso.session'])->group(function () {
    Route::get('/dashboard', [DashboardController::class, 'index']);
});
```

### Manual Validation

[](#manual-validation)

```
try {
    $session = Sso::validateSession($sessionId);
    // Session is valid
} catch (SessionExpiredException $e) {
    Auth::logout();
    return redirect('/login');
}
```

API Reference
-------------

[](#api-reference)

### SsoClient Methods

[](#ssoclient-methods)

MethodDescription`bootstrap()`Fetch app configuration from SSO Hub`verifyToken(string $token)`Verify SSO token and get user data`validateSession(string $sessionId)`Check if session is valid`refreshSession(string $sessionId)`Extend session expiry`destroySession(string $sessionId)`Logout / destroy session`isConfigured()`Check if client is configured`getAppInfo()`Get app information### Exceptions

[](#exceptions)

ExceptionWhen Thrown`ConfigurationException`Missing or invalid configuration`ApiException`API request failed`TokenExpiredException`SSO token has expired`TokenUsedException`Token already consumed`SessionExpiredException`Session has expired`CompanyNotSubscribedException`Company not subscribed to app`UserNotFoundException`User not found in companyError Handling
--------------

[](#error-handling)

```
use Finmetrik\ConsoleSso\Exceptions\{
    TokenExpiredException,
    TokenUsedException,
    SessionExpiredException,
    CompanyNotSubscribedException,
    UserNotFoundException,
    ApiException
};

try {
    $result = Sso::verifyToken($token);
} catch (TokenExpiredException $e) {
    // Token expired (5 min validity), redirect to login
} catch (TokenUsedException $e) {
    // Token already used, possible replay attack
} catch (CompanyNotSubscribedException $e) {
    // Company doesn't have access to this app
} catch (UserNotFoundException $e) {
    // User not found in company
} catch (ApiException $e) {
    // General API error
    Log::error('SSO Error: ' . $e->getMessage());
}
```

Debugging
---------

[](#debugging)

Enable debug mode by passing a PSR-3 logger:

```
use Monolog\Logger;
use Monolog\Handler\StreamHandler;

$logger = new Logger('sso');
$logger->pushHandler(new StreamHandler('path/to/sso.log', Logger::DEBUG));

$sso = new SsoClient([
    'hub_url' => '...',
    'app_key' => '...',
    'app_secret' => '...',
    'logger' => $logger,
]);
```

Security
--------

[](#security)

- Never expose `app_secret` in client-side code
- Always use HTTPS in production
- Store session IDs server-side only
- Implement CSRF protection on callback endpoints
- Validate the `state` parameter if using one

Changelog
---------

[](#changelog)

### v1.0.1

[](#v101)

- Fixed token verification to only require token parameter
- Console now returns user data from token record
- Updated documentation with correct flow

### v1.0.0

[](#v100)

- Initial release

License
-------

[](#license)

MIT License. See [LICENSE](LICENSE) for details.

Support
-------

[](#support)

- Documentation: See `docs/plan/` in Console repository
- Issues: Contact your Console administrator

###  Health Score

35

—

LowBetter than 77% of packages

Maintenance65

Regular maintenance activity

Popularity15

Limited adoption so far

Community6

Small or concentrated contributor base

Maturity45

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~0 days

Total

2

Last Release

211d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/f9e3024a9d68711f3e7b4ed846c1a8af9aaee9eb6fec870dfab1f4c8300d5c7c?d=identicon)[finmetrik](/maintainers/finmetrik)

---

Top Contributors

[![orfinex](https://avatars.githubusercontent.com/u/108072923?v=4)](https://github.com/orfinex "orfinex (2 commits)")

---

Tags

consoleAuthenticationSSOsingle sign onfinmetrik

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/finmetrik-console-sso-sdk/health.svg)

```
[![Health](https://phpackages.com/badges/finmetrik-console-sso-sdk/health.svg)](https://phpackages.com/packages/finmetrik-console-sso-sdk)
```

###  Alternatives

[laravel/framework

The Laravel Framework.

34.8k543.8M20.1k](/packages/laravel-framework)[google/auth

Google Auth Library for PHP

1.4k294.2M219](/packages/google-auth)[tempest/framework

The PHP framework that gets out of your way.

2.2k34.4k15](/packages/tempest-framework)[drupal/core

Drupal is an open source content management platform powering millions of websites and applications.

21866.0M1.7k](/packages/drupal-core)[drupal/core-recommended

Locked core dependencies; require this project INSTEAD OF drupal/core.

6942.5M420](/packages/drupal-core-recommended)[civicrm/civicrm-core

Open source constituent relationship management for non-profits, NGOs and advocacy organizations.

751291.4k43](/packages/civicrm-civicrm-core)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
