PHPackages                             iprotek/account - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. iprotek/account

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

iprotek/account
===============

Application management and access of iprotek

02021PHP

Since Jun 12Pushed 3w agoCompare

[ Source](https://github.com/iprotek/account)[ Packagist](https://packagist.org/packages/iprotek/account)[ RSS](/packages/iprotek-account/feed)WikiDiscussions main Synced today

READMEChangelogDependenciesVersions (1)Used By (1)

 [ ![](https://camo.githubusercontent.com/850f3a44aa723f70a8371429d7389f0b2d4edf35433f9d403207efafff64d0c1/68747470733a2f2f7777772e6970726f74656b2e6e65742f696d616765732f6c6f676f332e706e67) ](https://www.iprotek.net)

iProtek Account Integration Layer
=================================

[](#iprotek-account-integration-layer)

The `iprotek/account` package acts as the integration and authorization layer between your Laravel application and the external **iProtek Account System** (e.g., `account.iprotek.net`).

It functions similarly to OAuth-style external identity providers (like Google or GitHub Sign-In), allowing your application to securely delegate user authentication and retrieve authorized user profiles and session details.

---

Architecture &amp; Flow
-----------------------

[](#architecture--flow)

The package facilitates a secure handshake flow between the client browser, the local application session, and the iProtek authorization server:

```
+-------------+         Handshake init         +-------------------------+
|             | -----------------------------> |                         |
|             |                                |  iProtek Account Package|
|             |     Redirect / Open Popup      |         (Local)         |
|   Browser   | /             v
|             |                               |    +-------------------------+
|             | = 7.4`
- Laravel `>= 8.0`
- Guzzle HTTP client package

### Step-by-Step Installation

[](#step-by-step-installation)

1. Add the local package repository link in your application's root `composer.json` under `repositories` if not already present: ```
    "repositories": [
        {
            "type": "path",
            "url": "packages/iprotek/account"
        }
    ]
    ```
2. Install the package using Composer: ```
    composer require iprotek/account
    ```
3. The service provider `iProtek\Account\AccountPackageServiceProvider` is automatically registered via Package Discovery.

---

Configuration
-------------

[](#configuration)

The package relies on environment variables mapped to Laravel configuration keys. Configure these in your application's `.env` file:

Environment VariableConfiguration KeyDescription`IPROTEK_ACCOUNT_URL``iprotek_account.url`Central iProtek Account System endpoint (e.g. `https://account.iprotek.net`)`PAY_IPROTEK_TYPE``iprotek_account.app_type`Identification name of your application (e.g. `ERP`, `CLIENT`, `ADMIN`)`IPROTEK_PAY_URL``iprotek.pay_url`Base URL of the billing/payment gateway integration`IPROTEK_PAY_CLIENT_ID``iprotek.pay_client_id`Client ID registered with the payment/auth gateway`IPROTEK_PAY_CLIENT_SECRET``iprotek.pay_client_secret`Client secret registered with the payment/auth gateway`IPROTEK_SYSTEM_ID``iprotek.system_id`Centralized system identifier`IPROTEK_SYSTEM_URL``iprotek.system`Centralized system URL---

Usage Guide
-----------

[](#usage-guide)

### 1. Initiating the Login Handshake (Controller or Blade View)

[](#1-initiating-the-login-handshake-controller-or-blade-view)

When rendering your login page, query the external account service to register the login intent.

```
use iProtek\Account\Helpers\AccountHelper;

// In your login route or controller action:
public function showLoginForm(Request $request)
{
    $response = AccountHelper::submitLoginRequest($request);

    if ($response['status'] === 1 && isset($response['result']['id'])) {
        return view('auth.login', [
            'loginRequestId' => $response['result']['id'],
            'loginRequestCode' => $response['result']['code']
        ]);
    }

    // Handle handshake failure gracefully
    return view('auth.login')->withErrors(['connection' => 'Unable to connect to login provider.']);
}
```

### 2. Rendering Handshake Form &amp; Popup in Frontend

[](#2-rendering-handshake-form--popup-in-frontend)

Embed the handshake parameters in a hidden form and launch the authorization popup when the user clicks the "Login with iProtek" button.

```

    @csrf

Login with iProtek

function openAuthPopup() {
    const popupWidth = 600;
    const popupHeight = 600;
    const left = window.screenX + (window.innerWidth - popupWidth) / 2;
    const top = window.screenY + (window.innerHeight - popupHeight) / 2;

    const url = encodeURIComponent(window.location.origin + window.location.pathname);
    const authUrl = `{{ config('iprotek_account.url') }}/handshake/login-request?login_request_id={{ $loginRequestId }}&requestor_origin_url=${url}`;

    const popup = window.open(authUrl, 'authPopup', `width=${popupWidth},height=${popupHeight},top=${top},left=${left}`);

    // Listen for the authorization message back from the popup window
    window.addEventListener('message', (event) => {
        // Verify code matches our handshake session
        if (event.data.code === '{{ $loginRequestCode }}') {
            document.querySelector('#login-account-auth-code').value = event.data.account_auth_code;
            document.querySelector('#login-request-form').submit();
        }
        if (event.data && event.data.is_close) {
            popup.close();
        }
    });
}

```

### 3. Exchanging Code for Account Profile (Callback Controller)

[](#3-exchanging-code-for-account-profile-callback-controller)

Upon form submission, verify the authorization credentials and retrieve the authenticated account profiles.

```
use iProtek\Account\Helpers\AccountHelper;
use Illuminate\Support\Facades\Auth;

public function handleCallback(Request $request)
{
    $request->validate([
        'login_request_id'        => 'required',
        'login_code'              => 'required',
        'login_account_auth_code' => 'required'
    ]);

    // Exchange handshake code for tokens and profile information
    $response = AccountHelper::verifyLoginRequest(
        $request->login_request_id,
        $request->login_code,
        $request->login_account_auth_code
    );

    if ($response['status'] === 1 && $response['result']['status'] === 1) {
        $profile = $response['result'];

        $userAdmin = $profile['user_admin']; // User details
        $payAccount = $profile['pay_account']; // Credentials/Token info

        // Match user locally and log them in
        $user = \App\Models\User::firstOrCreate(
            ['email' => $userAdmin['email']],
            ['name' => $userAdmin['name']]
        );

        Auth::login($user, true);

        return redirect()->intended('/dashboard');
    }

    return redirect('/login')->withErrors(['email' => 'Authorization failed. Please try again.']);
}
```

---

API Reference
-------------

[](#api-reference)

### `AccountHelper`

[](#accounthelper)

#### `submitLoginRequest(Request $request): array`

[](#submitloginrequestrequest-request-array)

Sends an API call to the account service to register a login handshake intent.

- **Parameters**:
    - `$request` (`Illuminate\Http\Request`): Current HTTP request containing host details.
- **Returns**:
    - `array`: `['status' => 0|1, 'result' => ['id' => '...', 'code' => '...'], 'message' => '...']`

#### `verifyLoginRequest($loginRequestId, $loginCode, $loginAccountAuthCode): array`

[](#verifyloginrequestloginrequestid-logincode-loginaccountauthcode-array)

Exchanges verification codes for user credentials and API access tokens.

- **Parameters**:
    - `$loginRequestId` (`string|int`): Handshake session ID.
    - `$loginCode` (`string`): The transient code for verification.
    - `$loginAccountAuthCode` (`string`): The validation code posted from the auth provider.
- **Returns**:
    - `array`: Structured representation of user profiles and authentication tokens.

---

Error Handling &amp; Resiliency
-------------------------------

[](#error-handling--resiliency)

All API endpoints queried via `AccountHttpHelper` return a standardized array schema:

```
[
    'status'  => 0 | 1,           // 1 for successful call, 0 for failure/connection errors
    'result'  => [...],           // Body response or fallback array
    'message' => '...'            // Verbose error description
]
```

- **Network / API Timeout**: If the server fails to respond, it returns `status => 0` and standard diagnostics message. Pages will load without fatal crashes.
- **Configuration Issues**: If `IPROTEK_ACCOUNT_URL` is missing, API wrappers instantly return an error array stating `Application url not set`.

---

Security Notes
--------------

[](#security-notes)

1. **Token Protection**: Access tokens and refresh tokens returned by `verifyLoginRequest` must be treated as sensitive credentials. Store them securely inside database models or encrypted sessions, never expose them to client scripts.
2. **Strict Handshake Verification**: Ensure the `login_code` validation step inside your JavaScript event listener strictly matches the values generated on load to prevent cross-origin scripting issues.
3. **SSL/TLS**: In production environments, make sure that `IPROTEK_ACCOUNT_URL` and your local application utilize SSL/TLS (`https://`) to protect authorization codes in transit.

---

Best Practices
--------------

[](#best-practices)

- **When to use**: Use this package when integrating multiple sub-applications or modules into the unified iProtek systems platform, enabling single-sign-on (SSO).
- **When not to use**: Do not use this package for purely standalone applications that maintain local credentials and do not require connection to the wider iProtek ecosystem.

###  Health Score

24

—

LowBetter than 31% of packages

Maintenance62

Regular maintenance activity

Popularity12

Limited adoption so far

Community8

Small or concentrated contributor base

Maturity11

Early-stage or recently created project

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

### Community

Maintainers

![](https://www.gravatar.com/avatar/a7cef28748f4664867237187065dc44598f4ea8e8b6fb07bcf26d1544bfb8e99?d=identicon)[iprotek](/maintainers/iprotek)

---

Top Contributors

[![drimcaster](https://avatars.githubusercontent.com/u/37214264?v=4)](https://github.com/drimcaster "drimcaster (14 commits)")

### Embed Badge

![Health badge](/badges/iprotek-account/health.svg)

```
[![Health](https://phpackages.com/badges/iprotek-account/health.svg)](https://phpackages.com/packages/iprotek-account)
```

###  Alternatives

[vitalybaev/laravel5-dkim

Laravel 5/6 package for signing outgoing messages with DKIM.

3163.1k](/packages/vitalybaev-laravel5-dkim)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
