PHPackages jeremy379/laravel-openid-connect - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. jeremy379/laravel-openid-connect ActiveLibrary[Authentication & Authorization](/categories/authentication) jeremy379/laravel-openid-connect ================================ OpenID Connect support to the PHP League's OAuth2 Server. Compatible with Laravel Passport. 3.2.1(1mo ago)55342.3k—7.1%25[1 issues](https://github.com/jeremy379/laravel-openid-connect/issues)1MITBladePHP >=8.2CI passing Since Mar 23Pushed 1mo ago4 watchersCompare [ Source](https://github.com/jeremy379/laravel-openid-connect)[ Packagist](https://packagist.org/packages/jeremy379/laravel-openid-connect)[ Docs](https://github.com/jeremy379/laravel-openid-connect)[ RSS](/packages/jeremy379-laravel-openid-connect/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (10)Dependencies (26)Versions (37)Used By (1) [![PHP 8.2](https://github.com/jeremy379/laravel-openid-connect/actions/workflows/php82.yml/badge.svg)](https://github.com/jeremy379/laravel-openid-connect/actions/workflows/php82.yml) OpenID Connect for Laravel ========================== [](#openid-connect-for-laravel) OpenID Connect support for [Laravel Passport](https://laravel.com/docs/10.x/passport) to the PHP League's OAuth2 Server. This was starter over the work of [ronvanderheijden/openid-connect](https://github.com/ronvanderheijden/openid-connect). Older version than laravel 12 ? ------------------------------- [](#older-version-than-laravel-12-) Use tag 2.7.0 Requirements ------------ [](#requirements) - Requires PHP version `^8.2`. - [lcobucci/jwt](https://github.com/lcobucci/jwt) version `^4.0`. - [league/oauth2-server](https://github.com/thephpleague/oauth2-server) `^8.2`. - Laravel 12 - Laravel Passport installed and configured Installation ------------ [](#installation) ``` composer require jeremy379/laravel-openid-connect ``` Now when calling the `oauth/authorize` endpoint, provide the `openid` scope to get an `id_token`. Provide more scopes (e.g. `openid profile email`) to receive additional claims in the `id_token`. The id\_token will be returned after the call to the `oauth/token` endpoint. Configuration ------------- [](#configuration) ### Add the scope in your AuthServiceProvider in boot() method [](#add-the-scope-in-your-authserviceprovider-in-boot-method) If you do not have a `AuthServiceProvider`, create one in `app/Providers` and link it in `bootstrap/providers.php` ``` public function boot(): void { Passport::tokensCan(config('openid.passport.tokens_can')); } ``` You may want to combine existing scope and oauth implementation with the open ID connect. ``` $scopes = array_merge($yourScopes, config('openid.passport.tokens_can')); Passport::tokensCan($scopes); ``` ### Register the authorization view [](#register-the-authorization-view) Laravel passport v13+ does not automatically register the authorization view resulting in an `BindingResolutionException` when you access the /oauth/authorize endpoint, we need to tell passport which view to use You have multiple options to link your views: - You can add it to your `AuthServiceProvider` ``` public function boot(): void { Passport::authorizationView('auth.oauth.authorize'); } ``` - Or you can add into your 'AppServiceProvider' ``` public function register(): void { //... $this->app->bind(AuthorizationViewResponse::class, fn() => new SimpleViewResponse('auth.approve')); } ``` An example of views can be found in the [view-example/views](https://github.com/jeremy379/laravel-openid-connect/tree/main/src) ### Register package passport provider [](#register-package-passport-provider) In `boostrap/providers.php`, add `\OpenIDConnect\Laravel\PassportServiceProvider::class` Alternatively, you can register in in your `AppServiceProvider.php` ``` public function register(): void { //... $this->app->register(\OpenIDConnect\Laravel\PassportServiceProvider::class); } ``` And disable auto discovery of Laravel provider in composer json. This will ensure only our provider is used. ``` "extra": { "laravel": { "dont-discover": [ "laravel/passport" ] } }, ``` Then run `php artisan package:discover` ### OpenID need to be linked to a user/identity entity, create that entity [](#openid-need-to-be-linked-to-a-useridentity-entity-create-that-entity) Create an entity class in `app/Entities/` named `IdentityEntity` or `UserEntity`. This entity is used to collect the claims. You can customize the entity setup by using another IdentityRepository, this is customizable in the config file. ``` # app/Entities/IdentityEntity.php namespace App\Entities; use League\OAuth2\Server\Entities\Traits\EntityTrait; use OpenIDConnect\Claims\Traits\WithClaims; use OpenIDConnect\Entities\Traits\WithCustomPermittedFor; use OpenIDConnect\Interfaces\IdentityEntityInterface; class IdentityEntity implements IdentityEntityInterface { use EntityTrait; use WithClaims; use WithCustomPermittedFor; /** * The user to collect the additional information for */ protected User $user; /** * Custom audiences * explanation: https://openid.net/specs/openid-connect-core-1_0.html#IDToken * When building id token, client id is merged with getPermittedFor() */ public function __construct() { $this->setPermittedFor([ 'https://api.example.com/v1/resource', 'custom aud 2' ]); } /** * The identity repository creates this entity and provides the user id * @param mixed $identifier */ public function setIdentifier($identifier): void { $this->identifier = $identifier; $this->user = User::findOrFail($identifier); } /** * When building the id_token, this entity's claims are collected */ public function getClaims(): array { return [ 'email' => $this->user->email, ]; } } ``` ### The id token is a JWT and the client should verify the signature. [](#the-id-token-is-a-jwt-and-the-client-should-verify-the-signature) Here is an example to verify the signature with lcobucci/jwt ``` $config = Configuration::forSymmetricSigner( new \Lcobucci\JWT\Signer\Rsa\Sha256(), InMemory::file(base_path('oauth-public.key')) //This is the public key generate by passport. You need to share it. ); //Parse the token $token = $config->parser()->parse($idtoken); $signatureValid = $config->validator()->validate($token, new \Lcobucci\JWT\Validation\Constraint\SignedWith($config->signer(), $config->signingKey())); ``` ### Publishing the config [](#publishing-the-config) In case you want to change the default scopes, add custom claim sets or change the repositories, you can publish the openid config using: ``` php artisan vendor:publish --tag=openid ``` ### Using nonce [](#using-nonce) When `nonce` is required, you need to pass it as a query parameter to `passport.authorizations.approve` during authorization step. Example based on default Passport's `authorize.blade.php`: ``` ``` ### Optional Configuration [](#optional-configuration) You can add any JWT Token Headers that you want to the `token_headers` array in your `openid` configuration file. This can be useful to define things like the [`kid`(Key ID)](https://datatracker.ietf.org/doc/html/rfc7517#section-4.5). The `kid` can be any string as long as it can uniquely identify the key you want to use in your [JWKS](https://datatracker.ietf.org/doc/html/rfc7517#section-5). This can be useful when changing or rolling keys. Example: ``` 'token_headers' => ['kid' => base64_encode('public-key-added-2023-01-01')] ``` Additionally, you can configure the JWKS url and some settings for discovery in the config file. *Note: If you define a `kid` header, it will be added to the JWK returned at the jwks\_url (if `jwks` is enabled in the configuration).* ### UserInfo endpoint [](#userinfo-endpoint) The package provides an optional `GET /oauth/userinfo` endpoint as defined by [OpenID Connect Core §5.3](https://openid.net/specs/openid-connect-core-1_0.html#UserInfo). It is **disabled by default** and can be enabled in your published config: ``` 'routes' => [ // ... 'userinfo' => true, ], ``` Once enabled: - The endpoint requires a valid Bearer access token (protected by Passport's `auth:api` guard). - It returns the claims from your `IdentityEntity::getClaims()` filtered to the scopes granted on the token. - The `sub` claim (the user's identifier) is always included. Example response for a token with the `openid email` scopes: ``` { "sub": "42", "email": "jon.snow@dorne.com" } ``` When enabled, the `userinfo_endpoint` field is automatically included in the OpenID Connect Discovery document (`/.well-known/openid-configuration`). Support ------- [](#support) You can fill an issue in the github section dedicated for that. I'll try to maintain this fork. Are you actively using this package and wanna help too? Reach out to me, I'm looking for help to maintain this package. License ------- [](#license) OpenID Connect is open source and licensed under [the MIT licence](https://github.com/ronvanderheijden/openid-connect/blob/master/LICENSE.txt). ### Health Score 63 — FairBetter than 99% of packages Maintenance89 Actively maintained with recent releases Popularity51 Moderate usage in the ecosystem Community29 Small or concentrated contributor base Maturity69 Established project with proven stability Bus Factor2 2 contributors hold 50%+ of commits How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~36 days Recently: every ~48 days Total 31 Last Release 54d ago Major Versions 2.7.0 → 3.0.02025-05-20 PHP version history (3 changes)2.0.0PHP ^8.2 2.3.2PHP ^8.1 3.0.1PHP >=8.2 ### Community Maintainers ![](https://www.gravatar.com/avatar/2dd11563c30299f3c61e050728740580a889f0b286cd1c7c28f88acc0bcfc5f9?d=identicon)[jeremy379](/maintainers/jeremy379) --- Top Contributors [![jeremy379](https://avatars.githubusercontent.com/u/5048337?v=4)](https://github.com/jeremy379 "jeremy379 (66 commits)")[![alecpl](https://avatars.githubusercontent.com/u/546788?v=4)](https://github.com/alecpl "alecpl (15 commits)")[![christiaangoossens](https://avatars.githubusercontent.com/u/9487666?v=4)](https://github.com/christiaangoossens "christiaangoossens (15 commits)")[![coffe4u](https://avatars.githubusercontent.com/u/2783407?v=4)](https://github.com/coffe4u "coffe4u (9 commits)")[![ronvanderheijden](https://avatars.githubusercontent.com/u/4101322?v=4)](https://github.com/ronvanderheijden "ronvanderheijden (8 commits)")[![GewoonYorick](https://avatars.githubusercontent.com/u/29105935?v=4)](https://github.com/GewoonYorick "GewoonYorick (3 commits)")[![GonzaloVivas](https://avatars.githubusercontent.com/u/26310849?v=4)](https://github.com/GonzaloVivas "GonzaloVivas (3 commits)")[![yohanesgultom](https://avatars.githubusercontent.com/u/1680876?v=4)](https://github.com/yohanesgultom "yohanesgultom (2 commits)")[![s4muel](https://avatars.githubusercontent.com/u/430949?v=4)](https://github.com/s4muel "s4muel (2 commits)")[![TECHNOFAB11](https://avatars.githubusercontent.com/u/34860318?v=4)](https://github.com/TECHNOFAB11 "TECHNOFAB11 (2 commits)")[![twellck](https://avatars.githubusercontent.com/u/25177907?v=4)](https://github.com/twellck "twellck (2 commits)")[![DellanX](https://avatars.githubusercontent.com/u/31318348?v=4)](https://github.com/DellanX "DellanX (2 commits)")[![elyerr](https://avatars.githubusercontent.com/u/94133542?v=4)](https://github.com/elyerr "elyerr (1 commits)")[![art-boer](https://avatars.githubusercontent.com/u/7722455?v=4)](https://github.com/art-boer "art-boer (1 commits)")[![nicolus](https://avatars.githubusercontent.com/u/3315078?v=4)](https://github.com/nicolus "nicolus (1 commits)")[![georgeboot](https://avatars.githubusercontent.com/u/884482?v=4)](https://github.com/georgeboot "georgeboot (1 commits)")[![ben-power](https://avatars.githubusercontent.com/u/16776374?v=4)](https://github.com/ben-power "ben-power (1 commits)")[![bbredewold](https://avatars.githubusercontent.com/u/2910910?v=4)](https://github.com/bbredewold "bbredewold (1 commits)")[![maicol07](https://avatars.githubusercontent.com/u/9463142?v=4)](https://github.com/maicol07 "maicol07 (1 commits)") --- Tags laraveloauth2passportOpenIdOpenID Connectoidc ### Code Quality TestsPHPUnit Code StyleECS ### Embed Badge ![Health badge](/badges/jeremy379-laravel-openid-connect/health.svg) ``` [![Health](https://phpackages.com/badges/jeremy379-laravel-openid-connect/health.svg)](https://phpackages.com/packages/jeremy379-laravel-openid-connect) ``` ### Alternatives [ronvanderheijden/openid-connect OpenID Connect support to the PHP League's OAuth2 Server. Compatible with Laravel Passport. 61755.5k](/packages/ronvanderheijden-openid-connect)[simplesamlphp/simplesamlphp-module-oidc A SimpleSAMLphp module adding support for the OpenID Connect protocol 5016.9k1](/packages/simplesamlphp-simplesamlphp-module-oidc)[facile-it/php-openid-client OpenID (OIDC) Client 42592.7k7](/packages/facile-it-php-openid-client)[benbjurstrom/passport-custom-jwt-claims Customize JWT claims in Laravel Passport access tokens 341.8k](/packages/benbjurstrom-passport-custom-jwt-claims)[authlete/authlete-laravel Authlete Library for Laravel 4226.0k](/packages/authlete-authlete-laravel)[maicol07/laravel-oidc-client OpenID Connect Client for Laravel 251.1k](/packages/maicol07-laravel-oidc-client) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)