PHPackages jostkleigrewe/lib-php-eurip-sso - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. jostkleigrewe/lib-php-eurip-sso ActiveSymfony-bundle[Authentication & Authorization](/categories/authentication) jostkleigrewe/lib-php-eurip-sso =============================== OIDC Client Library and Symfony Bundle for EURIP SSO v0.3.2(4mo ago)0103MITPHPPHP >=8.4 Since Jan 31Pushed 3mo agoCompare [ Source](https://github.com/jostkleigrewe/lib-php-eurip-sso)[ Packagist](https://packagist.org/packages/jostkleigrewe/lib-php-eurip-sso)[ RSS](/packages/jostkleigrewe-lib-php-eurip-sso/feed)WikiDiscussions master Synced 3w ago READMEChangelog (1)Dependencies (16)Versions (6)Used By (0) EURIP SSO Bundle ================ [](#eurip-sso-bundle) OIDC Client Library and Symfony Bundle for Single Sign-On. 🇩🇪 [Deutsche Version](README.de.md) Features -------- [](#features) - **Zero-Code Integration** - Complete OIDC auth via configuration only - OIDC Authorization Code Flow with PKCE (S256) - **Device Authorization Grant (RFC 8628)** - For CLI, Smart TV, IoT - **Client Credentials Flow** - Machine-to-machine authentication - **Token Introspection (RFC 7662)** - Validate and inspect tokens - **Session Management** - Detect SSO session changes in real-time - Auto-Discovery via `.well-known/openid-configuration` - Dual-URL Support for Docker/Kubernetes environments - Automatic User Provisioning with Doctrine - JWT Signature Verification with key rotation resilience - Extensive Event System (9 events) - Twig Functions for templates - PSR-3 Logging, PSR-18 HTTP Client Requirements ------------ [](#requirements) - PHP 8.4+ - Symfony 7.0+ or 8.0+ Installation ------------ [](#installation) ``` composer require jostkleigrewe/lib-php-eurip-sso ``` ``` // config/bundles.php Jostkleigrewe\Sso\Bundle\EuripSsoBundle::class => ['all' => true], ``` Quick Start ----------- [](#quick-start) ### 1. Configure Bundle [](#1-configure-bundle) ``` # config/packages/eurip_sso.yaml eurip_sso: issuer: '%env(SSO_ISSUER_URL)%' client_id: '%env(OIDC_CLIENT_ID)%' redirect_uri: '%env(APP_URL)%/auth/callback' user_provider: enabled: true entity: App\Entity\User mapping: subject: oidcSubject issuer: oidcIssuer ``` ### 2. Configure Security [](#2-configure-security) ``` # config/packages/security.yaml security: providers: app_user_provider: id: Jostkleigrewe\Sso\Bundle\Security\DoctrineOidcUserProvider firewalls: main: lazy: true provider: app_user_provider custom_authenticators: - Jostkleigrewe\Sso\Bundle\Security\OidcAuthenticator ``` **Done!** Routes available: - `/auth/login` - Start login - `/auth/callback` - SSO callback - `/auth/logout` - Logout (POST with CSRF) - `/auth/profile` - User profile Twig Functions -------------- [](#twig-functions) Use SSO data directly in your templates: ``` {% if sso_is_authenticated() %} Hello {{ sso_name() ?? sso_email() }}! {% if sso_has_role('ROLE_ADMIN') %} Admin Panel {% endif %} {% if sso_has_permission('users:edit') %} Manage Users {% endif %} {% endif %} ``` ### Available Functions [](#available-functions) FunctionDescription`sso_is_authenticated()`Check if user is logged in`sso_email()`User's email address`sso_name()`User's display name`sso_user_id()`User's subject (sub claim)`sso_has_role('ROLE_X')`Check role (global or client)`sso_has_permission('x:y')`Check permission`sso_has_group('group')`Check group membership`sso_claim('key', 'default')`Get any claim value`sso_supports_session_management()`Check if IdP supports session management`sso_session_management_config(5000)`Get config for session polling### Logout Component [](#logout-component) Secure logout with CSRF protection (requires `symfony/ux-twig-component`): ``` {# Simple button #} {# Styled button #} {# As link #} {# With confirmation #} ``` ### Session Monitor [](#session-monitor) Detect SSO session changes (logout from other app): ``` {% if sso_supports_session_management() %} {% include '@EuripSso/components/SessionMonitor.html.twig' %} {% endif %} ``` Console Commands ---------------- [](#console-commands) ``` bin/console eurip:sso:cache-warmup # Pre-fetch OIDC config + JWKS bin/console eurip:sso:test-connection # Test OIDC provider connection bin/console eurip:sso:device-login # CLI login via Device Code Flow bin/console eurip:sso:client-credentials # Get M2M token (Client Credentials) bin/console eurip:sso:introspect # Validate and inspect a token ``` Device Code Flow (RFC 8628) --------------------------- [](#device-code-flow-rfc-8628) For CLI tools, Smart TVs, or IoT devices without a browser: ### CLI Usage [](#cli-usage) ``` # Interactive login bin/console eurip:sso:device-login # With custom scopes bin/console eurip:sso:device-login --scopes="openid,profile,roles" # Output access token for piping ACCESS_TOKEN=$(bin/console eurip:sso:device-login --output-token) # Full JSON response bin/console eurip:sso:device-login --output-json ``` ### Programmatic Usage [](#programmatic-usage) ``` use Jostkleigrewe\Sso\Client\OidcClient; // 1. Request device code $deviceCode = $oidcClient->requestDeviceCode(['openid', 'profile']); // 2. Show instructions to user echo "Open: {$deviceCode->verificationUri}\n"; echo "Enter code: {$deviceCode->getFormattedUserCode()}\n"; // 3. Poll for token (blocking) $tokenResponse = $oidcClient->awaitDeviceToken($deviceCode); ``` Client Credentials Flow (M2M) ----------------------------- [](#client-credentials-flow-m2m) For server-to-server authentication without user interaction: ``` # Get access token bin/console eurip:sso:client-credentials # With specific scopes bin/console eurip:sso:client-credentials --scopes="api:read,api:write" # Output token only (for scripts) TOKEN=$(bin/console eurip:sso:client-credentials --output-token) ``` ``` // Programmatic usage $tokenResponse = $oidcClient->requestClientCredentials(['api:read']); $accessToken = $tokenResponse->accessToken; ``` Token Introspection (RFC 7662) ------------------------------ [](#token-introspection-rfc-7662) Validate and inspect tokens: ``` bin/console eurip:sso:introspect "eyJhbG..." bin/console eurip:sso:introspect "eyJhbG..." --output-json ``` ``` // Programmatic usage $introspection = $oidcClient->introspectToken($accessToken); if ($introspection->active) { echo "Token valid until: " . $introspection->exp; echo "Subject: " . $introspection->sub; } ``` Events ------ [](#events) Customize the authentication flow with events: EventWhen`OidcPreLoginEvent`Before redirect to IdP`OidcLoginSuccessEvent`After successful login`OidcLoginFailureEvent`After failed login`OidcPreLogoutEvent`Before logout`OidcUserCreatedEvent`New user provisioned`OidcUserUpdatedEvent`Existing user updated`OidcTokenRefreshedEvent`Token refreshed`OidcBackchannelLogoutEvent`Back-channel logout received`OidcFrontchannelLogoutEvent`Front-channel logout received``` use Jostkleigrewe\Sso\Bundle\Event\OidcLoginSuccessEvent; #[AsEventListener] public function onLoginSuccess(OidcLoginSuccessEvent $event): void { $user = $event->user; $claims = $event->claims; // Custom logic after login } ``` Docker/Kubernetes ----------------- [](#dockerkubernetes) ``` eurip_sso: issuer: 'http://sso-container:8080' # Internal URL public_issuer: 'https://sso.example.com' # Public URL require_https: false # Only for local dev! ``` Documentation ------------- [](#documentation) DocumentDescription[Installation Guide](docs/INSTALL.md)Detailed setup instructions[Configuration](docs/CONFIGURATION.md)Full configuration reference[Services](docs/SERVICES.md)Authorization & claims services[Events](docs/EVENTS.md)Customize authentication flow[Flow Diagrams](docs/FLOW-DIAGRAMS.md)Visual sequence diagrams for all flows[Device Code Flow](docs/DEVICE-CODE-FLOW.md)RFC 8628 for CLI, Smart TV, IoT[M2M Authentication](docs/M2M-AUTHENTICATION.md)Client Credentials & Token Introspection[Session Management](docs/SESSION-MANAGEMENT.md)Detect SSO session changes[Standalone](docs/STANDALONE.md)Use without Symfony Bundle[Security](docs/SECURITY.md)HTTPS, JWT verification, PKCE[Troubleshooting](docs/TROUBLESHOOTING.md)Common issues and solutions[Upgrade Guide](UPGRADE.md)Breaking changes between versionsLicense ------- [](#license) MIT License ### Health Score 37 — LowBetter than 81% of packages Maintenance79 Regular maintenance activity Popularity10 Limited adoption so far Community6 Small or concentrated contributor base Maturity46 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~4 days Total 5 Last Release 129d ago PHP version history (2 changes)v0.1.0PHP >=8.2 v0.3.0PHP >=8.4 ### Community Maintainers ![](https://avatars.githubusercontent.com/u/5504283?v=4)[Sven Jostkleigrewe](/maintainers/jostkleigrewe)[@jostkleigrewe](https://github.com/jostkleigrewe) --- Top Contributors [![jostkleigrewe](https://avatars.githubusercontent.com/u/5504283?v=4)](https://github.com/jostkleigrewe "jostkleigrewe (13 commits)") --- Tags symfonyAuthenticationSSOoauth2oidc ### Code Quality TestsPHPUnit Static AnalysisPHPStan Code StyleECS Type Coverage Yes ### Embed Badge ![Health badge](/badges/jostkleigrewe-lib-php-eurip-sso/health.svg) ``` [![Health](https://phpackages.com/badges/jostkleigrewe-lib-php-eurip-sso/health.svg)](https://phpackages.com/packages/jostkleigrewe-lib-php-eurip-sso) ``` ### Alternatives [tempest/framework The PHP framework that gets out of your way. 2.2k31.1k12](/packages/tempest-framework)[cakephp/cakephp The CakePHP framework 8.8k19.1M1.7k](/packages/cakephp-cakephp)[google/auth Google Auth Library for PHP 1.4k286.7M205](/packages/google-auth)[drupal/core-recommended Locked core dependencies; require this project INSTEAD OF drupal/core. 6941.5M396](/packages/drupal-core-recommended)[flow-php/flow PHP ETL - Extract Transform Load - Data processing framework 84735.1k](/packages/flow-php-flow)[shopware/core Shopware platform is the core for all Shopware ecommerce products. 585.4M519](/packages/shopware-core) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)