PHPackages                             mi-lopez/laravel-sso - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. mi-lopez/laravel-sso

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

mi-lopez/laravel-sso
====================

Simple PHP SSO integration for Laravel

v11.0.0(2mo ago)621.1k↓93.3%19[1 issues](https://github.com/mi-lopez/laravel-sso/issues)MITPHPPHP ^8.2CI passing

Since Oct 1Pushed 2mo ago1 watchersCompare

[ Source](https://github.com/mi-lopez/laravel-sso)[ Packagist](https://packagist.org/packages/mi-lopez/laravel-sso)[ Docs](https://github.com/mi-lopez/laravel-sso)[ RSS](/packages/mi-lopez-laravel-sso/feed)WikiDiscussions master Synced today

READMEChangelog (1)Dependencies (7)Versions (4)Used By (0)

Laravel SSO
===========

[](#laravel-sso)

[![Tests](https://github.com/mi-lopez/laravel-sso/actions/workflows/tests.yml/badge.svg)](https://github.com/mi-lopez/laravel-sso/actions/workflows/tests.yml)[![Lint](https://github.com/mi-lopez/laravel-sso/actions/workflows/lint.yml/badge.svg)](https://github.com/mi-lopez/laravel-sso/actions/workflows/lint.yml)[![Latest Version on Packagist](https://camo.githubusercontent.com/99ce20ea0c7f7ba049c55e378cf82abd1e38a659f304d36f44182c547987bab3/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6d692d6c6f70657a2f6c61726176656c2d73736f2e737667)](https://packagist.org/packages/mi-lopez/laravel-sso)[![Total Downloads](https://camo.githubusercontent.com/c97d58811ab6eba12640ef38b70cea6b5afed19e625ea6d8aaaf19ebbc8f0852/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f6d692d6c6f70657a2f6c61726176656c2d73736f2e737667)](https://packagist.org/packages/mi-lopez/laravel-sso)[![License](https://camo.githubusercontent.com/7fcced346b25de38a2b0f2f914250aca3c4375805610a2e4172bf19b5e42c92d/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f6c2f6d692d6c6f70657a2f6c61726176656c2d73736f2e737667)](LICENSE.md)

Single Sign-On (SSO) integration for Laravel. One central server authenticates users; multiple broker apps share that login session. Based on [zefy/php-simple-sso](https://github.com/zefy/php-simple-sso).

Version Compatibility
---------------------

[](#version-compatibility)

PackageLaravelPHPBranch8.x8.x7.4+[8.x](https://github.com/mi-lopez/laravel-sso/tree/8.x)11.x11.x8.2+[11.x](https://github.com/mi-lopez/laravel-sso/tree/11.x)Concepts
--------

[](#concepts)

- **Server** — the central authentication app. Stores credentials and issues sessions.
- **Broker** — a downstream app that delegates login to the server.
- **Token** — a per-broker, per-user value stored in a cookie that links the broker to a server session.

How it works
------------

[](#how-it-works)

1. A user visits a broker. The broker generates a random token and asks the server to attach it to the user's server session.
2. When the user submits credentials, the broker forwards them to the server. On success, the server marks the linked session as authenticated.
3. The broker (and any other broker) can now ask the server "who is logged in?" using its token, and the server returns the user — without re-prompting for credentials.

Installation
------------

[](#installation)

```
composer require mi-lopez/laravel-sso
```

Publish the config:

```
php artisan vendor:publish --provider="Zefy\LaravelSSO\SSOServiceProvider"
```

This creates `config/laravel-sso.php`. Set `type` to either `server` or `broker` depending on the role of the application.

---

Server Setup
------------

[](#server-setup)

### 1. Mark the app as the server

[](#1-mark-the-app-as-the-server)

In `config/laravel-sso.php`:

```
'type' => 'server',
```

### 2. Run the migrations

[](#2-run-the-migrations)

The package ships with two migrations (`brokers` and `broker_user`). Run them:

```
php artisan migrate
```

### 3. Enable sessions on the SSO API routes

[](#3-enable-sessions-on-the-sso-api-routes)

The server endpoints (`/api/sso/*`) need access to sessions. In `bootstrap/app.php`:

```
->withMiddleware(function (Middleware $middleware) {
    $middleware->api(prepend: [
        \Illuminate\Session\Middleware\StartSession::class,
    ]);
})
```

### 4. Register a broker

[](#4-register-a-broker)

For each broker app you plan to run, generate a name and secret:

```
php artisan sso:broker:create my-broker
```

The command prints the secret. Copy it — the broker app needs it.

### 5. (Optional) Customize fields returned to brokers

[](#5-optional-customize-fields-returned-to-brokers)

`config/laravel-sso.php` lets you choose which user attributes are sent back. Defaults to `id` only:

```
'userFields' => [
    'id'    => 'id',
    'email' => 'email',
    'name'  => 'name',
],
```

---

Broker Setup
------------

[](#broker-setup)

### 1. Mark the app as a broker

[](#1-mark-the-app-as-a-broker)

In `config/laravel-sso.php`:

```
'type' => 'broker',
```

### 2. Configure the connection to the server

[](#2-configure-the-connection-to-the-server)

In `.env`:

```
SSO_SERVER_URL=https://sso.example.com
SSO_BROKER_NAME=my-broker
SSO_BROKER_SECRET=
```

### 3. Register the auto-login middleware

[](#3-register-the-auto-login-middleware)

`SSOAutoLogin` must run **before** the `auth` middleware so it can log the user in transparently. Use `prependToPriorityList` in `bootstrap/app.php`:

```
->withMiddleware(function (Middleware $middleware) {
    $middleware->prependToPriorityList(
        before: \Illuminate\Contracts\Auth\Middleware\AuthenticatesRequests::class,
        prepend: \Zefy\LaravelSSO\Middleware\SSOAutoLogin::class,
    );
})
```

Then attach the middleware to your protected routes (typically alongside `auth`):

```
use Zefy\LaravelSSO\Middleware\SSOAutoLogin;

Route::middleware([SSOAutoLogin::class, 'auth'])->group(function () {
    Route::get('/dashboard', fn () => view('dashboard'))->name('dashboard');
    // ...
});
```

> **Why a priority entry?** Laravel's default priority list places `Authenticate` near the end, which means `auth` would otherwise short-circuit a guest with a redirect to `/login` before `SSOAutoLogin` gets a chance to log them in via SSO. Pinning `SSOAutoLogin` before `AuthenticatesRequests` (the contract `auth` implements) fixes the order without copying the whole priority list.

### 4. Forward login and logout to the SSO server

[](#4-forward-login-and-logout-to-the-sso-server)

You need to override the login form controller so credentials go through the broker. With **Laravel Breeze**, replace `app/Http/Controllers/Auth/AuthenticatedSessionController.php` with:

```
