PHPackages                             omnifyjp/omnify-client-laravel-sso - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. omnifyjp/omnify-client-laravel-sso

ActiveComposer-plugin[Authentication &amp; Authorization](/categories/authentication)

omnifyjp/omnify-client-laravel-sso
==================================

SSO Client Package for Laravel - Provides Role, Permission and RolePermission models with Omnify schema-driven development

v2.4.3(5mo ago)0101MITPHPPHP ^8.2

Since Jan 16Pushed 5mo agoCompare

[ Source](https://github.com/omnifyjp/omnify-client-laravel-sso)[ Packagist](https://packagist.org/packages/omnifyjp/omnify-client-laravel-sso)[ Docs](https://github.com/omnifyjp/omnify-client-laravel-sso)[ RSS](/packages/omnifyjp-omnify-client-laravel-sso/feed)WikiDiscussions main Synced today

READMEChangelogDependencies (9)Versions (23)Used By (0)

Omnify SSO Client
=================

[](#omnify-sso-client)

Laravel package for Single Sign-On (SSO) integration with Omnify Console, featuring Role-Based Access Control (RBAC), team permissions, and comprehensive security features.

Features
--------

[](#features)

- **SSO Authentication** - JWT-based authentication with Omnify Console
- **UUID Support** - All models use UUID primary keys (compatible with Console)
- **Role-Based Access Control (RBAC)** - Flexible role and permission management
- **Team Permissions** - Organization-level permission management via Console
- **Minimal Schema Design** - Only stores Console references, data is fetched from Console API
- **Security** - Open redirect protection, input validation, rate limiting ready
- **Logging** - Dedicated log channel for audit trails
- **Multi-language** - i18n support (ja, en, vi)
- **Omnify Schema-Driven** - Auto-generated models with Omnify

Architecture
------------

[](#architecture)

This package integrates with Omnify Console's **ServiceInstance** architecture:

```
Console (SSO Provider)                    Your Service (SSO Client)
┌─────────────────────────────┐          ┌─────────────────────────┐
│ Users (UUID)                │          │ users                   │
│ Organizations (UUID)        │◀────────▶│   console_user_id (UUID)│
│ Teams (UUID)                │          │                         │
│ Branches (UUID)             │          │ teams                   │
│                             │          │   console_team_id (UUID)│
│ Service: "your-service"     │          │   console_org_id (UUID) │
│                             │          │                         │
│ ServiceInstance (per-org):  │          │ branches                │
│   - client_id               │          │   console_branch_id     │
│   - client_secret           │          │   console_org_id (UUID) │
└─────────────────────────────┘          └─────────────────────────┘

```

> **Design Philosophy:** This package only stores Console reference IDs. Full user/team/branch data is fetched from Console API when needed, ensuring data consistency.

Requirements
------------

[](#requirements)

- PHP 8.2+
- Laravel 11.0+ or 12.0+
- MySQL 8.0+ / PostgreSQL 13+ / SQLite 3.35+

Quick Start
-----------

[](#quick-start)

### 1. Install

[](#1-install)

```
composer require omnifyjp/omnify-client-laravel-sso
```

### 2. Configure Environment

[](#2-configure-environment)

```
# Required
SSO_CONSOLE_URL=https://console.omnify.jp
SSO_SERVICE_SLUG=your-service-slug

# Optional
SSO_LOG_CHANNEL=sso
SSO_LOGGING_ENABLED=true
```

### 3. Run Migrations

[](#3-run-migrations)

```
php artisan migrate
```

### 4. Install Command (Optional)

[](#4-install-command-optional)

```
php artisan sso:install
```

Models
------

[](#models)

All models use **UUID** primary keys for compatibility with Console.

ModelDescriptionConsole Reference`User`SSO user with Console integration`console_user_id` (UUID)`Branch`Branch reference from Console`console_branch_id`, `console_org_id` (UUID)`Team`Team reference from Console`console_team_id`, `console_org_id` (UUID)`TeamPermission`Team-level permissions`console_team_id`, `console_org_id` (UUID)`Role`Local role with level hierarchy-`Permission`Local permission-`RolePermission`Role-Permission pivot-### User Model Fields

[](#user-model-fields)

```
// SSO fields only - basic auth fields come from your main User schema
$fillable = [
    'console_user_id',       // UUID - links to Console User
    'console_access_token',  // Encrypted access token
    'console_refresh_token', // Encrypted refresh token
    'console_token_expires_at',
    'role_id',              // UUID - local role assignment
];
```

### Branch/Team Model Fields

[](#branchteam-model-fields)

```
// Only Console references - full data fetched from Console API
$fillable = [
    'console_branch_id',  // UUID - links to Console Branch
    'console_org_id',     // UUID - links to Console Organization
];
```

Omnify Schema Integration
-------------------------

[](#omnify-schema-integration)

This package uses Omnify for schema-driven development. Schemas are designed as `kind: object` with minimal fields:

```
# database/schemas/Sso/User.yaml
kind: object

options:
  timestamps: true
  idType: Uuid

properties:
  console_user_id:
    type: Uuid
    unique: true
    nullable: true

  console_access_token:
    type: Text
    nullable: true

  # ... other SSO fields

  role:
    type: Association
    relation: ManyToOne
    target: Role
```

### Generate Models

[](#generate-models)

```
# In your project
npx omnify generate

# Output: Auto-discovered packages from .omnify-packages.json
```

Usage Examples
--------------

[](#usage-examples)

### Authentication Flow

[](#authentication-flow)

```
// Frontend redirects to Console login
$loginUrl = "https://console.omnify.jp/sso/authorize?" . http_build_query([
    'service' => config('sso-client.service.slug'),
    'redirect_uri' => url('/sso/callback'),
]);

// After login, Console redirects back with code
// POST /api/sso/callback { "code": "authorization_code" }
```

### Check Permissions

[](#check-permissions)

```
$user = auth()->user();

// Check single permission
if ($user->hasPermission('users.create')) {
    // ...
}

// Check any permission
if ($user->hasAnyPermission(['users.create', 'users.update'])) {
    // ...
}

// Via Gate
if (Gate::allows('users.create')) {
    // ...
}

// Via Blade
@can('users.create')
    Create User
@endcan
```

### Protect Routes

[](#protect-routes)

```
Route::middleware(['sso.auth', 'sso.permission:users.create'])->group(function () {
    Route::post('/users', [UserController::class, 'store']);
});

// Role-based protection
Route::middleware(['sso.auth', 'sso.role:admin'])->group(function () {
    Route::resource('/admin/settings', SettingsController::class);
});
```

### Fetch Data from Console

[](#fetch-data-from-console)

```
use Omnify\SsoClient\Services\ConsoleApiService;

$consoleApi = app(ConsoleApiService::class);

// Get user details from Console
$consoleUser = $consoleApi->getUser($user->console_user_id);

// Get organization teams
$teams = $consoleApi->getOrganizationTeams($orgId);

// Get branch details
$branch = $consoleApi->getBranch($branchId);
```

Package Structure
-----------------

[](#package-structure)

```
omnify-client-laravel-sso/
├── config/
│   └── sso-client.php          # Configuration
├── database/
│   ├── factories/              # Model factories
│   ├── migrations/             # Database migrations
│   └── schemas/Sso/            # Omnify schema definitions
│       ├── User.yaml           # SSO fields for User
│       ├── Branch.yaml         # Console branch reference
│       ├── Team.yaml           # Console team reference
│       ├── TeamPermission.yaml # Team permissions
│       ├── Role.yaml           # Local roles
│       ├── Permission.yaml     # Local permissions
│       └── RolePermission.yaml # Role-Permission pivot
├── src/
│   ├── Models/
│   │   ├── OmnifyBase/         # Auto-generated base models (UUID support)
│   │   ├── User.php            # User model
│   │   ├── Branch.php          # Branch model
│   │   ├── Team.php            # Team model
│   │   └── ...
│   ├── Services/
│   │   ├── ConsoleApiService.php    # Console API client
│   │   ├── ConsoleTokenService.php  # Token management
│   │   └── ...
│   └── Http/
│       ├── Controllers/        # API controllers
│       └── Middleware/         # Route middleware
└── tests/                      # Test suite

```

Available Commands
------------------

[](#available-commands)

```
# Install package
php artisan sso:install

# Sync permissions from config
php artisan sso:sync-permissions

# Cleanup orphaned teams
php artisan sso:cleanup-orphan-teams
```

Database Seeders
----------------

[](#database-seeders)

The package includes reusable seeders for roles and permissions:

```
// In your DatabaseSeeder.php
use Omnify\SsoClient\Database\Seeders\SsoRolesSeeder;

$this->call(SsoRolesSeeder::class);
```

This creates:

- **5 roles**: admin, manager, supervisor, member, viewer
- **21 permissions**: service-admin.*, dashboard.*

For app-specific permissions, use the provided traits:

```
use Omnify\SsoClient\Database\Seeders\Concerns\AssignsRoles;
use Omnify\SsoClient\Database\Seeders\Concerns\FetchesConsoleData;

class PermissionSeeder extends Seeder
{
    use FetchesConsoleData, AssignsRoles;

    public function run(): void
    {
        // Fetch org data dynamically from Console
        $orgData = $this->fetchOrgDataFromConsole('your-org-slug');

        // Assign role to user
        $this->assignRoleToUserByEmail('admin@example.com', 'admin', $orgData['org_id']);
    }
}
```

See [Seeders Documentation](docs/seeders.md) for full details.

Documentation
-------------

[](#documentation)

DocumentDescription[Installation](docs/installation.md)Detailed installation guide[Configuration](docs/configuration.md)All configuration options[Authentication](docs/authentication.md)SSO flow and JWT verification[Authorization](docs/authorization.md)RBAC, roles, and permissions[Middleware](docs/middleware.md)Available middleware[API Reference](docs/api.md)Admin API endpoints[**Seeders**](docs/seeders.md)**Roles, permissions, and traits**Testing
-------

[](#testing)

```
./vendor/bin/pest
```

License
-------

[](#license)

MIT License. See [LICENSE](LICENSE) for more information.

Credits
-------

[](#credits)

- [Omnify Team](https://omnify.jp)
- Generated with [Omnify](https://github.com/famgia/omnify)

###  Health Score

39

—

LowBetter than 84% of packages

Maintenance72

Regular maintenance activity

Popularity9

Limited adoption so far

Community6

Small or concentrated contributor base

Maturity57

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~0 days

Total

22

Last Release

156d ago

Major Versions

v1.2.1 → v2.0.22026-01-18

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/26842626?v=4)[Pham Thai Duong](/maintainers/ecsol)[@ecsol](https://github.com/ecsol)

---

Top Contributors

[![ecsol](https://avatars.githubusercontent.com/u/26842626?v=4)](https://github.com/ecsol "ecsol (21 commits)")

---

Tags

laravelAuthenticationSSOauthorizationrolespermissionscomposer-pluginauto-discoveryomnify

###  Code Quality

TestsPest

### Embed Badge

![Health badge](/badges/omnifyjp-omnify-client-laravel-sso/health.svg)

```
[![Health](https://phpackages.com/badges/omnifyjp-omnify-client-laravel-sso/health.svg)](https://phpackages.com/packages/omnifyjp-omnify-client-laravel-sso)
```

###  Alternatives

[spatie/laravel-permission

Permission handling for Laravel 12 and up

12.9k102.4M1.4k](/packages/spatie-laravel-permission)[hasinhayder/tyro

Tyro - The ultimate Authentication, Authorization, and Role &amp; Privilege Management solution for Laravel 12 &amp; 13

6804.7k6](/packages/hasinhayder-tyro)[psalm/plugin-laravel

Psalm plugin for Laravel

3355.3M346](/packages/psalm-plugin-laravel)[pktharindu/nova-permissions

Laravel Nova Grouped Permissions (ACL)

136421.9k](/packages/pktharindu-nova-permissions)[api-platform/laravel

API Platform support for Laravel

58171.6k14](/packages/api-platform-laravel)[amdadulhaq/guard-laravel

Guard is Role and Permission management system for Laravel

135.5k](/packages/amdadulhaq-guard-laravel)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
