PHPackages slashid/laravel - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. slashid/laravel ActiveLibrary[Authentication & Authorization](/categories/authentication) slashid/laravel =============== SlashID integration package for Laravel. 1.0.0(2y ago)04[1 PRs](https://github.com/slashid/laravel/pulls)MITJavaScriptPHP ^8.1 Since Apr 4Pushed 1y agoCompare [ Source](https://github.com/slashid/laravel)[ Packagist](https://packagist.org/packages/slashid/laravel)[ RSS](/packages/slashid-laravel/feed)WikiDiscussions main Synced 1mo ago READMEChangelogDependencies (5)Versions (5)Used By (0) Laravel SlashID integration =========================== [](#laravel-slashid-integration) Installation ------------ [](#installation) 1. Install the Laravel SlashID packaged with composer: ``` composer require slashid/laravel ``` 2. Edit your environment file, `.env`, adding the following variables to the end of the file: - `SLASHID_ENVIRONMENT`, either `sandbox` or `production` - `SLASHID_ORGANIZATION_ID`, your organization's ID. You'll find it in your SlashID console ( for production, for sandbox), in the "Settings" tab, on the top of the page. - `SLASHID_API_KEY`, your organization's API Key. You'll also find it in your SlashID console, in the "Settings" tab, at the very bottom of the page. ``` SLASHID_ENVIRONMENT=sandbox SLASHID_ORGANIZATION_ID=412edb57-ae26-f2aa-9999-770021ed52d1 SLASHID_API_KEY=z0dlY-nluiq8mcvm8YTolSkJV6e9 ``` 3. Run the following artisan command to publish the resources: ``` php artisan vendor:publish --provider="SlashId\Laravel\Providers\SlashIdServiceProvider" ``` You're ready! Now access `/login` in your website and enjoy your new login with SlashID :) Configuration ------------- [](#configuration) There are several configurations in this package, that you can edit on `config/slashid.php`. The configurations that are more likely for you to override are `web_redirect_after_login` and `web_redirect_after_logout`. ConfigurationDefault valueDescription`login_form_configuration`see belowSee [Login form configuration](#login-form-configuration)`login_form_override_bundled_javascript``false`Set true to override the Bundled JavaScript form, see [Overriding the login form](#overriding-the-login-form).`login_form_override_javascript_glue``false`Set true to override the JavaScript glue code, see [Overriding the login form](#overriding-the-login-form).`login_form_css_override``[]`See [Login form theme](#login-form-theme)`web_register_user_provider``true`Whether to register the session-based user provider. Turn it off if you want to use *exclusively* API-based authentication.`web_register_guard``true`Whether to register the session-based authentication. Turn it off if you want to use *exclusively* API-based authentication.`web_register_routes``true`Whether to register the web routes (`/login`, `/login/callback`, `/logout`). Turn it off if you want to register your routes.`web_route_path_login``'/login'`The URL for the login page.`web_route_path_login_callback``'/login/callback'`The URL for the login callback page (you probably don't want to override it).`web_route_path_logout``'/logout'`The URL for the logout page.`web_redirect_after_login``'/'`Where to redirect the user after login.`web_redirect_after_logout``'/'`Where to redirect the user after logout.`api_register_user_provider``true`Whether to register the stateless user provider. Turn it off if you want to use *exclusively* web authentication.`api_register_guard``true`Whether to register the stateless authentication. Turn it off if you want to use *exclusively* web authentication.`group_register_middleware``true`Whether to register the group middleware (see the section "Group-based access check-in routes")`webhook_enable``true`Whether to enable webhooks (see the section "Webhooks")`webhook_route_path``'/slashid/webhook'`The URL for the webhook route (you probably don't want to override it).### Login form configuration [](#login-form-configuration) The login form is a bundled version of [SlashID's React SDK](https://developer.slashid.dev/docs/access/react-sdk). As such all options in the components are usable here, just note that you have to convert `camelCase` to `kebab-case` (see examples below). In `config/slashid.php`, the option `login_form_configuration`, has the following default value: ``` // config/slashid.php return [ 'login_form_configuration' => [ 'factors' => [ ['method' => 'webauthn'], ['method' => 'email_link'], ], 'analytics-enabled', // Uncomment to enable the dark theme. // 'theme-props' => ['theme' => 'dark'], ], //............. ]; ``` ### Authentication methods [](#authentication-methods) For instance, if you want to add password login, first add the password option in the SlashID Console > Settings, then change the configuration to as such: ``` // config/slashid.php return [ 'login_form_configuration' => [ 'factors' => [ ['method' => 'webauthn'], ['method' => 'email_link'], ['method' => 'password'], ], 'analytics-enabled', // Uncomment to enable the dark theme. // 'theme-props' => ['theme' => 'dark'], ], //........ ]; ``` For more information, check the documentation at: ### Login form theme [](#login-form-theme) You can choose between a light and a dark theme by overriding the `theme-props` option in the `login_form_configuration`. For instance, this will make the theme dark: ``` // config/slashid.php return [ 'login_form_configuration' => [ 'factors' => [ ['method' => 'webauthn'], ['method' => 'email_link'], ], 'analytics-enabled', 'theme-props' => ['theme' => 'dark'], ], //............. ]; ``` You can also override [any of the CSS variables provided by the React SDK](https://developer.slashid.dev/docs/access/react-sdk/reference/components/react-sdk-reference-form#css-custom-properties-variables). For instance, to make the login button red, you can do the following: ``` // config/slashid.php return [ //............. 'login_form_css_override' => [ '--sid-color-primary' => '#f00', ], //............. ]; ``` Groups ------ [](#groups) ### Group-based access check-in routes [](#group-based-access-check-in-routes) You can use the `slashid_group` middleware to restrict certain routes to people of a given group. For instance, if you want to create a route `/content-management` that only people within the "Editor" group can access, and a route `/admin` that only people within the "Admin" group can access, you can do it like this: ``` // web.php Route::get('/content-management', function () { // Route that only someone in the group "Editor" can access. })->middleware('slashid_group:Editor'); Route::get('/admin', function () { // Route that only someone in the group "Admin" can access. })->middleware('slashid_group:Admin'); ``` If the user is not logged in, they will be redirected to the login page. If the user is logged in, they will receive an Access Denied exception. ⚠️ **Note**: group names are case-sensitive, please make sure you are using the correct group names. You can also combine different groups in your route checking! For instance, if you want the `/dashboard` page to be accessible for anyone in ANY of the groups "Admin", "Editor" or "Reviewer", you can use `|` to combine different group names in an `OR` conjunction: ``` // web.php Route::get('/group/Admin-OR-Editor', function () { // Route that someone in the group "Admin", OR in the group "Editor", OR in the group "Reviewer" can access. })->middleware('slashid_group:Admin|Editor|Reviewer'); ``` You can also use `&` to combine groups in an `AND` conjunction: ``` Route::get('/very-secure-page', function () { // Route that is only accessed by someone *both* in the "Admin" and "Editor" groups. })->middleware('slashid_group:Admin&Editor'); ``` ⚠️ **Note**: you cannot combine `|` and `&` in a same route, e.g. `->middleware('slashid_group:Admin&Editor|Reviewer')` is an invalid declaration and will raise an exception. ### Group-checking in custom code [](#group-checking-in-custom-code) If you want to check the groups of a user in your custom code, you can use any of the group-related methods of the `\SlashId\Laravel\SlashIdUser` class, e.g.: ``` if ($user->hasGroup('Editor')) { // Do things that only an "Editor" user can do. } if ($user->hasAnyGroup(['Admin', 'Editor', 'Reviewer'])) { // Do things that someone in the group "Admin", OR in the group "Editor", OR // in the group "Reviewer" can do. } if ($user->hasAllGroups(['Admin', 'Editor'])) { // Do things that only someone that is in *both* "Admin" and "Editor" groups // can do. } // Shows the user groups as a list of strings. var_dump($user->getGroups()); ``` ### Group-checking in Blade [](#group-checking-in-blade) You can also use the `hasGroup` / `hasAnyGroup` / `hasAllGroups` methods to build templates in Blade that display different things depending on the groups the user belongs to. ``` // some-template.blade.php @if (auth()->user()) You are logged in @if (auth()->user()->hasGroup('Editor')) Information Editors can access. @endif @if (auth()->user()->hasGroup('Admin')) Information Admins can access. @endif @if (auth()->user()->hasAnyGroup(['Admin', 'Editor'])) Information both Editors & Admins can access. @endif @else You are NOT logged in @endif ``` Webhooks -------- [](#webhooks) See [SlashID documentation on Webhooks](https://developer.slashid.dev/docs/access/guides/webhooks/introduction). ### Artisan webhook commands [](#artisan-webhook-commands) To use webhooks, you need first to register your URL with SlashID. Webhooks are managed via API, but this package provides three Artisan commands to help you manage them. #### How to register webhooks [](#how-to-register-webhooks) To register a new webhook for the current website use the following command. You are required to define a unique name for it, in this example, we're using `my_laravel_webhook`. ``` php artisan slashid:webhook:register my_laravel_webhook ``` By default, the webhook is registered with the triggers: `PersonDeleted_v1`, `PersonLoggedOut_v1`, and `PasswordChanged_v1`. You can specify which triggers to register, listing the triggers separated by space: ``` php artisan slashid:webhook:register my_laravel_webhook PasswordChanged_v1 VirtualPageLoaded_v1 AuthenticationFailed_v1 ``` You can run `slashid:webhook:register` as many times as you want, if there is already a webhook registered to that URL, it will be updated and the list of triggers will be overridden. #### How to test webhooks locally [](#how-to-test-webhooks-locally) You can test webhooks in your local development environment with a tool such as [ngrok](https://ngrok.com/), then use the option `--base-url` to register a webhook with the proxy. For instance, if you are running Laravel on port 8080, you can proxy your local environment with ngrok with: ``` ngrok http 8000 ``` The ngrok command-line will then display data about your proxy, such as: ``` Forwarding https://2f45-2804-14c-483-983f-b323-32f2-4714-1609.ngrok-free.app -> http://localhost:8000 ``` Then, you can register a web service to the proxy URL, with the following command: ``` php artisan slashid:webhook:register proxied_webhook PasswordChanged_v1 --base-url=https://2f45-2804-14c-483-983f-b323-32f2-4714-1609.ngrok-free.app ``` #### How to register webhooks for other applications [](#how-to-register-webhooks-for-other-applications) You can use the artisan command to register webhooks with any arbitrary URL: ``` php artisan slashid:webhook:register proxied_webhook PasswordChanged_v1 --webhook-url=https://someotherapplication.example.com/some-arbitrary-url ``` ### How to see existing webhooks [](#how-to-see-existing-webhooks) You can see all webhooks registered to your SlashID organization with the command: ``` php artisan slashid:webhook:list ``` #### How to delete a webhook [](#how-to-delete-a-webhook) You can delete a webhook by its ID. ``` php artisan slashid:webhook:delete 065e5237-c1c4-7a96-ab00-783ef0cbd002 ``` To learn a webhook ID, use the `slashid:webhook:list` command. ### Listening to events [](#listening-to-events) Any received webhook will be made available to the developer as a Laravel event. To listen to webhook events in your Laravel application, create a class in the `app/Listeners` folder of your application. In the example below, we are naming it `WebhookListener`, but you can name it as you like. ``` // app/Listeners/WebhookListener.php