PHPackages                             tharangakothalawala/sso - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication & Authorization](/categories/authentication)
4. /
5. tharangakothalawala/sso

ActiveLibrary[Authentication & Authorization](/categories/authentication)

tharangakothalawala/sso
=======================

This is a library which can provision new accounts and to authenticate users utilizing third party vendor connections.

v1.4.0(5y ago)7398MITPHPPHP >=5.3CI failing

Since Jan 1Pushed 5y ago1 watchersCompare

[ Source](https://github.com/tharangakothalawala/sso)[ Packagist](https://packagist.org/packages/tharangakothalawala/sso)[ RSS](/packages/tharangakothalawala-sso/feed)WikiDiscussions master Synced today

READMEChangelog (3)Dependencies (5)Versions (8)Used By (0)

TSK Single Sign On
==================

[](#tsk-single-sign-on)

This is a library which can provision new accounts and can authenticate users utilizing third party vendor connections.

[![Latest Stable Version](https://camo.githubusercontent.com/5ee6ea5e288b13f71ce6466c16b1f4ff109ebb62dc3ecec0d1df81b30db641a6/68747470733a2f2f706f7365722e707567782e6f72672f74686172616e67616b6f7468616c6177616c612f73736f2f762f737461626c652e737667)](https://packagist.org/packages/tharangakothalawala/sso)[![License](https://camo.githubusercontent.com/f45d904953153ca304a2328243d2733e095eee13a631a1f390709885d41dd692/68747470733a2f2f706f7365722e707567782e6f72672f6c61726176656c2f6672616d65776f726b2f6c6963656e73652e737667)](https://packagist.org/packages/tharangakothalawala/sso)[![Build Status](https://camo.githubusercontent.com/a0ba3562def260616fe3ce8fd2e9956698f30633c755bc6b7577529c67995e38/68747470733a2f2f7472617669732d63692e6f72672f74686172616e67616b6f7468616c6177616c612f73736f2e7376673f6272616e63683d6d6173746572)](https://travis-ci.org/tharangakothalawala/sso)[![Quality Score](https://camo.githubusercontent.com/19b3079badf87a0d1bb95a508556aabea4a2906542eeb17ec88ea1c113da7964/68747470733a2f2f696d672e736869656c64732e696f2f7363727574696e697a65722f672f74686172616e67616b6f7468616c6177616c612f73736f2e7376673f7374796c653d666c61742d737175617265)](https://scrutinizer-ci.com/g/tharangakothalawala/sso)[![Code Coverage](https://camo.githubusercontent.com/7b2c3c16e065405b84fe002fd52634c38474e9d947079812cda7bec0a82d8b6b/68747470733a2f2f696d672e736869656c64732e696f2f7363727574696e697a65722f636f7665726167652f672f74686172616e67616b6f7468616c6177616c612f73736f2e7376673f7374796c653d666c61742d737175617265)](https://scrutinizer-ci.com/g/tharangakothalawala/sso)[![Total Downloads](https://camo.githubusercontent.com/3c8c9b348e60d9d6642d569887020ade483457ff9c9c3b3319a4941745bec712/68747470733a2f2f706f7365722e707567782e6f72672f74686172616e67616b6f7468616c6177616c612f73736f2f642f746f74616c2e737667)](https://packagist.org/packages/tharangakothalawala/sso)

Supported Vendors
=================

[](#supported-vendors)

- Amazon
- Facebook
- GitHub
- Google
- LinkedIn
- Slack
- Spotify
- Stripe
- Twitter
- Yahoo
- Zoom

Structure
=========

[](#structure)

There are three(3) main functions.

- Third Party Login action
- Authentication process
- Revoking access to your client application

Third Party Login action
------------------------

[](#third-party-login-action)

Use the following code to redirect a user to the vendor's login page. The following uses Google as an example.

```
use TSK\SSO\ThirdParty\Google\GoogleConnectionFactory;

$googleConnectionFactory = new GoogleConnectionFactory();
$googleConnection = $googleConnectionFactory->get(
    'google_client_id',
    'google_client_secret',
    'http://www.your-amazing-app.com/sso/google/grant'
);

header("Location: $googleConnection->getGrantUrl()");
```

Authentication process
----------------------

[](#authentication-process)

Use the following code to do a signup/signin. The following uses Google as an example. Please note that you will have to implement the `TSK\SSO\AppUser\AppUserRepository` to provision and validate users according to your application logic. See my example in the `examples` directory.

#### DefaultAuthenticator Usage

[](#defaultauthenticator-usage)

```
use TSK\SSO\Auth\DefaultAuthenticator;
use TSK\SSO\Auth\Exception\AuthenticationFailedException;
use TSK\SSO\ThirdParty\Exception\NoThirdPartyEmailFoundException;
use TSK\SSO\ThirdParty\Exception\ThirdPartyConnectionFailedException;
use TSK\SSO\ThirdParty\Google\GoogleConnectionFactory;
use YouApp\TSKSSO\YourImplementationOfTheAppUserRepository;

$googleConnectionFactory = new GoogleConnectionFactory();
$googleConnection = $googleConnectionFactory->get(
    'google_client_id',
    'google_client_secret',
    'http://www.your-amazing-app.com/sso/google/grant'
);

$authenticator = new DefaultAuthenticator(
    new YourImplementationOfTheAppUserRepository()
);

try {
    $appUser = $authenticator->authenticate($googleConnection);
} catch (AuthenticationFailedException $ex) {
} catch (DataCannotBeStoredException $ex) {
} catch (NoThirdPartyEmailFoundException $ex) {
} catch (ThirdPartyConnectionFailedException $ex) {
} catch (\Exception $ex) {
}

// log the detected application's user in
$_SESSION['userId'] = $appUser->id();
```

Please note that using the `TSK\SSO\Auth\DefaultAuthenticator` will just do a simple lookup of the user store using your logic. If you want to support multiple vendors and to avoid creating new users per each of their specific email address, you will have to use this `TSK\SSO\Auth\PersistingAuthenticator`.

#### PersistingAuthenticator Usage

[](#persistingauthenticator-usage)

This uses File System by default as the storage for the user mappings.

```
use TSK\SSO\Auth\PersistingAuthenticator;
use YouApp\TSKSSO\YourImplementationOfTheAppUserRepository;

$authenticator = new PersistingAuthenticator(
    new YourImplementationOfTheAppUserRepository()
);
```

##### MySQL

[](#mysql)

There are two classes available for you to use MySQL as the storage.

For MySQL, I have provided a schema file under sql folder. Please use that.

- `TSK\SSO\Storage\PdoThirdPartyStorageRepository`

```
use TSK\SSO\Auth\PersistingAuthenticator;
use TSK\SSO\Storage\PdoThirdPartyStorageRepository;
use YouApp\TSKSSO\YourImplementationOfTheAppUserRepository;

$authenticator = new PersistingAuthenticator(
    new YourImplementationOfTheAppUserRepository(),
    new PdoThirdPartyStorageRepository(
        // In Laravel, you can do this to get its PDO connection: \DB::connection()->getPdo();
        new PDO('mysql:dbname=db;host=localhost', 'foo', 'bar'),
        'Optional Table Name (default:thirdparty_connections)'
    ),
);
```

- `TSK\SSO\Storage\MysqliThirdPartyStorageRepository`

```
use TSK\SSO\Auth\PersistingAuthenticator;
use TSK\SSO\Storage\PdoThirdPartyStorageRepository;
use YouApp\TSKSSO\YourImplementationOfTheAppUserRepository;

$authenticator = new PersistingAuthenticator(
    new YourImplementationOfTheAppUserRepository(),
    new MysqliThirdPartyStorageRepository(new mysqli('localhost', 'foo', 'bar', 'db')),
);
```

##### MongoDB

[](#mongodb)

- `TSK\SSO\Storage\PeclMongoDbThirdPartyStorageRepository`

```
use TSK\SSO\Auth\PersistingAuthenticator;
use TSK\SSO\Storage\PeclMongoDbThirdPartyStorageRepository;
use YouApp\TSKSSO\YourImplementationOfTheAppUserRepository;

$authenticator = new PersistingAuthenticator(
    new YourImplementationOfTheAppUserRepository(),
    new PeclMongoDbThirdPartyStorageRepository(new MongoDB\Driver\Manager('mongodb://localhost:27017/yourdb'), 'yourdb'),
);
```

Of course you can use your own storage by just implementing this interface : `TSK\SSO\Storage\ThirdPartyStorageRepository`.

Revoking vendor access to your client application
-------------------------------------------------

[](#revoking-vendor-access-to-your-client-application)

```
use TSK\SSO\ThirdParty\VendorConnectionRevoker;

$vendorConnectionRevoker = new VendorConnectionRevoker(
    $googleConnection, // the vendor connection
    // [optional] `TSK\SSO\Storage\ThirdPartyStorageRepository` implementation. File system storage is used by default
);
$vendorConnectionRevoker->revoke($vendorEmail, $vendorName); // returns a bool
```

Connecting multiple accounts while logged in.
---------------------------------------------

[](#connecting-multiple-accounts-while-logged-in)

- A user may have multiple accounts on one(1) vendor. ex: Multiple Facebook/Google accounts with different email addresses.
- Or a user can have accounts on other vendors such as Facebook and Google at the same time. You may want to let them connect other accounts to make it easier for them to authenticate/access using multiple vendors.

You can use the `TSK\SSO\Auth\AppUserAwarePersistingAuthenticator` to validate the account that they selecting.

```
use TSK\SSO\AppUser\ExistingAppUser;
use TSK\SSO\Auth\AppUserAwarePersistingAuthenticator;
use TSK\SSO\Auth\PersistingAuthenticator;
use YouApp\TSKSSO\YourImplementationOfTheAppUserRepository;

$userId = $_SESSION['userid'];
if (!is_null($userId)) {
    $authenticator = new AppUserAwarePersistingAuthenticator(
        new ExistingAppUser($userId, 'current-loggedin-user-email@tsk-webdevelopment.com')
    );
} else {
    $authenticator = new PersistingAuthenticator(
        new YourImplementationOfTheAppUserRepository()
    );
}
```

What Next?
==========

[](#what-next)

To add any missing vendor support and any other storage systems.

Demo
====

[](#demo)

#### Creating your own apps \[Optional\]

[](#creating-your-own-apps-optional)

I have created several demo apps and have registered them in Amazon, GitHub, Google, Twitter & Yahoo. Optionally you may register your own apps if you want to test.

- Amazon :
- GitHub :
- Google :
- Twitter :  - You must at least have 'Read-only' access permission and have ticked 'Request email address from users' under additional permissions.
- Spotify :
- Yahoo :  - You must at least select 'Read/Write Public and Private' of 'Profiles (Social Directory)' API permissions.

#### Host File Entry

[](#host-file-entry)

And add the `localhost.com` into the host file as following. (Linux : `/etc/hosts`, Windows: `C:\Windows\System32\drivers\etc\hosts`)

```
127.0.0.1    localhost.com
```

#### Start Demo

[](#start-demo)

```
make demo
```

Then go to

###  Health Score

29

—

LowBetter than 60% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity17

Limited adoption so far

Community7

Small or concentrated contributor base

Maturity60

Established project with proven stability

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~155 days

Recently: every ~187 days

Total

6

Last Release

1910d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/c64ce811c55d7a9927181b040b2865a23669cfc59673a871c4784595e44457a9?d=identicon)[tharanga](/maintainers/tharanga)

---

Top Contributors

[![tharangakothalawala](https://avatars.githubusercontent.com/u/4851255?v=4)](https://github.com/tharangakothalawala "tharangakothalawala (24 commits)")

---

Tags

authenticationloginprovisionregistersigninsignupsingle-sign-onsingle-sign-outssoSSOloginsigninregistersignupprovision

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/tharangakothalawala-sso/health.svg)

```
[![Health](https://phpackages.com/badges/tharangakothalawala-sso/health.svg)](https://phpackages.com/packages/tharangakothalawala-sso)
```

###  Alternatives

[sarav/laravel-multiauth

A Simple Laravel Package for handling multiple authentication

5030.7k](/packages/sarav-laravel-multiauth)[korotovsky/sso-library

Single-sign-on library for Symfony2

2551.0k2](/packages/korotovsky-sso-library)[korotovsky/sso-sp-bundle

Single-sign-on bundle for Symfony2. Service Provider part.

3316.0k](/packages/korotovsky-sso-sp-bundle)[zefy/php-simple-sso

Simple PHP SSO

209.6k17](/packages/zefy-php-simple-sso)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)