Search code examples
phplaravellaravel-backpacklaravel-socialite

Can we interate socialite with backpack for laravel?

We have the need to login user ONLY via OpenId (exactly Microsoft Azure AD OpenId Connect).

We understand how to use Socialite but we would like to integrate with Backpack For Laravel, because app is 90% base cruds and because we already have a paid licence.

How to integrate socialite with backpack for laravel?

  • Also ... we should integrate it with laravel-permissions that it's very easy to integrate with backpack for laravel
Solution

  • This is actually a working solution

    config\backpack\base.php

    'guard' => null,

    .env

    AZURE_CLIENT_ID=0e8b592f-asaaaasd4eac-a368-d0d52dbc14e0
AZURE_CLIENT_SECRET=b2r5442
AZURE_REDIRECT_URI=/sso/callback

    config\services.php

    // See https://socialiteproviders.com/Microsoft-Azure/#installation-basic-usage
'azure' => [
    'client_id' => env('AZURE_CLIENT_ID'),
    'client_secret' => env('AZURE_CLIENT_SECRET'),
    'redirect' => env('AZURE_REDIRECT_URI')
],

    Packages installed:

    "laravel/socialite": "^5.2",
"lcobucci/jwt": "^4.1",
"socialiteproviders/microsoft-azure": "^4.2",

    routes\web.php

    Route::get('/login', [\App\Http\Controllers\AuthController::class, 'login'])->name('login');
Route::get('/sso/callback',  [\App\Http\Controllers\AuthController::class, 'ssoCallback']);

    app/Http/Controllers/AuthController.php

    use Laravel\Socialite\Facades\Socialite;
use Lcobucci\JWT\Configuration;
....

public function login()
{
    return Socialite::driver('azure')->scopes(['openid'])->redirect();
}

public function logout(Request $request)
{

    Auth::logout();

    $request->session()->invalidate();

    $request->session()->regenerateToken();

    return redirect("https://login.microsoftonline.com/common/oauth2/v2.0/logout");
}

public function ssoCallback()
{
    try {
        $user = Socialite::driver('azure')->user();
    }
    catch (\Laravel\Socialite\Two\InvalidStateException $e) {
        return redirect(route('login'));
    }
    catch (\GuzzleHttp\Exception\ClientException $e) {
        return redirect(route('login'));
    }

    // Read the claims from token JWT using Lcobucci\JWT package
    $configuration = Configuration::forUnsecuredSigner();
    $token = $configuration->parser()->parse( $user->accessTokenResponseBody["id_token"] );
    $claims = $token->claims()

    // This is an example, it depends by your jwt 
    $full_name = $user->name;
    $email = $user->email;

    $app_user = User::firstOrCreate([
        'name' => $full_name,
        'email' => $email,
    ]);

    auth()->login($app_user);
}