This package simplifies integration with an IAM server within a microservices architecture by fetching the logged-in remote user's information. It ensures security by returning only one record per authorized user. While primarily designed for use with IAM servers, it is also compatible with other OAuth2 servers. The user data is expected in a simple array format from the user endpoint, with uuid
as the mandatory field.
- Laravel Sanctum
- User model should utilize the
AsRemoteUser
trait and implement theRemoteUser
contract.
Install the package via Composer:
composer require kwidoo/remote-user
Optionally, publish the configuration file:
php artisan vendor:publish --tag=remote-user-config
Add the following IAM server's OAuth2 credentials to your .env
file:
IAM_SERVER_CLIENT_ID=your-client-id
IAM_SERVER_CLIENT_SECRET=your-client-secret
IAM_SERVER_URL=your-iam-server-url
Ensure your auth.php
file is configured with the appropriate guards and providers to use with this package:
'guards' => [
'api' => [
'driver' => 'sanctum',
'provider' => 'remote_users',
],
],
'providers' => [
'remote_users' => [
'driver' => 'remote',
'model' => App\Models\User::class, // or you model
],
],
These settings configure Laravel to use Sanctum with the remote user model, ensuring proper authentication handling through the IAM server.
You can specify an alternative user model in the configuration file:
'user_class' => App\Models\User::class // or your model
This package facilitates the following workflow in conjunction with an IAM server and local Laravel Sanctum:
- The frontend obtains a password grant and opaque token from the IAM server.
- The frontend sends the opaque token to this package.
- The package obtains a client credentials grant from the IAM server.
- By using the opaque token along with the access token from step 3, it fetches the remote user from the IAM server.
- If the user is successfully fetched, it provides a Sanctum token to the frontend.
To obtain a Sanctum token, make a GET request to the /sanctum/token
endpoint. You can change the route as needed:
Route::get('/sanctum/token', RemoteUserController::class . '@token');
If you encounter issues accessing the /sanctum/token
route, use:
php artisan route:list
to verify the exact route.
Run tests using:
composer test
For recent changes, please refer to the CHANGELOG.
For contribution guidelines, please see CONTRIBUTING.
For security-related issues, please contact [email protected] directly rather than using the public issue tracker.
This package is licensed under the MIT License. See the License File for more details.
This package was developed using the Laravel Package Boilerplate.