This package simplifies integration with an IAM server within a microservices architecture by fetching the logged-in remote user's information. It ensures security by returning only one record per authorized user. While primarily designed for use with IAM servers, it is also compatible with other OAuth2 servers. The user data is expected in a simple array format from the user endpoint, with uuid as the mandatory field.

• Laravel Sanctum
• User model should utilize the AsRemoteUser trait and implement the RemoteUser contract.

Install the package via Composer:

composer require kwidoo/remote-user

Optionally, publish the configuration file:

php artisan vendor:publish --tag=remote-user-config

Add the following IAM server's OAuth2 credentials to your .env file:

IAM_SERVER_CLIENT_ID=your-client-id
IAM_SERVER_CLIENT_SECRET=your-client-secret
IAM_SERVER_URL=your-iam-server-url

Ensure your auth.php file is configured with the appropriate guards and providers to use with this package:

'guards' => [
    'api' => [
        'driver' => 'sanctum',
        'provider' => 'remote_users',
    ],
],
'providers' => [
    'remote_users' => [
        'driver' => 'remote',
        'model' => App\Models\User::class, // or you model
    ],
],

These settings configure Laravel to use Sanctum with the remote user model, ensuring proper authentication handling through the IAM server.

You can specify an alternative user model in the configuration file:

    'user_class' => App\Models\User::class  // or your model

This package facilitates the following workflow in conjunction with an IAM server and local Laravel Sanctum:

1. The frontend obtains a password grant and opaque token from the IAM server.
2. The frontend sends the opaque token to this package.
3. The package obtains a client credentials grant from the IAM server.
4. By using the opaque token along with the access token from step 3, it fetches the remote user from the IAM server.
5. If the user is successfully fetched, it provides a Sanctum token to the frontend.

To obtain a Sanctum token, make a GET request to the /sanctum/token endpoint. You can change the route as needed:

Route::get('/sanctum/token', RemoteUserController::class . '@token');

If you encounter issues accessing the /sanctum/token route, use:

php artisan route:list

to verify the exact route.

Run tests using:

composer test

For recent changes, please refer to the CHANGELOG.

For contribution guidelines, please see CONTRIBUTING.

For security-related issues, please contact [email protected] directly rather than using the public issue tracker.

• Oleg Pashkovsky
• All Contributors

This package is licensed under the MIT License. See the License File for more details.

This package was developed using the Laravel Package Boilerplate.