我们需要仅通过OpenId(确切地说是Microsoft Azure AD OpenId Connect(登录用户。
我们了解如何使用Socialite,但我们希望与Backpack For Laravel集成,因为该应用程序90%是基础粗糙的,而且我们已经有了付费许可证。
如何将社交名媛与背包相结合?
- 还有。。。我们应该将其与laravel权限集成,这对于laravel来说很容易与背包集成
如果你需要社交名媛,我建议你根本不要使用背包身份验证。只需在config/backpack/base.php文件中禁用与身份验证相关的所有内容(主要是路由(,用socialite编写您自己的控制器逻辑,并在同一配置文件中插入您自己的身份验证中间件和防护程序,这样backpack就可以使用您的身份验证,而不是默认的身份验证。
它将更容易编码和维护您自己的逻辑,而不是破坏默认的授权以按照您想要的方式工作
这实际上是一个工作解决方案
configbackpackbase.php
'guard' => null,
.env
AZURE_CLIENT_ID=0e8b592f-asaaaasd4eac-a368-d0d52dbc14e0
AZURE_CLIENT_SECRET=b2r5442
AZURE_REDIRECT_URI=/sso/callback
configservices.php
// See https://socialiteproviders.com/Microsoft-Azure/#installation-basic-usage
'azure' => [
'client_id' => env('AZURE_CLIENT_ID'),
'client_secret' => env('AZURE_CLIENT_SECRET'),
'redirect' => env('AZURE_REDIRECT_URI')
],
安装的软件包:
"laravel/socialite": "^5.2",
"lcobucci/jwt": "^4.1",
"socialiteproviders/microsoft-azure": "^4.2",
routesweb.php
Route::get('/login', [AppHttpControllersAuthController::class, 'login'])->name('login');
Route::get('/sso/callback', [AppHttpControllersAuthController::class, 'ssoCallback']);
app/Http/Controllers/AuthController.php
use LaravelSocialiteFacadesSocialite;
use LcobucciJWTConfiguration;
....
public function login()
{
return Socialite::driver('azure')->scopes(['openid'])->redirect();
}
public function logout(Request $request)
{
Auth::logout();
$request->session()->invalidate();
$request->session()->regenerateToken();
return redirect("https://login.microsoftonline.com/common/oauth2/v2.0/logout");
}
public function ssoCallback()
{
try {
$user = Socialite::driver('azure')->user();
}
catch (LaravelSocialiteTwoInvalidStateException $e) {
return redirect(route('login'));
}
catch (GuzzleHttpExceptionClientException $e) {
return redirect(route('login'));
}
// Read the claims from token JWT using LcobucciJWT package
$configuration = Configuration::forUnsecuredSigner();
$token = $configuration->parser()->parse( $user->accessTokenResponseBody["id_token"] );
$claims = $token->claims()
// This is an example, it depends by your jwt
$full_name = $user->name;
$email = $user->email;
$app_user = User::firstOrCreate([
'name' => $full_name,
'email' => $email,
]);
auth()->login($app_user);
}