Weave Code
Code Weaver
Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.
Feedback
Share your thoughts, report bugs, or suggest improvements.
Subject
Message
Log in Register
Home
Packages
Symfony Oidc Bundle
Assessments

Symfony Oidc Bundle Laravel Package

drenso/symfony-oidc-bundle

View on GitHub
Deep Wiki
Context7

Technical Evaluation

Architecture Fit

  • Symfony-Centric Design: The bundle is tightly integrated with Symfony’s authentication system (Authentication Manager), making it a natural fit for Symfony-based applications. However, Laravel’s authentication stack (e.g., Illuminate\Auth) is fundamentally different, requiring significant abstraction or middleware workarounds.
  • OIDC Core Compatibility: Leverages jumbojett/OpenID-Connect-PHP (a battle-tested OIDC library), ensuring standard compliance (RFC 6749, 6750, 7519). This is a strength for Laravel, which lacks a native OIDC solution.
  • Modularity: Supports multiple OIDC clients (e.g., Auth0, Keycloak, Microsoft Entra) via configurable YAML, which aligns with Laravel’s service provider pattern but may require custom adapters.
  • PHP 8+ Dependency: Hard blocker for Laravel projects not yet upgraded (PHP 8.0+ required). If using Laravel 9+, this is non-negotiable.

Integration Feasibility

  • Symfony-Specific Components:
    • Authentication Manager: Laravel uses Guard/UserProvider interfaces, not Symfony’s AuthenticatorInterface. A custom middleware or Laravel Auth extension would be needed to bridge the gap.
    • Firewall Configuration: Symfony’s security.yaml is replaced by Laravel’s auth.php/middleware. The oidc listener would need to be emulated via middleware (e.g., OidcAuthMiddleware).
    • Event System: Symfony’s LogoutEvent/LoginEvent would require Laravel’s Authenticating/Authenticated events or custom listeners.
  • Configuration Overlap:
    • The bundle’s drenso_oidc.yaml can be mapped to Laravel’s config/oidc.php using Laravel’s config system.
    • Environment variables (e.g., OIDC_WELL_KNOWN_URL) are natively supported in Laravel via .env.
  • User Provider Gap:
    • Symfony’s OidcUserProviderInterface must be adapted to Laravel’s UserProvider contract. The ensureUserExists() and loadOidcUser() methods would need Laravel equivalents (e.g., retrieveByOidc()).

Technical Risk

Risk Area Severity Mitigation Strategy
Authentication Flow Mismatch High Build a Laravel-compatible authenticator (e.g., OidcGuard) or use middleware.
Middleware Complexity Medium Abstract OIDC logic into a service class (e.g., OidcService) to decouple from Symfony.
PHP 8+ Requirement High Block adoption if Laravel app isn’t PHP 8+; otherwise, upgrade.
Remember Me/Logout Medium Implement custom cookie-based remember-me and OIDC RP-initiated logout logic.
Token Validation Low Reuse OpenID-Connect-PHP’s validator under the hood; minimal risk.
IdP-Specific Quirks Low Bundle includes docs for Microsoft Entra/ADFS; other IdPs may need testing.

Key Questions

  1. Is PHP 8+ adoption feasible for the Laravel project?
    • Impact: If not, this package is incompatible (v1.x is Symfony 5.4+ only).
  2. Can Laravel’s User model be extended to implement OidcUserProviderInterface?
    • Impact: Requires custom trait/class; may need database schema changes.
  3. How will the OIDC redirect/authorization flow integrate with Laravel’s session middleware?
    • Impact: Middleware sequencing is critical; may conflict with Laravel’s built-in auth stack.
  4. Are there existing Laravel OIDC packages (e.g., league/oauth2-server, php-openid/connect) that could be composed with this bundle?
    • Impact: Potential for hybrid integration to reduce custom work.
  5. What’s the fallback if end_session_endpoint (logout) fails?
    • Impact: SSO logout is inherently fragile; need a graceful degradation plan.

Integration Approach

Stack Fit

  • Laravel Compatibility:
    • Core: The underlying OpenID-Connect-PHP library is IdP-agnostic and can be used directly in Laravel (e.g., via league/oauth2-client). The Symfony bundle is just a wrapper for this library + Symfony auth integration.
    • Recommendation: Use this bundle only for its configuration management and Symfony-specific helpers, while building a Laravel-native OIDC service layer.
  • Key Laravel Components to Leverage:
    • Service Providers: Register OIDC clients/configuration in AppServiceProvider.
    • Middleware: Replace Symfony’s oidc listener with a custom OidcAuthMiddleware.
    • Events: Use Laravel’s Authenticating, Authenticated, and Attempting events for hooks.
    • Session/Cookies: Handle REMEMBERME via Laravel’s cookie() helper.
  • Avoid:
    • Directly using Symfony’s AuthenticationManager or AuthenticatorInterface.
    • Relying on Symfony’s security.yaml (use Laravel’s auth.php/middleware.php).

Migration Path

  1. Phase 1: Dependency Extraction

    • Install league/oauth2-client and php-openid/connect as Laravel dependencies.
    • Extract the OIDC logic from the Symfony bundle into a Laravel service class (e.g., OidcService).
    • Example: 
      // app/Services/OidcService.php
use League\OAuth2\Client\Provider\GenericProvider;
use Jose\Component\Core\JWK;

class OidcService {
    public function getClient(string $clientName): GenericProvider {
        // Load config from Laravel's config/oidc.php
        $config = config("oidc.clients.$clientName");
        return new GenericProvider($config);
    }

    public function validateToken(string $token): array {
        // Reuse OpenID-Connect-PHP validation logic
        return (new \OpenID\OpenID())->validateToken($token);
    }
}

  2. Phase 2: Authentication Middleware

    • Create a custom middleware to handle OIDC auth (replace Symfony’s oidc listener).
    • Example: 
      // app/Http/Middleware/OidcAuthMiddleware.php
namespace App\Http\Middleware;

use Closure;
use Symfony\Component\HttpFoundation\RedirectResponse;

class OidcAuthMiddleware {
    public function handle($request, Closure $next) {
        if (!$request->user()) {
            $oidc = app(OidcService::class);
            return $oidc->generateAuthorizationRedirect();
        }
        return $next($request);
    }
}
    • Register in app/Http/Kernel.php: 
      protected $middleware = [
    // ...
    \App\Http\Middleware\OidcAuthMiddleware::class,
];

  3. Phase 3: User Provider Integration

    • Extend Laravel’s UserProvider to handle OIDC user data.
    • Example: 
      // app/Providers/OidcUserProvider.php
use Illuminate\Contracts\Auth\UserProvider;
use OpenID\OpenID;

class OidcUserProvider implements UserProvider {
    public function retrieveByOidc(string $identifier) {
        // Fetch user from DB using OIDC identifier (e.g., 'sub' or 'email')
    }

    public function createUserFromOidc(array $userData) {
        // Bootstrap new user from OIDC claims
        return User::create([
            'email' => $userData['email'],
            'provider_id' => $userData['sub'],
        ]);
    }
}

  4. Phase 4: Configuration Adaptation

    • Convert drenso_oidc.yaml to Laravel’s config/oidc.php: 
      // config/oidc.php
return [
    'clients' => [
        'default' => [
            'well_known_url' => env('OIDC_WELL_KNOWN_URL'),
            'client_id' => env('OIDC_CLIENT_ID'),
            'client_secret' => env('OIDC_CLIENT_SECRET'),
            'redirect_uri' => env('OIDC_REDIRECT_URI'),
        ],
    ],
];

  5. Phase 5: IdP-Specific Tweaks

    • Apply IdP-specific fixes (e.g., Microsoft Entra’s access_token_issuer quirk) in the OidcService.
    • Example: 
      if ($idp ===
Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.
Prompt
Add packages to context
No packages found.
milito/query-filter
apiboxsym/user-bundle
apiboxsym/health-check-bundle
jayeshmepani/jpl-moshier-ephemeris-php
elnasnato/laraliveui
labrodev/rest-sdk
sampaui/sampaui
babelqueue/php-sdk
facebook/capi-param-builder-php
babelqueue/symfony
hamzi/corewatch
minionfactory/raw-hydrator
hexters/coinpayment
rjcodes/rjcms
act-training/laravel-permissions-manager
alimarchal/laravel-chart-of-accounts
babenkoivan/elastic-scout-driver
mkwebdesign/filament-watchdog-v5
renatomarinho/laravel-page-speed
zedmagdy/filament-business-hours