├── .gitignore ├── .travis.yml ├── composer.json ├── config ├── .gitkeep └── eloquent-oauth.php ├── migrations └── create_oauth_identities_table.stub ├── phpunit.xml ├── readme.md ├── src ├── EloquentOAuthServiceProvider.php └── Installation │ ├── FileExistsException.php │ └── InstallCommand.php ├── tests └── .gitkeep └── todo.md /.gitignore: -------------------------------------------------------------------------------- 1 | /vendor 2 | composer.phar 3 | composer.lock 4 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | language: php 2 | 3 | php: 4 | - 5.5 5 | - 5.6 6 | 7 | before_script: 8 | - curl -s http://getcomposer.org/installer | php 9 | - php composer.phar install --dev 10 | 11 | script: phpunit 12 | -------------------------------------------------------------------------------- /composer.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "adamwathan/eloquent-oauth-l5", 3 | "description": "Stupid simple OAuth authentication with Laravel and Eloquent", 4 | "authors": [ 5 | { 6 | "name": "Adam Wathan", 7 | "email": "adam.wathan@gmail.com" 8 | } 9 | ], 10 | "license": "MIT", 11 | "require": { 12 | "php": ">=5.5.0", 13 | "adamwathan/eloquent-oauth": "dev-master", 14 | "guzzlehttp/guzzle": "^6.2.1" 15 | }, 16 | "autoload": { 17 | "psr-4": { 18 | "AdamWathan\\EloquentOAuthL5\\": "src/" 19 | } 20 | }, 21 | "require-dev": { 22 | "phpunit/phpunit": "^4.8" 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /config/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/adamwathan/eloquent-oauth-l5/8d6c9098f9b4ab2fcc806b8b4d7cea5c668441a1/config/.gitkeep -------------------------------------------------------------------------------- /config/eloquent-oauth.php: -------------------------------------------------------------------------------- 1 | User::class, 7 | 'table' => 'oauth_identities', 8 | 'providers' => [ 9 | 'facebook' => [ 10 | 'client_id' => '12345678', 11 | 'client_secret' => 'y0ur53cr374ppk3y', 12 | 'redirect_uri' => 'https://example.com/your/facebook/redirect', 13 | 'scope' => [], 14 | ], 15 | 'google' => [ 16 | 'client_id' => '12345678', 17 | 'client_secret' => 'y0ur53cr374ppk3y', 18 | 'redirect_uri' => 'https://example.com/your/google/redirect', 19 | 'scope' => [], 20 | ], 21 | 'github' => [ 22 | 'client_id' => '12345678', 23 | 'client_secret' => 'y0ur53cr374ppk3y', 24 | 'redirect_uri' => 'https://example.com/your/github/redirect', 25 | 'scope' => [], 26 | ], 27 | 'linkedin' => [ 28 | 'client_id' => '12345678', 29 | 'client_secret' => 'y0ur53cr374ppk3y', 30 | 'redirect_uri' => 'https://example.com/your/linkedin/redirect', 31 | 'scope' => [], 32 | ], 33 | 'instagram' => [ 34 | 'client_id' => '12345678', 35 | 'client_secret' => 'y0ur53cr374ppk3y', 36 | 'redirect_uri' => 'https://example.com/your/instagram/redirect', 37 | 'scope' => [], 38 | ], 39 | 'soundcloud' => [ 40 | 'client_id' => '12345678', 41 | 'client_secret' => 'y0ur53cr374ppk3y', 42 | 'redirect_uri' => 'https://example.com/your/soundcloud/redirect', 43 | 'scope' => [], 44 | ], 45 | ], 46 | ]; 47 | -------------------------------------------------------------------------------- /migrations/create_oauth_identities_table.stub: -------------------------------------------------------------------------------- 1 | increments('id'); 13 | $table->integer('user_id')->unsigned(); 14 | $table->string('provider_user_id'); 15 | $table->string('provider'); 16 | $table->string('access_token'); 17 | $table->timestamps(); 18 | }); 19 | } 20 | 21 | public function down() 22 | { 23 | $tableName = Config::get('eloquent-oauth.table'); 24 | Schema::drop($tableName); 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /phpunit.xml: -------------------------------------------------------------------------------- 1 | 2 | 13 | 14 | 15 | ./tests/ 16 | 17 | 18 | -------------------------------------------------------------------------------- /readme.md: -------------------------------------------------------------------------------- 1 | > **Important: This package is not actively maintained.** For bug fixes and new features, please fork. 2 | 3 | # Eloquent OAuth L5 4 | 5 | [![This Project Has Been Deprecated.](http://www.repostatus.org/badges/0.1.0/abandoned.svg)](http://www.repostatus.org/#abandoned) 6 | 7 | > Note: Use the [Laravel 4 package](https://github.com/adamwathan/eloquent-oauth-l4) if you are using Laravel 4. 8 | 9 | Eloquent OAuth is a package for Laravel 5 designed to make authentication against various OAuth providers *ridiculously* brain-dead simple. Specify your client IDs and secrets in a config file, run a migration and after that it's just two method calls and you have OAuth integration. 10 | 11 | #### Video Walkthrough 12 | 13 | [![Screenshot](https://cloud.githubusercontent.com/assets/4323180/6274884/ac824c48-b848-11e4-8e4d-531e15f76bc0.png)](https://vimeo.com/120085196) 14 | 15 | #### Basic example 16 | 17 | ```php 18 | // Redirect to Facebook for authorization 19 | Route::get('facebook/authorize', function() { 20 | return SocialAuth::authorize('facebook'); 21 | }); 22 | 23 | // Facebook redirects here after authorization 24 | Route::get('facebook/login', function() { 25 | 26 | // Automatically log in existing users 27 | // or create a new user if necessary. 28 | SocialAuth::login('facebook'); 29 | 30 | // Current user is now available via Auth facade 31 | $user = Auth::user(); 32 | 33 | return Redirect::intended(); 34 | }); 35 | ``` 36 | 37 | #### Supported Providers 38 | 39 | - Facebook 40 | - GitHub 41 | - Google 42 | - LinkedIn 43 | - Instagram 44 | - Soundcloud 45 | 46 | >Feel free to open an issue if you would like support for a particular provider, or even better, submit a pull request. 47 | 48 | ## Installation 49 | 50 | #### Add this package using Composer 51 | 52 | From the command line inside your project directory, simply type: 53 | 54 | `composer require adamwathan/eloquent-oauth-l5` 55 | 56 | #### Update your config 57 | 58 | Add the service provider to the `providers` array in `config/app.php`: 59 | 60 | ```php 61 | 'providers' => [ 62 | // ... 63 | AdamWathan\EloquentOAuthL5\EloquentOAuthServiceProvider::class, 64 | // ... 65 | ] 66 | ``` 67 | 68 | Add the facade to the `aliases` array in `config/app.php`: 69 | 70 | ```php 71 | 'aliases' => [ 72 | // ... 73 | 'SocialAuth' => AdamWathan\EloquentOAuth\Facades\OAuth::class, 74 | // ... 75 | ] 76 | ``` 77 | 78 | #### Publish the package configuration 79 | 80 | Publish the configuration file and migrations by running the provided console command: 81 | 82 | `php artisan eloquent-oauth:install` 83 | 84 | Next, re-migrate your database: 85 | 86 | `php artisan migrate` 87 | 88 | > If you need to change the name of the table used to store OAuth identities, you can do so in the `eloquent-oauth` config file. 89 | 90 | #### Configure the providers 91 | 92 | Update your app information for the providers you are using in `config/eloquent-oauth.php`: 93 | 94 | ```php 95 | 'providers' => [ 96 | 'facebook' => [ 97 | 'client_id' => '12345678', 98 | 'client_secret' => 'y0ur53cr374ppk3y', 99 | 'redirect_uri' => 'https://example.com/facebook/login'), 100 | 'scope' => [], 101 | ] 102 | ] 103 | ``` 104 | 105 | > Each provider is preconfigured with the scope necessary to retrieve basic user information and the user's email address, so the scope array can usually be left empty unless you need specific additional permissions. Consult the provider's API documentation to find out what permissions are available for the various services. 106 | 107 | All done! 108 | 109 | > Eloquent OAuth is designed to integrate with Laravel's Eloquent authentication driver, so be sure you are using the `eloquent` driver in `app/config/auth.php`. You can define your actual `User` model however you choose and add whatever behavior you need, just be sure to specify the model you are using with its fully qualified namespace in `app/config/auth.php` as well. 110 | 111 | #### Custom providers 112 | 113 | If you'd like to register a provider for a service that isn't supported out of the box, you can do so by first specifying the configuration needed for that provider in your `config/eloquent-oauth.php`: 114 | 115 | ```php 116 | // config/eloquent-oauth.php 117 | return [ 118 | 'model' => User::class, 119 | 'table' => 'oauth_identities', 120 | 'providers' => [ 121 | 'facebook' => [ /* ... */], 122 | 'google' => [ /* ... */], 123 | 'gumroad' => [ 124 | 'client_id' => env('GUMROAD_CLIENT_ID'), 125 | 'client_secret' => env('GUMROAD_CLIENT_SECRET'), 126 | 'redirect_uri' => env('GUMROAD_REDIRECT_URI'), 127 | 'scope' => ['view_sales'], 128 | ], 129 | ], 130 | ]; 131 | ``` 132 | 133 | Then specify which class should be used for that provider by extending `EloquentOAuthServiceProvider` with your own implementation that maps the provider name to a provider class: 134 | 135 | ```php 136 | class MySocialAuthServiceProvider extends EloquentOAuthServiceProvider 137 | { 138 | protected function getProviderLookup() 139 | { 140 | // Merge the default providers if you like, or override entirely 141 | // to skip loading those providers completely. 142 | return array_merge($this->providerLookup, [ 143 | 'gumroad' => GumroadProvider::class 144 | ]); 145 | } 146 | } 147 | ``` 148 | 149 | > Don't forget to use your extension of the provider in `config/app.php` instead of the one supplied by the package. 150 | 151 | If your provider follows the same `__construct($config, $httpClient, $request)` parameter signature that the default providers use, you're done. 152 | 153 | If not, make sure you bind your provider to the IOC container in another provider, and the package will make sure to fetch the implementation from the container instead of trying to construct it itself. 154 | 155 | To get an idea of how the providers work, take a look at how the packaged providers are implemented: 156 | 157 | - https://github.com/adamwathan/socialnorm-google 158 | - https://github.com/adamwathan/socialnorm-github 159 | - https://github.com/adamwathan/socialnorm-instagram 160 | - https://github.com/adamwathan/socialnorm-soundcloud 161 | - https://github.com/adamwathan/socialnorm-facebook 162 | - https://github.com/adamwathan/socialnorm-linkedin 163 | 164 | ## Usage 165 | 166 | Authentication against an OAuth provider is a multi-step process, but I have tried to simplify it as much as possible. 167 | 168 | ### Authorizing with the provider 169 | 170 | First you will need to define the authorization route. This is the route that your "Login" button will point to, and this route redirects the user to the provider's domain to authorize your app. After authorization, the provider will redirect the user back to your second route, which handles the rest of the authentication process. 171 | 172 | To authorize the user, simply return the `SocialAuth::authorize()` method directly from the route. 173 | 174 | ```php 175 | Route::get('facebook/authorize', function() { 176 | return SocialAuth::authorize('facebook'); 177 | }); 178 | ``` 179 | 180 | ### Authenticating within your app 181 | 182 | Next you need to define a route for authenticating against your app with the details returned by the provider. 183 | 184 | For basic cases, you can simply call `SocialAuth::login()` with the provider name you are authenticating with. If the user 185 | rejected your application, this method will throw an `ApplicationRejectedException` which you can catch and handle 186 | as necessary. 187 | 188 | The `login` method will create a new user if necessary, or update an existing user if they have already used your application 189 | before. 190 | 191 | Once the `login` method succeeds, the user will be authenticated and available via `Auth::user()` just like if they 192 | had logged in through your application normally. 193 | 194 | ```php 195 | use SocialNorm\Exceptions\ApplicationRejectedException; 196 | use SocialNorm\Exceptions\InvalidAuthorizationCodeException; 197 | 198 | Route::get('facebook/login', function() { 199 | try { 200 | SocialAuth::login('facebook'); 201 | } catch (ApplicationRejectedException $e) { 202 | // User rejected application 203 | } catch (InvalidAuthorizationCodeException $e) { 204 | // Authorization was attempted with invalid 205 | // code,likely forgery attempt 206 | } 207 | 208 | // Current user is now available via Auth facade 209 | $user = Auth::user(); 210 | 211 | return Redirect::intended(); 212 | }); 213 | ``` 214 | 215 | If you need to do anything with the newly created user, you can pass an optional closure as the second 216 | argument to the `login` method. This closure will receive the `$user` instance and a `ProviderUserDetails` 217 | object that contains basic information from the OAuth provider, including: 218 | 219 | - User ID 220 | - Nickname 221 | - Full Name 222 | - Email 223 | - Avatar URL 224 | - Access Token 225 | 226 | ```php 227 | SocialAuth::login('facebook', function($user, $details) { 228 | $user->nickname = $details->nickname; 229 | $user->name = $details->full_name; 230 | $user->profile_image = $details->avatar; 231 | $user->save(); 232 | }); 233 | ``` 234 | 235 | > Note: The Instagram and Soundcloud APIs do not allow you to retrieve the user's email address, so unfortunately that field will always be `null` for those providers. 236 | 237 | ### Advanced: Storing additional data 238 | 239 | Remember: One of the goals of the Eloquent OAuth package is to normalize the data received across all supported providers, so that you can count on those specific data items (explained above) being available in the `$details` object. 240 | 241 | But, each provider offers its own sets of additional data. If you need to access or store additional data beyond the basics of what Eloquent OAuth's default `ProviderUserDetails` object supplies, you need to do two things: 242 | 243 | 1. Request it from the provider, by extending its scope: 244 | 245 | Say for example we want to collect the user's gender when they login using Facebook. 246 | 247 | In the `config/eloquent-oauth.php` file, set the `[scope]` in the `facebook` provider section to include the `public_profile` scope, like this: 248 | 249 | ```php 250 | 'scope' => ['public_profile'], 251 | ``` 252 | 253 | > For available scopes with each provider, consult that provider's API documentation. 254 | 255 | > Note: By increasing the scope you will be asking the user to grant access to additional information. They will be informed of the scopes you're requesting. If you ask for too much unnecessary data, they may refuse. So exercise restraint when requesting additional scopes. 256 | 257 | 2. Now where you do your `SocialAuth::login`, store the to your `$user` object by accessing the `$details->raw()['KEY']` data: 258 | 259 | ```php 260 | SocialAuth::login('facebook', function($user, $details) ( 261 | $user->gender = $details->raw()['gender']; 262 | $user->save(); 263 | }); 264 | ``` 265 | 266 | > Tip: You can see what the available keys are by testing with `dd($details->raw());` inside that same closure. 267 | 268 | -------------------------------------------------------------------------------- /src/EloquentOAuthServiceProvider.php: -------------------------------------------------------------------------------- 1 | 'SocialNorm\Facebook\FacebookProvider', 21 | 'github' => 'SocialNorm\GitHub\GitHubProvider', 22 | 'google' => 'SocialNorm\Google\GoogleProvider', 23 | 'linkedin' => 'SocialNorm\LinkedIn\LinkedInProvider', 24 | 'instagram' => 'SocialNorm\Instagram\InstagramProvider', 25 | 'soundcloud' => 'SocialNorm\SoundCloud\SoundCloudProvider', 26 | ]; 27 | 28 | /** 29 | * Indicates if loading of the provider is deferred. 30 | * 31 | * @var bool 32 | */ 33 | protected $defer = false; 34 | 35 | /** 36 | * Register the service provider. 37 | * 38 | * @return void 39 | */ 40 | public function register() 41 | { 42 | $this->configureOAuthIdentitiesTable(); 43 | $this->registerIdentityStore(); 44 | $this->registerOAuthManager(); 45 | $this->registerCommands(); 46 | } 47 | 48 | protected function registerIdentityStore() 49 | { 50 | $this->app->singleton('AdamWathan\EloquentOAuth\IdentityStore', function ($app) { 51 | return new EloquentIdentityStore; 52 | }); 53 | } 54 | 55 | protected function registerOAuthManager() 56 | { 57 | $this->app->singleton('adamwathan.oauth', function ($app) { 58 | $providerRegistry = new ProviderRegistry; 59 | $session = new Session($app['session']); 60 | $request = new Request($app['request']->all()); 61 | $stateGenerator = new StateGenerator; 62 | $socialnorm = new SocialNorm($providerRegistry, $session, $request, $stateGenerator); 63 | $this->registerProviders($socialnorm, $request); 64 | 65 | if ($app['config']['eloquent-oauth.model']) { 66 | $users = new UserStore($app['config']['eloquent-oauth.model']); 67 | } else { 68 | if ($app['config']['auth.providers.users.model']) { 69 | $users = new UserStore($app['config']['auth.providers.users.model']); 70 | } else { 71 | $users = new UserStore($app['config']['auth.model']); 72 | } 73 | } 74 | 75 | $authenticator = new Authenticator( 76 | $app['Illuminate\Contracts\Auth\Guard'], 77 | $users, 78 | $app['AdamWathan\EloquentOAuth\IdentityStore'] 79 | ); 80 | 81 | $oauth = new OAuthManager($app['redirect'], $authenticator, $socialnorm); 82 | return $oauth; 83 | }); 84 | } 85 | 86 | protected function registerProviders($socialnorm, $request) 87 | { 88 | if (! $providerAliases = $this->app['config']['eloquent-oauth.providers']) { 89 | return; 90 | } 91 | 92 | foreach ($providerAliases as $alias => $config) { 93 | if (isset($this->getProviderLookup()[$alias])) { 94 | $providerClass = $this->getProviderLookup()[$alias]; 95 | 96 | if ($this->app->bound($providerClass)) { 97 | $provider = $this->app->make($providerClass); 98 | } else { 99 | $provider = new $providerClass($config, new HttpClient, $request); 100 | } 101 | 102 | $socialnorm->registerProvider($alias, $provider); 103 | } 104 | } 105 | } 106 | 107 | protected function getProviderLookup() 108 | { 109 | return $this->providerLookup; 110 | } 111 | 112 | protected function configureOAuthIdentitiesTable() 113 | { 114 | OAuthIdentity::configureTable($this->app['config']['eloquent-oauth.table']); 115 | } 116 | 117 | /** 118 | * Registers some utility commands with artisan 119 | * @return void 120 | */ 121 | public function registerCommands() 122 | { 123 | $this->app->bind('command.eloquent-oauth.install', 'AdamWathan\EloquentOAuthL5\Installation\InstallCommand'); 124 | $this->commands('command.eloquent-oauth.install'); 125 | } 126 | 127 | /** 128 | * Get the services provided by the provider. 129 | * 130 | * @return array 131 | */ 132 | public function provides() 133 | { 134 | return ['adamwathan.oauth']; 135 | } 136 | 137 | } 138 | -------------------------------------------------------------------------------- /src/Installation/FileExistsException.php: -------------------------------------------------------------------------------- 1 | filesystem = $filesystem; 20 | 21 | if (class_exists(Composer52::class)) { 22 | $this->composer = app(Composer52::class); 23 | } else { 24 | $this->composer = app(Composer51::class); 25 | } 26 | } 27 | 28 | public function handle() 29 | { 30 | try { 31 | $this->publishConfig(); 32 | $this->publishMigrations(); 33 | $this->composer->dumpAutoloads(); 34 | $this->comment('Package configuration and migrations installed!'); 35 | } catch (FileExistsException $e) { 36 | $this->error('It looks like this package has already been installed. Use --force to override.'); 37 | } 38 | } 39 | 40 | public function publishConfig() 41 | { 42 | $this->publishFile(__DIR__ . '/../../config/eloquent-oauth.php', config_path() . '/eloquent-oauth.php'); 43 | $this->info('Configuration published.'); 44 | } 45 | 46 | public function publishMigrations() 47 | { 48 | $name = 'create_oauth_identities_table'; 49 | $path = $this->laravel['path.database'] . '/migrations'; 50 | $fullPath = $this->laravel['migration.creator']->create($name, $path); 51 | $this->filesystem->put($fullPath, $this->filesystem->get(__DIR__ . '/../../migrations/create_oauth_identities_table.stub')); 52 | } 53 | 54 | public function publishFile($from, $to) 55 | { 56 | if ($this->filesystem->exists($to) && !$this->option('force')) { 57 | throw new FileExistsException; 58 | } 59 | 60 | $this->filesystem->copy($from, $to); 61 | } 62 | 63 | protected function getOptions() 64 | { 65 | return [ 66 | ['force', null, InputOption::VALUE_NONE, 'Overwrite any existing files.'], 67 | ]; 68 | } 69 | 70 | } 71 | -------------------------------------------------------------------------------- /tests/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/adamwathan/eloquent-oauth-l5/8d6c9098f9b4ab2fcc806b8b4d7cea5c668441a1/tests/.gitkeep -------------------------------------------------------------------------------- /todo.md: -------------------------------------------------------------------------------- 1 | # To Do 2 | - Add tests for individual provider implementations 3 | - Probably extract providers into their own packages 4 | - Add documentation for creating your own providers 5 | - Delete created user and OAuth identity if anything goes wrong that would leave the user in an "unfinished" state after initial creation 6 | - Add exception handling for "user creation failed" (unique constraints or just database errors, whatever) 7 | - Maybe stop storing access token? Don't actually ever use it again, it's totally single use... 8 | - Remove hard dependency on Session\Store, replace with some sort of "CrossRequestPersistanceInterface" or something 9 | - Look for more opportunities to add abstractions to different provider implementations. Had to do some crappy stuff with the LinkedIn provider. 10 | - Twitter support, going to be interesting... 11 | --------------------------------------------------------------------------------