PHP (laravel/lumen)

Please note that LoginID authentication currently supports the platform authenticators (device built-in) which allow the user to authenticate using their biometrics. We are currently working to finalize our support for the roaming authenticators (security keys).

CNAME Redirect for your Application (Under Development)

To have your users access your application with a customized URL to your authentication endpoint:

For example, instead of https://oauth2.[region].loginid.io, your URL can be https://login.[client].com.

To enable this customization a new canonical name (CNAME) record redirect needs to be set up in your origin domain name system (DNS) record. team is currently developing custom URL support for our clients. Once this feature is completed, you will be able to point the external hostname of your application to the URL provided by LoginID.

This is an integration sample written in PHP using the Lumen micro-framework. The core logic of this application is at the AuthController. There you will find the setup logic for league/oauth2-client and the flow for making login calls and the setup for the callback endpoint.

asciicast

Requirements

  • PHP >= 7.3

  • Composer

  • SQLite

  • Git

To learn more about how to download, install and configure these requirements, please refer to our windows environment setup guide.

Local setup

To run this project locally in your development environment, you will have to use localhost or 127.0.0.1. For this project, we are using localhost URI.

Optional configuration:

If you are running multiple projects, consider accessing the hosts file to add a custom URI setting for your project.

Linux and macOS: /etc/hosts

Windows: C:\windows\system32\drivers\etc\hosts

The hosts file will look like the following:

# Default Settings
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
# Custom URI Settings
127.0.0.1 php.integration.localhost

Note: When using a custom URIs for your local projects, you will have to use .localhost suffix.

Clone the project

The first step to getting this project up and running is to clone this repository. Once you cloned the project, you will need to cd into the project folder.

$ git clone https://github.com/loginid1/php-lumen-integration.git
$ cd php-lumen-integration

Install dependencies

This project utilizes Composer to manage its dependencies. So, before using this project, make sure you have Composer installed on your machine.

Fill the environment variables

To configure environment variables you will need make a copy of .env.example file and rename it to .env and fill all the environment variables. To have a better understanding of the variables please refer to this section.

Create the database

Another requirement to run this project is to have SQLite installed. So, before using this project, make sure you have SQLite installed on your machine.

$ touch database/database.sqlite
$ php artisan migrate

Execute the project

Now that you have depencencies installed, database configured and environment variables filled, you can run the project an a=ba = b d test the OIDC flow using the PHP laravel/lumen project.

$ php -S localhost:8000 -t public

Filling the environment variables

The LOGIN_URI variable

This is the URI that will be used to communicate with LoginID's servers, for this example, we are using the development servers, therefore we are going to use the https://oauth2.usw1.api.loginid.ioURI.

LOGIN_URI=https://oauth2.usw1.api.loginid.io

The LOGIN_REDIRECT_URI variable

When the user authenticates themselves with LoginID (similar to authenticating with Google), LoginID will need to pass back control and information back to your servers. The Callback URL is the path that will be used to accomplish this and you will need to define it.

LOGIN_REDIRECT_URI=http://localhost:8000/callback

Note: Save this redirect URI, you will use it to create your client credentials later on.

The LOGIN_SCOPES variable

Add the openid scope to have access to the JWT. If you need access to the refresh token also add the offline scope.

The LOGIN_APPID and LOGIN_APPSECRET variables

In order to receive access to integrate LoginID, you will need to create your client credentials. This is similar to the credentials you would create with Google to use Google authentication. This allows you to use LoginID services in a secure, authenticated fashion.

To obtain the client keys you will need to perform the following steps:

Step 1 - Using an existing account or registering a new one

  • Enter your username and organization id for an existing account or select the "Sign Up" option and create a new account.

  • Hit the "Login" or "Register" button

Step 2 - Use your biometric capabilities

  • Your web browser will ask for permission to use your security key or another authenticator in order to proceed with account creation.

  • Please note that the native dialogues for doing so vary by browser, operating system and the type of authenticator you are using.

Step 3 - Enter the integration dashboard

Once you have access to the LoginID dashboard, use the navigation bar to select "Integrations" option or press the "Add Integration" button.

Step 4 - Sign the Customer License Agreement

  • Scroll down the page and press the "View" button.

  • Agree to the terms and press the "Sign" button.

Step 5 - Add new OIDC Integration

  • Press the "Get Integrated" button under the OIDC box.

  • Enter a name for your application, website or service.

  • Enter the callback URL for your application, website or service.

  • Press the "Create" button.

  • Copy the Application ID and Application Secret and use them to fill the LOGIN_APPID and LOGIN_APPSECRET variables respectively.

LOGIN_APPID=your.application.id
LOGIN_APPSECRET=your.application.secret