This is an integration sample written in PHP using the Lumen micro-framework. The core logic of this application is at the AuthController. There you will find the setup logic for league/oauth2-client and the flow for making login calls and the setup for the callback endpoint.
PHP >= 7.3
To learn more about how to download, install and configure these requirements, please refer to our windows environment setup guide.
To run this project locally in your development environment, you will have to use
127.0.0.1. For this project, we are using
If you are running multiple projects, consider accessing the
hosts file to add a custom URI setting for your project.
Linux and macOS:
hosts file will look like the following:
# Default Settings127.0.0.1 localhost255.255.255.255 broadcasthost::1 localhost# Custom URI Settings127.0.0.1 php.integration.localhost
Note: When using a custom URIs for your local projects, you will have to use
The first step to getting this project up and running is to clone this repository. Once you cloned the project, you will need to
cd into the project folder.
$ git clone https://github.com/loginid1/php-lumen-integration.git$ cd php-lumen-integration
This project utilizes Composer to manage its dependencies. So, before using this project, make sure you have Composer installed on your machine.
To configure environment variables you will need make a copy of
.env.example file and rename it to
.env and fill all the environment variables. To have a better understanding of the variables please refer to this section.
Another requirement to run this project is to have SQLite installed. So, before using this project, make sure you have SQLite installed on your machine.
$ touch database/database.sqlite$ php artisan migrate
Now that you have depencencies installed, database configured and environment variables filled, you can run the project and test the OIDC flow unsing the PHP laravel/lumen project.
$ php -S localhost:8000 -t public
This is the URI that will be used to communicate with LoginID's servers, for this example, we are using the development servers, therefore we are going to use the
When the user authenticates themselves with LoginID (similar to authenticating with Google), LoginID will need to pass back control and information back to your servers. The Callback URL is the path that will be used to accomplish this and you will need to define it.
Note: Save this redirect URI, you will use it to create your client credentials later on.
openid scope to have access to the JWT. If you need access to the refresh token also add the
In order to receive access to integrate LoginID, you will need to create your client credentials. This is similar to the credentials you would create with Google to use Google authentication. This allows you to use LoginID services in a secure, authenticated fashion.
To obtain the client keys you will need to perform the following steps:
Step 1 - Using an existing account or registering a new one
Navigate to https://sandbox-usw1.api.loginid.io/en/register
Enter your username and organization id for an existing account or select the "Sign Up" option and create a new account.
Hit the "Login" or "Register" button
Step 2 - Use your biometric capabilities
Your web browser will ask for permission to use your security key or another authenticator in order to proceed with account creation.
Please note that the native dialogues for doing so vary by browser, operating system and the type of authenticator you are using.
Step 3 - Enter the integration dashboard
Once you have access to the LoginID dashboard, use the navigation bar to select "Integrations" option or press the "Add Integration" button.
Step 4 - Sign the Customer License Agreement
Scroll down the page and press the "View" button.
Agree to the terms and press the "Sign" button.
Step 5 - Add new OIDC Integration
Press the "Get Integrated" button under the OIDC box.
Enter a name for your application, website or service.
Enter the callback URL for your application, website or service.
Press the "Create" button.
Copy the Application ID and Application Secret and use them to fill the
LOGIN_APPSECRET variables respectively.