Configuration

Let's start integrating our app with the Auth server.

Before we start make sure to kept it in the following path /app/OAuth for it work properly.

Session state verifier table

This table will serve as a code verifier for storing session states related to authorization. It will be utilized to verify the validity of sessions state before issuing a code for exchanging JWT tokens.

  1. Create a model along with a migration file
php artisan make:model SessionIdentifier -m

Add these codes to the SessionIdentifier model class

protected $fillable = [
  'state',
  'session_id',
  'user_agent',
  'hash'
];

public function generateHash(SessionIdentifier $sessionIdentifier) {
  $state = $sessionIdentifier->state;
  $session_id = $sessionIdentifier->session_id;
  $userAgent = $sessionIdentifier->user_agent;
  $sessionIdentifier->hash = hash('sha256', $state . $session_id . $userAgent);
  $sessionIdentifier->save();
  return $sessionIdentifier;
}
  1. Modify the migration file schema
public function up(): void
{
  Schema::create('session_identifiers', function (Blueprint $table) {
    $table->bigIncrements('id');
    $table->string('state', 40);
    $table->string('session_id');
    $table->string('user_agent');
    $table->string('hash')->index();
    $table->timestamps();
  });
}
  1. Run the migration
php artisan migrate

or running the following command with a specific migration file

php artisan migrate:refresh --path=database/migrations/{name_of_the_migration_file.php}

Config the service provider

  • Locate the file: go to /config/app.php
  • Locate the providers array and add the following line to bottom of the array lists:
App\OAuth\PPIOAuthServiceProvider::class,

Config the auth guard

To protect our application add the auth guard - to allow only authorize user to access our app.

Locate the file: go to /config/auth.php

  1. Locate the guards array and add the following line
'ppi-oauth' => [
    'driver' => 'ppi-oauth',
    'provider' => 'ppi-oauth',
],
  1. Locate the providers array and add the following line
'ppi-oauth' => [
    'driver' => 'ppi-oauth',
    'model' => \App\Models\User::class,
]

A full config should look like this

'guards' => [
    //other guards...
    'ppi-oauth' => [
        'driver' => 'ppi-oauth',
        'provider' => 'ppi-oauth',
    ],
],

'providers' => [
    //other providers...
    'ppi-oauth' => [
        'driver' => 'ppi-oauth',
        'model' => \App\Models\User::class,
    ],
],

Config the .env file

Add these configurations into the .env file. These configurations are used to connect to the OAUTH server.

# This is subject to change base on the actual oauth server uri
OAUTH_SERVER_URL="https://auth.peoplenpartners.com"
OAUTH_CLIENT_ID="your_client_id"
OAUTH_CLIENT_SECRET="your_client_secret"
OAUTH_CALLBACK_URI="your_app_callback_uri"

# This is subject to change base on the actual oauth server uri, config..., please ask the team for verification
OAUTH_DB_HOST="https://auth.peoplenpartners.com"
OAUTH_DB_PORT=3306
OAUTH_DB_DATABASE=oauth-server
OAUTH_DB_USERNAME=root
OAUTH_DB_PASSWORD=

Make sure to run this command every time after making changes to the .env variable.

php artisan optimize:clear

Add a database connection

In the config/database.php file, locate the connections array add a new database connection for the Oauth server as below

//other connections...
'oauth_db' => [
    'driver' => 'mysql',
    'host' => env("OAUTH_DB_HOST", "127.0.0.1"),
    'port' => env('OAUTH_DB_PORT', '3306'),
    'database' => env('OAUTH_DB_DATABASE'),
    'username' => env('OAUTH_DB_USERNAME'),
    'password' => env('OAUTH_DB_PASSWORD'),
],

Update user model DB Connection

We set the above db connection config oauth_db to the User model to ensure that the user data are fetched from the Auth server.

  1. We need to add a HasVerifyRolePermission trait to the User model. This will check the user permissions if defined in the controller actions.
  2. Set the User model connection to our custom oauth_db connection
//Final code should look similar to this
<?php
namespace App\Models;

use Illuminate\Foundation\Auth\User as Authenticatable;
use App\OAuth\Trait\HasVerifyRolePermission;
//others classes or helper classes...

class User extends Authenticatable
{
    use HasVerifyRolePermission; //other trait...

    protected $connection = 'oauth_db'; //this will connect to the oauth database whenever we call it
}

Add the permissions checker

This middleware verifies users permissions that defined within the app. Add the CheckPermission middleware as follows.

  • Go to app/Http/Kernel.php
  • Locate the routeMiddleware array
  • Add the CheckPermission middleware to the array as below
'permission' => \App\OAuth\Middleware\CheckPermission::class,

To ensured our application is properly config and work as expected we will need to run the command one last time

php artisan optimize:clear
✨ Well done we're now successfully completed all configuration! Now lets us move on to the usage section.
Table of Contents