Comments (4)
Good question @citosid ! There's a simple reason. PHP session handlers can already be extended / customized for these type of use-cases. (http://php.net/manual/en/session.customhandler.php) Since our library focuses on minimalism, we try to avoid reinventing the wheel. Does this help?
from openid-connect-php.
I know this is an old issue, but it came up in my search for a similar solution a few days ago and I wasn't able to find much else around how to do this. I thought it might be useful for future devs to post what I ended up doing.
In my case, we had built a custom login provider for Laravel so that we can easily tie our web applications to our OIDC infrastructure, and we used this lovely Jumbojett client as a base dependency to handle the heavy lifting of OIDC operations. However, we also needed the client to use Laravel's session handling infrastructure so the application would control where/how sessions are stored, rather than allowing it to fallback to the global settings of the web server.
To do this, I ended up creating a new client class, which inherits the Jumbojett OpenIDConnectClient class. I then overrode the following methods from the base client class:
startSession()
getSessionKey($key)
setSessionKey($key, $value)
unsetSessionKey($key)
commitSession()
redirect($url)
For our needs in Laravel, startSession()
and commitSession
were left empty since those things are handled automatically by the framework and the rest were implemented using framework calls. I was very thankful that the last one, redirect()
, was a discrete method since I needed to override that one as well. However, that may not be necessary for every use case.
The reason I needed to do so here was because Laravel persists newly set session data near the end of the request pipeline. Allowing the Jumbojett client to redirect on its own was prematurely halting the pipeline execution, preventing the session data from being written. I needed to use the redirect functionality of the framework to ensure the request pipeline completed properly before the redirect occurred.
Overall, this approach should work for many use cases, depending on your session handling needs. It's a lot cleaner since you don't have to concern yourself with forking the entire client project and keeping it in sync with upstream changes, and can instead leave it as is as a base dependency. Let's hear it for polymorphism!
from openid-connect-php.
Oh perfect! That is awesome. I did not know you could do that kind of thing.
I was thinking on forking this and add that logic... but since it is possible to do it with php itself already, that might be the way to go.
Thank you!
from openid-connect-php.
this system will be in the cloud, using containers and load balancers
... I'll add this piece of advice as well. Check out the following tutorial on how to setup Redis as a back-end for session handling. It should work with distributed containers and our library.
https://www.digitalocean.com/community/tutorials/how-to-set-up-a-redis-server-as-a-session-handler-for-php-on-ubuntu-14-04
from openid-connect-php.
Related Issues (20)
- default value for getProviderConfigValue is supposed to be string, but is array HOT 2
- Add information to README.md
- Bugs - Azure B2C - URL char issue HOT 2
- Issue when running composer require jumbojett/openid-connect-php HOT 1
- signout() does not sign me out of my application HOT 9
- requestClientCredentialsToken invalid scope in Keycloak HOT 2
- Throwed error if the server returns one is complete HOT 1
- OpenID Connect can return an id_token as part of the refresh_token grant type
- Keycloak 22.0 not supported? HOT 5
- Release new major ... HOT 1
- Cant get codeVerifier in redirectUri if we make authorization flow using PKCE HOT 1
- SERVER_PORT always causes port in redirect URL HOT 4
- Redirect doesn't remove state, session_state, and code params HOT 2
- Support dropped for phpseclib 2.*? HOT 2
- Invalid Client - Connect Token HOT 1
- Support for `id_token_signing_alg_values_supported` HOT 1
- Return types are too strict
- requestTokenExchange error Passing null to parameter #2 of http_build_query
- Debug Mode ? HOT 1
- scopes attribut are NULL HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openid-connect-php.