At its core, the SSO system works by centralizing the login process. Instead of each application managing its own user credentials, they all delegate authentication to a single, trusted Identity Provider (IdP)<\/strong>. Your applications (Dashboard, Trips, Events, Blog, Forum) become Service Providers (SPs)<\/strong> that trust the IdP.<\/p>\n\n\n\n Entities Involved:<\/strong><\/p>\n\n\n\n Step 1: User Initiates Access to SP-Forum<\/strong> Step 2: SP-Forum Checks for Local Session and Redirects<\/strong><\/p>\n\n\n\n Step 3: IdP Authenticates the User<\/strong><\/p>\n\n\n\n Step 4: User Submits Credentials<\/strong> Step 5: IdP Validates Credentials and Establishes Session<\/strong><\/p>\n\n\n\n Step 6: IdP Redirects Back to SP-Forum<\/strong> Step 7: SP-Forum Exchanges Code for Tokens<\/strong><\/p>\n\n\n\n Step 8: IdP Issues Access and ID Tokens<\/strong><\/p>\n\n\n\n Step 9: SP-Forum Fetches User Info and Creates Local Session<\/strong><\/p>\n\n\n\n Result of Phase 1:<\/strong> The user is now successfully logged into Step 10: User Navigates to SP-Trips<\/strong> Step 11: SP-Trips Checks for Local Session and Redirects<\/strong><\/p>\n\n\n\n Step 12: IdP Detects Active Session and Skips Login<\/strong><\/p>\n\n\n\n Step 13-15: SP-Trips Completes the Login Flow<\/strong> If the user then visits a different SP, that SP will also redirect to the IdP, which, recognizing the existing authenticated session, will immediately send back a new authorization code without requiring the user to log in again.<\/p>\n\n\n\n Note: You can visualize the process as a central hub (the IdP) with spokes connecting to each of your applications (the SPs). All user authentication traffic is routed through this hub.<\/em><\/p>\n\n\n\n This is the most critical component. It will be a standalone Laravel application responsible for managing all users and authentication.<\/p>\n\n\n\n Create a new Laravel project. This will serve as your authentication server (e.g., Configure your Passport will transform your Laravel app into a full OAuth2 server.<\/p>\n\n\n\n 1. Install via Composer:<\/strong><\/p>\n\n\n\n 2. Run Migrations:<\/strong> This creates the necessary database tables for clients and tokens.<\/p>\n\n\n\n 3. Run Passport Installer:<\/strong> This command creates encryption keys and default clients.<\/p>\n\n\n\n 4. Configure User Model:<\/strong> Add the File:<\/strong> 5. Configure AuthServiceProvider:<\/strong> Register Passport’s routes.<\/p>\n\n\n\n File:<\/strong> 6. Configure API Auth Guard:<\/strong> Tell Laravel to use Passport for API authentication.<\/p>\n\n\n\n File:<\/strong> Service providers will use this endpoint to get user details after getting an access token.<\/p>\n\n\n\n File:<\/strong> For each of your applications, run this command in your IdP’s terminal. You will receive a Client ID<\/strong> and Client Secret<\/strong> for each one\u2014save these credentials securely.<\/p>\n\n\n\n This section applies to your Dashboard, Trips, and Events applications. The steps are identical for each.<\/p>\n\n\n\n File:<\/strong> File:<\/strong> Since your IdP is not a standard one like Google, you must teach Socialite how to communicate with it.<\/p>\n\n\n\n 1. Install the Socialite Providers Manager:<\/strong><\/p>\n\n\n\nCore logic<\/h2>\n\n\n\n
\n
HolidayLandmark.com\/forum<\/code>.<\/li>\n\n\n\nEventMie<\/code> application at HolidayLandmark.com\/trips<\/code>.<\/li>\n<\/ul>\n\n\n\nPhase 1: Initial Login at SP-Forum<\/h3>\n\n\n\n
The user navigates their browser to https:\/\/HolidayLandmark.com\/forum<\/code>.<\/p>\n\n\n\n\n
\/authorize<\/code> endpoint. This request includes parameters like client_id<\/code> (identifying SP-Forum), redirect_uri<\/code> (where to send the user back), response_type=code<\/code>, and scope<\/code>.<\/li>\n<\/ul>\n\n\n\n\n
The user enters their credentials and submits the form to the IdP<\/strong>.<\/p>\n\n\n\n\n
The IdP<\/strong> redirects the user’s browser back to the redirect_uri<\/code> provided by SP-Forum<\/strong> in Step 2. The authorization code is included as a query parameter in the URL.<\/p>\n\n\n\n\n
redirect_uri<\/code> at SP-Forum<\/strong>.<\/li>\n\n\n\n\/token<\/code> endpoint. This request includes the authorization_code<\/code>, its client_id<\/code>, and client_secret<\/code>.<\/li>\n<\/ul>\n\n\n\n\n
client_id<\/code>, and client_secret<\/code>.<\/li>\n\n\n\n\n
\/api\/user<\/code>).<\/li>\n\n\n\nuser_id<\/code>, email<\/code>, name<\/code>).<\/li>\n\n\n\nuser_id<\/code> from the IdP.\n\n
users<\/code> table (without a password).<\/li>\n\n\n\nHolidayLandmark.com\/forum<\/code>. The browser holds two important cookies: one for the SP-Forum<\/strong> session and one for the central IdP<\/strong> session.<\/p>\n\n\n\nPhase 2: Seamless Access to SP-Trips<\/h3>\n\n\n\n
The user opens https:\/\/HolidayLandmark.com\/trips<\/code> in the same browser.<\/p>\n\n\n\n\n
\/authorize<\/code> endpoint.<\/li>\n<\/ul>\n\n\n\n\n
redirect_uri<\/code> specified by SP-Trips<\/strong>. This happens automatically and almost instantly.<\/li>\n<\/ul>\n\n\n\n
The process now follows the same final steps as the first login, but for SP-Trips<\/strong>:<\/p>\n\n\n\n\n
The flow follows the OAuth 2.0 Authorization Code Grant protocol:<\/strong><\/h2>\n\n\n\n
\n
client_id<\/code> and redirect_uri<\/code>.<\/li>\n\n\n\nredirect_uri<\/code>, providing a temporary authorization code.<\/li>\n\n\n\nclient_id<\/code>, and its client_secret<\/code> for a permanent access token<\/strong>.<\/li>\n\n\n\nPart 1: Building the Central Identity Provider (IdP) with Laravel Passport<\/h2>\n\n\n\n
Step 1.1: Set Up the IdP Project<\/h2>\n\n\n\n
auth.holidaylandmark.com<\/code>).<\/p>\n\n\n\nlaravel new holidaylandmark-idp
cd holidaylandmark-idp
<\/code><\/pre>\n\n\n\n.env<\/code> file with your database details and APP_URL<\/code>.<\/p>\n\n\n\nStep 1.2: Install and Configure Laravel Passport<\/h2>\n\n\n\n
composer require laravel\/passport
<\/code><\/pre>\n\n\n\nphp artisan migrate
<\/code><\/pre>\n\n\n\nphp artisan passport:install
<\/code><\/pre>\n\n\n\nHasApiTokens<\/code> trait.<\/p>\n\n\n\n\n
app\/Models\/User.php<\/code><\/p>\n<\/blockquote>\n\n\n\nphp
<?php\nnamespace App\\Models;\n\nuse Laravel\\Passport\\HasApiTokens; \/\/ <-- Add this<\/em>\nuse Illuminate\\Foundation\\Auth\\User as Authenticatable;\nuse Illuminate\\Notifications\\Notifiable;\n\nclass User extends Authenticatable\n{\n use HasApiTokens, Notifiable; \/\/ <-- And add this<\/em>\n \/\/ ... rest of the model<\/em>\n}\n<\/code><\/pre>\n\n\n\n\n
app\/Providers\/AuthServiceProvider.php<\/code><\/p>\n<\/blockquote>\n\n\n\nphp
<?php\nnamespace App\\Providers;\n\nuse Laravel\\Passport\\Passport; \/\/ <-- Add this<\/em>\nuse Illuminate\\Foundation\\Support\\Providers\\AuthServiceProvider as ServiceProvider;\n\nclass AuthServiceProvider extends ServiceProvider\n{\n \/\/ ...<\/em>\n public function boot()\n {\n $this->registerPolicies();\n Passport::routes(); \/\/ <-- Add this line<\/em>\n }\n}\n<\/code><\/pre>\n\n\n\n\n
config\/auth.php<\/code><\/p>\n<\/blockquote>\n\n\n\nphp
'guards' => [\n \/\/ ...<\/em>\n 'api' => [\n 'driver' => 'passport', \/\/ <-- Change 'token' to 'passport'<\/em>\n 'provider' => 'users',\n ],\n],\n<\/code><\/pre>\n\n\n\nStep 1.3: Create an API Route to Fetch User Data<\/h2>\n\n\n\n
\n
routes\/api.php<\/code><\/p>\n<\/blockquote>\n\n\n\nphp
<?php\nuse Illuminate\\Http\\Request;\nuse Illuminate\\Support\\Facades\\Route;\n\nRoute::middleware('auth:api')->get('\/user', function (Request $request) {\n return $request->user();\n});\n<\/code><\/pre>\n\n\n\nStep 1.4: Register Each Service Provider as an OAuth Client<\/h2>\n\n\n\n
# For the Dashboard<\/em>
php artisan passport:client --name=\"Dashboard\" --redirect_uri=\"https:\/\/holidaylandmark.com\/auth\/callback\"
# For the Trips App<\/em>
php artisan passport:client --name=\"Trips\" --redirect_uri=\"https:\/\/holidaylandmark.com\/trips\/auth\/callback\"
# For the Events App<\/em>
php artisan passport:client --name=\"Events\" --redirect_uri=\"https:\/\/holidaylandmark.com\/events\/auth\/callback\"
# For the WordPress Blog (using custom code callback)<\/em>
php artisan passport:client --name=\"Blog\" --redirect_uri=\"https:\/\/holidaylandmark.com\/blogs\/wp-login.php?action=hl_sso_callback\"
# For the Flarum Forum (using custom code callback)<\/em>
php artisan passport:client --name=\"Forum\" --redirect_uri=\"https:\/\/holidaylandmark.com\/forum\/auth\/holidaylandmark\"
<\/code><\/pre>\n\n\n\nPart 2: Configuring the Laravel Service Providers (Dashboard, Trips, Events)<\/h2>\n\n\n\n
Step 2.1: Install Socialite<\/h2>\n\n\n\n
composer require laravel\/socialite
<\/code><\/pre>\n\n\n\nStep 2.2: Add Credentials<\/h2>\n\n\n\n
\n
config\/services.php<\/code><\/p>\n<\/blockquote>\n\n\n\nphp
'holidaylandmark_sso' => [\n 'client_id' => env('HL_SSO_CLIENT_ID'),\n 'client_secret' => env('HL_SSO_CLIENT_SECRET'),\n 'redirect' => env('HL_SSO_REDIRECT_URI'),\n],\n<\/code><\/pre>\n\n\n\n\n
.env<\/code> (Use the unique credentials for each SP)<\/p>\n<\/blockquote>\n\n\n\ntext
HL_SSO_CLIENT_ID=your-client-id-for-this-app\nHL_SSO_CLIENT_SECRET=your-client-secret-for-this-app\nHL_SSO_REDIRECT_URI=https:\/\/your-app-domain.com\/auth\/callback\n<\/code><\/pre>\n\n\n\nStep 2.3: Create a Custom Socialite Provider<\/h2>\n\n\n\n