SSO Login into Drupal using Laravel as OAuth / OpenID Connect Provider

Drupal OAuth / OpenID Connect SSO integration enables SSO between the Drupal site and Laravel Passport. This setup guide helps in configuring Single Sign-On (SSO) between the Drupal site and Laravel Passport using the OAuth / OpenID Connect module. This module is compatible with Drupal 7, Drupal 8, Drupal 9, and Drupal 10. When you incorporate the OAuth / OpenID Connect module with the Drupal site, you can log into the Drupal site seamlessly with Laravel Passport credentials.

Setup Drupal as OAuth Client:

• On the Drupal site, navigate to Configuration -> miniOrange OAuth Client Configuration -> Configure OAuth tab.

• Select Custom OAuth 2.0 Provider from the Select Application drop-down.
• Copy the Callback/Redirect URL and keep it handy.
• Enter Laravel as the Application name in the Display Name text-field.

Create OAuth / OpenID SSO Application in Laravel Passport:

• Create a laravel project on your local machine using command and set it up:
  composer create-project --prefer-dist laravel/laravel blog
• Change the directory to blog using cd blog command. Install laravel passport.
  composer require laravel/passport
• Go to config/app.php and add below provider
  Laravel\Passport\PassportServiceProvider::class
• Run below commands
  php artisan migrate
  php artisan passport:install
• Go to app/User.php model class, add HasApiTokens trait to the code:

      namespace App;
      use Laravel\Passport\HasApiTokens;
      use Illuminate\Contracts\Auth\MustVerifyEmail;
      use Illuminate\Foundation\Auth\User as Authenticatable;
      use Illuminate\Notifications\Notifiable;
       
      class User extends Authenticatable
      {
        use HasApiTokens, Notifiable;
       
        
          /**
           * The attributes that are mass assignable.
           *
           * @var array
          */
          
          protected $fillable = [
              'name', 'email', 'password',
          ];
       
          /**
           * The attributes that should be hidden for arrays.
           *
           * @var array
           */
          protected $hidden = [
              'password', 'remember_token',
          ];
       
          /**
           * The attributes that should be cast to native types.
           *
           * @var array
           */
         
          protected $casts = [
              'email_verified_at' => 'datetime',
          ];
      }
      

• Go to app/Providers/AuthServiceProvider.php, add use Laravel\Passport\Passport; , Passport::routes(); routes to the service code:

      namespace App\Providers;
      use Laravel\Passport\Passport;
      use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
      use Illuminate\Support\Facades\Gate;
       
      class AuthServiceProvider extends ServiceProvider
      {
      
          /**
           * The policy mappings for the application.
           *
           * @var array
           */
          protected $policies = [
              // 'App\Model' => 'App\Policies\ModelPolicy',
          ];
       
          /**
           * Register any authentication / authorization services.
           *
           * @return void
           */
          public function boot()
          {
              $this->registerPolicies();
              Passport::routes();
              //
          }
      }
     

• Go to config/auth.php and change the API driver token to the passport as we are going to use the Passport library.

      'guards' => [
              'web' => [
                  'driver' => 'session',
                  'provider' => 'users',
              ],
              'api' => [
                  'driver' => 'passport',
                  'provider' => 'users',
                  'hash' => false,
              ],
          ],
      

Integrating Drupal with Laravel:

• Navigate to the Laravel portal and run the following commands to get Client ID and Client Secret:
  php artisan passport: client
• It will ask you the following questions:

      Which user ID should the client be assigned to?:
      > 1
           
      What should we name the client?:
      > Demo OAuth2 Client Account
           
      Where should we redirect the request after authorization?
      > Paste the Callback/Redirect URL
      New client created successfully.
          
      Client ID: 1
      Client secret: zMm0tQ9Cp7LbjK3QTgPy1pssoT1X0u7sg0YWUW01
      

• Copy the Client ID and Client secret value.
• Go to the Drupal's Configure OAuth tab and paste the copied Client ID and Client secret into the respective text-fields.

• To create a UserInfo endpoint manually, in the app/Http/Controllers, create a file UserController.php:

      <?php
      namespace App\Http\Controllers;
      use App\Http\Controllers\Controller;
      use Illuminate\Http\Request;
      use App\Models\User;
      use Auth;
      class UserController extends Controller
      {
          public function get(Request $request)
          {
              $user_id = Auth::id();
              $user = User::find($user_id);
              return $user;
          }
      }
      

• Register the API route by adding the below line in routes/api.php file:

      //For Laravel below 8 and migrated to the 8 version:
      Route::middleware('auth:api')->get('/user/get', 'UserController@get');
          OR
      //For Laravel 8 new users:
       use App\Http\Controllers\UserController;                                                                       
       Route::middleware('auth:api')->get('/user/get', 'App\Http\Controllers\UserController@get');
      

• Copy and paste the following scope and endpoints in Drupal's Configure OAuth tab.

  Scope	openid email profile
  Authorize Endpoint	/oauth/authorize
  Access Token Endpoint	/oauth/token
  Get User Info Endpoint	/api/user/get


• Click on the Save Configuration button.

Test Connection between Drupal and Laravel

• Click on the Perform Test Configuration button to check the Single Sign-On (SSO) connection between Drupal and Laravel.

• On a Test Connection popup, if you don't have an active session in Laravel on the same browser, you will be asked to sign in to your Laravel account. After successfully logging into a Laravel account, you will be provided with a list of attributes that are received from the Laravel Passport.
• Select the Email Attribute from the dropdown menu in which the user's email is obtained and click the Done button.

Please note: Mapping the Email Attribute is mandatory for your login to work.

Congratulations! You have successfully configured Laravel Passport as OAuth/OpenID Provider and Drupal as an OAuth Client.

How to perform the SSO?

• Now, open a new browser/private window and go to your Drupal site login page.
• Click on the Login using the Laravel link to initiate the SSO from Drupal.
• If you want to add the SSO link to other pages as well, please follow the steps given in the image below: