SSO Login into Drupal using Laravel as OAuth / OpenID Connect Provider
Drupal OAuth / OpenID Connect SSO integration enables SSO between the Drupal site and Laravel Passport. This setup
guide helps in configuring Single Sign-On (SSO) between the Drupal site and Laravel Passport using the OAuth / OpenID
Connect module. This module is compatible with Drupal 7, Drupal 8, Drupal 9, and Drupal 10. When you incorporate the
OAuth / OpenID Connect module with the Drupal site, you can log into the Drupal site seamlessly with Laravel
On the Drupal site, navigate to Configuration -> miniOrange OAuth Client
Configuration -> Configure OAuth tab.
Select Custom OAuth 2.0 Provider from the Select Application drop-down.
Copy the Callback/Redirect URL and keep it handy.
Enter Laravel as the Application name in the Display Name text-field.
Create OAuth / OpenID SSO Application in
Create a laravel project on your local machine using command and set it up: composer create-project --prefer-dist laravel/laravel blog
Change the directory to blog using cd blog command. Install laravel passport. composer require laravel/passport
Go to config/app.php and add below provider Laravel\Passport\PassportServiceProvider::class
Run below commands php artisan migrate php artisan passport:install
Go to app/User.php model class, add HasApiTokens trait to the code:
use Illuminate\Foundation\Auth\User as Authenticatable;
class User extends Authenticatable
use HasApiTokens, Notifiable;
* The attributes that are mass assignable.
* @var array
protected $fillable = [
'name', 'email', 'password',
* The attributes that should be hidden for arrays.
* @var array
protected $hidden = [
* The attributes that should be cast to native types.
* @var array
protected $casts = [
'email_verified_at' => 'datetime',
Go to app/Providers/AuthServiceProvider.php, add use Laravel\Passport\Passport; ,
Passport::routes(); routes to the service code:
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
class AuthServiceProvider extends ServiceProvider
* The policy mappings for the application.
* @var array
protected $policies = [
// 'App\Model' => 'App\Policies\ModelPolicy',
* Register any authentication / authorization services.
* @return void
public function boot()
Go to config/auth.php and change the API driver token to the passport as we are going to
use the Passport library.
Navigate to the Laravel portal and run the following commands to get Client ID and
Client Secret: php artisan passport: client
It will ask you the following questions:
Which user ID should the client be assigned to?:
What should we name the client?:
> Demo OAuth2 Client Account
Where should we redirect the request after authorization?
> Paste the Callback/Redirect URL
New client created successfully.
Client ID: 1
Client secret: zMm0tQ9Cp7LbjK3QTgPy1pssoT1X0u7sg0YWUW01
Copy the Client ID and Client secret value.
Go to the Drupal's Configure OAuth tab and paste the copied Client ID and
Client secret into the respective text-fields.
To create a UserInfo endpoint manually, in the app/Http/Controllers, create a file
class UserController extends Controller
public function get(Request $request)
$user_id = Auth::id();
$user = User::find($user_id);
Register the API route by adding the below line in routes/api.php file:
//For Laravel below 8 and migrated to the 8 version:
OR//For Laravel 8 new users:
Copy and paste the following scope and endpoints in Drupal's Configure OAuth tab.
openid email profile
Access Token Endpoint
Get User Info Endpoint
Click on the Save Configuration button.
Connection between Drupal and Laravel
Click on the Perform Test Configuration button to check the Single Sign-On (SSO) connection
between Drupal and Laravel.
On a Test Connection popup, if you don't have an active session in Laravel on the same browser, you will be
asked to sign in to your Laravel account. After successfully logging into a Laravel account, you will be
provided with a list of attributes that are received from the Laravel Passport.
Select the Email Attribute from the dropdown menu in which the user's email is obtained and
click the Done button.
Please note: Mapping the Email Attribute is mandatory for your login to work.
Congratulations! You have successfully configured Laravel Passport as OAuth/OpenID Provider and Drupal as an OAuth
How to perform
Now, open a new browser/private window and go to your Drupal site login page.
Click on the Login using the Laravel link to initiate the SSO from Drupal.
If you want to add the SSO link to other pages as well, please follow the steps given in the image below:
If you face any issues during the configuration or if you want some additional features, please contact us at firstname.lastname@example.org.
miniOrange has successfully catered to the use cases of 400+ trusted customers with its highly flexible/customizable Drupal solutions. Feel free to check out some of our unique case studies using this link.
Feel free to explore other Drupal solutions that we offer here. The popular solutions used by our trusted customers include Two Factor Authentication - 2FA, Website Security, REST & JSON API Authentication, User Provisioning and Sync.
If you dont hear from us within 24 hours, please feel free to send a follow up email to email@example.com
This privacy statement applies to miniorange websites describing how we handle the personal
When you visit any website, it may store or retrieve the information on your browser, mostly in the
form of the cookies. This information might be about you, your preferences or your device and is
mostly used to make the site work as you expect it to. The information does not directly identify
you, but it can give you a more personalized web experience.
Click on the category headings to check how we handle the cookies.
Strictly Necessary Cookies
Necessary cookies help make a website fully usable by enabling the basic functions like site
navigation, logging in, filling forms, etc. The cookies used for the functionality do not store any
personal identifiable information. However, some parts of the website will not work properly without
These cookies only collect aggregated information about the traffic of the website including -
visitors, sources, page clicks and views, etc. This allows us to know more about our most and least
popular pages along with users' interaction on the actionable elements and hence letting us improve
the performance of our website as well as our services.