AUGMENT EXPERIENCES WITH A SAFER, SIMPLER AND MORE PRIVATE WAY TO LOGIN
A paradigm shift in the registration and sign-in process, Affinidi Login is a game-changing solution for developers. With our revolutionary passwordless authentication solution your user's first sign-in doubles as their registration, and all the necessary data for onboarding can be requested during this streamlined sign-in/signup process. End users are in full control, ensuring that they consent to the information shared in a transparent and user-friendly manner. This streamlined approach empowers developers to create efficient user experiences with data integrity, enhanced security and privacy, and ensures compatibility with industry standards.
Passwordless Authentication | Decentralised Identity Management | Uses Latest Standards |
---|---|---|
Offers a secure and user-friendly alternative to traditional password-based authentication by eliminating passwords and thus removing the vulnerability to password-related attacks such as phishing and credential stuffing. | Leverages OID4VP to enable users to control their data and digital identity, selectively share their credentials and authenticate themselves across multiple platforms and devices without relying on a centralised identity provider. | Utilises OID4VP to enhance security of the authentication process by verifying user authenticity without the need for direct communication with the provider, reducing risk of tampering and ensuring data integrity. |
This package extends Socialite to enable passwordless authentication with the Affinidi OIDC provider.
Learn more about Laravel Socialite here
Quick Links
- Installation & Usage
- Create Affinidi Login Configuration
- Affinidi Login Integration with Sample Laravel project
- Affinidi Login Integration in Fresh Laravel Project
- Affinidi Login Integration in Existing Laravel Project
To get started with Affinidi Socialite, follow these steps:
- Install the Affinidi Socialite package using Composer:
composer require affinidi/laravel-socialite-affinidi
- Add the following configuration to your
config/services.php
file:
'affinidi' => [
'base_uri' => env('PROVIDER_ISSUER'),
'client_id' => env('PROVIDER_CLIENT_ID'),
'client_secret' => env('PROVIDER_CLIENT_SECRET'),
'redirect' => '/login/affinidi/callback',
],
- Extend the setup of the Affinidi Socialite driver using our helper class in the
boot()
function ofapp\Providers\AppServiceProvider.php
:
public function boot(): void
{
$socialite = $this->app->make(Factory::class);
// Setup the affinidi driver
\Affinidi\SocialiteProvider\AffinidiSocialite::extend($socialite);
}
To authenticate users using an OAuth provider, you will need two routes: one for redirecting the user to the OAuth provider, and another for receiving the callback from the provider after authentication.
The example routes below demonstrate the implementation of both routes:
use Laravel\Socialite\Facades\Socialite;
Route::get('/login/affinidi/redirect', function () {
return Socialite::driver('affinidi')->redirect();
});
Route::get('/login/affinidi/callback', function () {
$user = Socialite::driver('affinidi')->user();
// $user->token
});
Create the Login Configuration using Affinidi Dev Portal as illustrated here. You can given name as "Socialite App" and Redirect URIs as per your application specific e.g. "https:///login/affinidi/callback"
Important: Safeguard the Client ID and Client Secret and Issuer; you'll need them for setting up your environment variables. Remember, the Client Secret will be provided only once.
Note: By default Login Configuration will requests only Email VC
, if you want to request email and profile VC, you can refer PEX query under (docs\loginConfig.json)[playground\example\docs\loginConfig.json] and execute the below affinidi CLI command to update PEX
affinidi login update-config --id <CONFIGURATION_ID> -f docs\loginConfig.json
Open the directory playground/example
in VS code or your favorite editor
-
Install the dependencies by executing the below command in terminal
composer install
-
Create the
.env
file in the sample application by running the following commandcp .env.example .env
-
Create Affinidi Login Configuration as mentioned here
-
Update below environment variables in
.env
based on the auth credentials received from the Login Configuration created earlier:PROVIDER_CLIENT_ID="<AUTH.CLIENT_ID>" PROVIDER_CLIENT_SECRET="<AUTH.CLIENT_SECRET>" PROVIDER_ISSUER="<AUTH.CLIENT_ISSUER>"
Sample values looks like below
PROVIDER_CLIENT_ID="xxxxx-xxxxx-xxxxx-xxxxx-xxxxx" PROVIDER_CLIENT_SECRET="xxxxxxxxxxxxxxx" PROVIDER_ISSUER="https://yyyy-yyy-yyy-yyyy.apse1.login.affinidi.io"
-
Run the application
php artisan serve
-
Open the http://localhost:8000/, which displays login page Important: You might error on redirect URL mismatch if you are using
http://127.0.0.1:8000/
instead ofhttp://localhost:8000/
. -
Click on
Affinidi Login
button to initiate OIDC login flow with Affinidi Vault
If you want to start fresh without any base reference app, then you can follow the below steps
Before creating your first Laravel project, you should ensure that your local machine has PHP
and Composer
installed.
- You may create a new Laravel project via the Composer
create-project
command
composer create-project laravel/laravel example-app
Note: If you enounter any issue on creating project like fileInfo
, then you may have enable the fileInfo extension in your php.ini
file like below
extension=fileinfo
- After the project has been created, start Laravel's local development server using the Laravel's Artisan CLI
serve
command
cd example-app
php artisan serve
- Once you have started the Artisan development server, your application will be accessible in your web browser at http://localhost:8000
Note: If you encounter an error on generating Key, then execute the below command which updates APP_KEY
in your .env file and then run the app
php artisan key:generate
To get started with Socialite, use the Composer package manager to add the package to your project's dependencies
- Install Affinidi Socialite Library
composer require affinidi/laravel-socialite-affinidi
- Open
AppServiceProvider.php
file underapp\Providers
, and bootstrap the Affinidi driver to socialite class inside functionboot()
, the code should look like below
public function boot(): void
{
$socialite = $this->app->make(Factory::class);
\Affinidi\SocialiteProvider\AffinidiSocialite::extend($socialite);
}
- Add credentials for the Affinidi OIDC provider, should be placed in your application's
config/services.php
configuration file,
'affinidi' => [
'base_uri' => env('PROVIDER_ISSUER'),
'client_id' => env('PROVIDER_CLIENT_ID'),
'client_secret' => env('PROVIDER_CLIENT_SECRET'),
'redirect' => '/login/affinidi/callback',
],
- Create
LoginRegisterController.php
file underapp\Http\Controllers
, which has actions to perform normal login, logout, affinidi login and its callback, reference can be found here - Open
routes\web.php
file and Add Web Routes which invokes the above login controller actions, reference can be found here - Create file
login.blade.php
underresources\views
for adding Affinidi Login button, reference can be found here - Create dashboard
dashboard.blade.php
underresources\views
for displaying the logged in user info, reference can be found here
- Run the application
php artisan serve
- Open the http://localhost:8000/, which displays login page
Important: You might error on redirect URL mismatch if you are using
http://127.0.0.1:8000/
instead ofhttp://localhost:8000/
. - Click on
Affinidi Login
button to initiate OIDC login flow with Affinidi Vault
If you want to integrate Affinidi Login to any existing PHP Laravel Application using socialite, then you can follow the below steps
To get started with Socialite, use the Composer package manager to add the package to your project's dependencies
- Install Affinidi Socialite Library
composer require affinidi/laravel-socialite-affinidi
- Open
AppServiceProvider.php
file underapp\Providers
, and bootrap the affinidi driver to socialite class inside functionboot()
, the code should look like below
public function boot(): void
{
$socialite = $this->app->make(Factory::class);
\Affinidi\SocialiteProvider\AffinidiSocialite::extend($socialite);
}
- Add credentials for the Affinidi OIDC provider, should be placed in your application's
config/services.php
configuration file,
'affinidi' => [
'base_uri' => env('PROVIDER_ISSUER'),
'client_id' => env('PROVIDER_CLIENT_ID'),
'client_secret' => env('PROVIDER_CLIENT_SECRET'),
'redirect' => '/login/affinidi/callback',
],
-
Create the Login Configuration as per step here
-
Update below environment variables in .env based on the auth credentials obtained from the previous step
PROVIDER_CLIENT_ID="<AUTH.CLIENT_ID>" PROVIDER_CLIENT_SECRET="<AUTH.CLIENT_SECRET>" PROVIDER_ISSUER="<AUTH.CLIENT_ISSUER>"
-
Add the Affinidi Login button in your login page, reference can be found here
-
Use socialite driver as 'affinidi' in route handler / controller, reference controller can be found here
- Run the application
php artisan serve
- Open the http://localhost:8000/, which displays login page
Important: You might error on redirect URL mismatch if you are using
http://127.0.0.1:8000/
instead ofhttp://localhost:8000/
. - Click on
Affinidi Login
button to initiate OIDC login flow with Affinidi Vault
For example, if you want to issue a VC
- Generate Personal access token using command line tool more details here and update .env file with details
VAULT_URL="https://vault.affinidi.com"
API_GATEWAY_URL="https://apse1.api.affinidi.io"
TOKEN_ENDPOINT="https://apse1.auth.developer.affinidi.io/auth/oauth2/token"
PROJECT_ID=""
KEY_ID=""
TOKEN_ID=""
PASSPHRASE=""
PRIVATE_KEY=""
- Set the service config file
'affinidi_tdk' => [
'api_gateway_url' => env('API_GATEWAY_URL'),
'token_endpoint' => env('TOKEN_ENDPOINT'),
'project_Id' => env('PROJECT_ID'),
'private_key' => env('PRIVATE_KEY'),
'token_id' => env('TOKEN_ID'),
'passphrase' => env('PASSPHRASE'),
'key_id' => env('KEY_ID'),
'vault_url' => env('VAULT_URL'),
],
- Code snippet to invoke TDK helper methods by reading config values
$credentials_request =
[
[
"credentialTypeId" => "AnyTcourseCertificateV1R0",
"credentialData" => [
"courseID" => "EMP-IT-AUTOMATION-2939302",
"course" => [
"name" => "IT Automation with Python",
"type" => "Professional Certificate",
"url" => "",
"courseDuration" => "45 Days"
],
"learner" => [
"name" => "",
"email" => "[email protected]",
"phone" => ""
],
"achievement" => [
"score" => "100",
"grade" => "A"
],
"courseMode" => "online",
"completionDate" => "08/09/2024"
]
]
];
$apiMethod = '/cis/v1/' . config('services.affinidi_tdk.project_Id') . '/issuance/start';
$data = \Affinidi\SocialiteProvider\AffinidiTDK::InvokeAPI($apiMethod, [
'data' => $credentials_request,
'claimMode' => "TX_CODE"
]);