Authentication using cookie without users table

Published 5 months ago by DoubleR

Hello, I have what seems to be a simple requirement for authenticating with my laravel 5.5 app. In our intranet, users authenticate through a company-site, which when successfully authenticated, it sets an encrypted browser cookie with the user's ID, name, and additional items. Finally, it redirects the user back to the page that called it.

On my end, the cookie then gets decrypted through PHP. Once here, my app should authenticate using the decrypted user ID, saving the name and other info provided under Auth::User. However, I don't want to have a database with over 500k entries to look up the user, I just want any employee to be able to log in. So I believe what I want is Auth::User to use GenericUser where I set the user based on the decrypted cookie info. I've tried following instructions from the following pages:

https://stackoverflow.com/questions/41912867/can-i-put-and-retrieve-the-user-information-to-and-from-session-into-a-laravel-c http://laravel-recipes.com/recipes/115/using-your-own-authentication-driver https://www.georgebuckingham.com/blog/laravel-52-auth-custom-user-providers-drivers/ https://laravel.com/docs/5.5/authentication

But I can't get it to work. I can't figure out the proper way to create a custom authentication provider nor how to create a custom user provider.

I have a site which doesn't use Laravel and the way I authenticate is checking for the cookie to be set and not expired, then setting session variables such as REMOTE_USER.

If anyone has any ideas, I'm open to try them. I'm still a beginner with Laravel, so I may ask additional questions.

Thanks in advance

Best Answer (As Selected By DoubleR)
Snapey

Create a user on the fly using the User model (User::firstOrCreate([])) and then log them in with Auth::login

You can use all the usual Auth functionality, the only downside is creating new users as and when they login so your users table will grow over time. This is not a bad thing if users need to store any personal settings, plus you can see who is using the app

Snapey
Snapey
5 months ago (900,485 XP)

Create a user on the fly using the User model (User::firstOrCreate([])) and then log them in with Auth::login

You can use all the usual Auth functionality, the only downside is creating new users as and when they login so your users table will grow over time. This is not a bad thing if users need to store any personal settings, plus you can see who is using the app

gator
gator
5 months ago (69,080 XP)

We use Shibboleth IAM for company wide authentication. After shib auth, users are returned to the laravel app with various server variables set.. I then follow the process as outlined by @Snapey to use Laravel auth semantics... Yes, you will have 1 user row per employee who accesses your site... I don't think you can avoid this (and honestly, it falls in the bucket of items which does not warrant any action).

DoubleR

@Snapey your solution worked, at first I couldn't figure out how to implement it, and after countless tries and hours of researching, I finally found a site that showed an example of how they implemented and went with it. So I ended up using updateOrCreate as shown in my example below.

First I had to do:

php artisan make:auth

I order to build the authentication logic, otherwise, my solution wouldn't work.

Then, in App\Http\Controllers\Auth\LoginController, I updated added the showLoginForm() in order to override the default. I'm posting for reference and for ideas on improving:

    /**
     * Show the application's login form.
     *
     * @return \Illuminate\Http\Response
     */
    public function showLoginForm()
    {
        if (!isset($_COOKIE['encryptedCompanyCookie'])) {
           // build the url and logic to access the company login site

            return redirect($companyAuthURL);
        } else {
            // decrypt encrypted company cookie

            $user = User::updateOrCreate([
                'uid' => $decryptedCookie['uid'],
            ], [
                'first_name' => $decryptedCookie['firstName'],
                'last_name' => $decryptedCookie['lastName'],
                'privileges' => $decryptedCookie['privileges'],
            ]);
            Auth::login($user);
            $home = Auth::user()->home;

            return redirect($home ? $home : $this->redirectTo);
        }
    }

Finally I just had to update other items in the User model and the view in order to match and pull the correct name and information.

If you or anyone else has any other suggestions for improving on this, it will be most welcome.

JyothsnaReddy

@DoubleR I’m new to Laravel and You have no idea how much you are helping me with your post.

Thank you so much

Please sign in or create an account to participate in this conversation.