Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

murilo's avatar
murilo
OP
2 years ago
Level 10

laravel SSO , login without session , just with tokens

hello , I have been working with laravel and SSO ( Single sign-on ) . I followed this tutorial .

https://www.youtube.com/watch?v=kRGPKh3NgHU&list=PLC-R40l2hJfdyfZ3jkDKOcyoqmIgw2wda&index=1

I did this project almost one year ago . But it has a change that I didnt managed to do . In this tutorial , it has 2 laravel projects . that they comunicate with them .

If it is authenticated in one of them , so . authorizes to access the other one . its works with laravel passport . with autorization code . the second project send a authorization code like this to the project one -

public function getLogin(Request $request)
    {
        try {
            $state = Str::random(40);
            $query = http_build_query([
                "client_id" => config("auth.sso_client_id"),
                "redirect_url" => config("app.url_front") . "/callback",
                "response_type" => "code",
                "scope" => config("auth.sso_scope"),
                "state" => $state
            ]);
            return response()->json(["authorize_url" => config("auth.sso_http_host") . "/oauth/authorize?" . $query, 'state' => $state], 200);
        } catch (ClientException $e) {
            return response()->json(['message'  =>  "Houve um erro , contate o suporte" ] , 400);
        }
    }

the link will be like this - 
http://localhost:8081/oauth/authorize?client_id=9aeddbc9-1d56-4ac8-873c-ebf8318427c8&redirect_url=http%3A%2F%2Flocalhost%3A3000%2Fcallback&response_type=code&scope=view-user&state=w98yydc3HEpSsCzsE7UYXlYkZc3Q5LWelViMmp9F

it uses -

oauth/authorize?

like this -

https://laravel.com/docs/11.x/passport#requesting-tokens-redirecting-for-authorization

My question is , the way that is now . the first project . NEEDS to use SESSION to authenticate . becouse in this router - oauth/authorize Laravel will check , it is authenticated ? no , so loggin . if is authenticated , turn back with authorization code .

My problem is that I CANT AUTHENTICATE the first project with token without session , I cant use a login system with react or VUE in front and laravel at the backed , becaouse . to validated if the user is logged in , it must be a SESSION system .

Is that possible to authorize and does not work with session ?

0 likes
0 replies

Please or to participate in this conversation.