Socialite middleware to check if authenticated

https://developer.okta.com/blog/2019/01/15/crud-app-laravel-vue

You can refer to this tuto, I think you will get an idea !

@bgweb I think in most cases Socialite simply verifies the user then logs them in with standard auth layer. Which would mean you can just check if the user is authed. SSO should work the same way, usually. Your case may be different.

@psylogic Thanks for the reference. I used the Laravel version of that to get started (the application in question is not an SPA). The challenge I'm having is how to check each request. The code below is causing issues for me:

// Setup the JWT Verifier
            $jwtVerifier = (new \Okta\JwtVerifier\JwtVerifierBuilder())
                            ->setAdaptor(new \Okta\JwtVerifier\Adaptors\SpomkyLabsJose())
                            ->setAudience('api://default')
                            ->setClientId('{yourClientId}')
                            ->setIssuer('{yourIssuerUrl}')
                            ->build();

I get an error that the kid is invalid. I had this issue a while back when implementing a similar middleware for our Laravel API. In fact, I posted an issue about it and was able to resolve it, I just don't remember what I did to fix it. https://github.com/okta/okta-jwt-verifier-php/issues/33

I may need to reach out to Okta again in order to fix the issue.

@fylzero The only place the request is checked using Socialite is in the provider callback route. After that, the user is always authenticated on the Laravel side.

As I mentioned above, following Okta's Laravel example produces the same behavior which leads me to believe I need to implement additional checks in order to achieve the desired behavior.

Any additional feedback is greatly appreciated!