• Home
• App Integrations
• Single Sign-On Integrations
• PHP Single Sign-On

Single Sign-On (SSO) solution by miniOrange provides secure Single Sign-On access into PHP website using a single set of login credentials. You can log into PHP website using miniOrange credentials or Azure AD credentials or any of your existing identity providers. With miniOrange SSO services, along with PHP website you can also login into other On-Premise and Cloud Applications using your existing Identity Providers/User Store (Azure Active Directory, Okta, Ping) credentials. Follow the given setup guide to integrate OAuth SSO for your PHP website account.

Prerequisites

• PHP 8.1 or above : The php connector uses modern PHP features, including Enums, which are supported starting from PHP 8.1. Ensure your server runs PHP 8.1 or higher.
• Local Server Environment: A local server environment is required to host and run the application. You can use one of the following: XAMPP (recommended for Windows users): Download XAMPP

  WAMP: Download WAMP

  Alternatively, any other web server setup compatible with PHP 8.1+.

• Composer (Dependency Manager for PHP): It uses Composer to manage dependencies. Ensure Composer is installed on your system. Installation Guide: Install Composer

Follow the Step-by-Step Guide given below for PHP Single Sign-On (SSO)

1. Create a Library Folder

• Navigate to your project directory and create a folder named libs (or any other preferred name) to keep external libraries organized.
• Your project structure might look like this:

                  
                    /path/to/your-project/
                    ├── libs/
                    ├── assets/
                    ├── includes/
                    └── index.php 
                  
                

2. Install the Connector

• Inside the libs folder, run the following Composer command to download the connector and its dependencies:

                    composer require miniorange/phpoauth
                  

Note: Make sure you have Composer installed to execute this command. If not, refer to the installation guide. Or download it from here.

3. Include the Autoload Script

• To use the phpOAuth library, include its autoload script in the PHP file where authentication or login activity is to be performed. This ensures required classes are automatically loaded.

                  
                    <?php
                  require_once '/path/to/your-project/libs/vendor/autoload.php';
                  ?>                
                

4. Configure PHP App in miniOrange

• Log in with your miniOrange credentials to access the dashboard below. If you don't have an account, sign up on the miniOrange website to get started. Also make sure that you have set up your branding after registration.
• Go to Apps and click on Add Application button.



• Search for OAuth and select OAuth2/OpenID Connect.



• Configure the application details as shown in the table below:

  Client Name:	Enter a name for your application (e.g., "TestApp")
  Redirect URI:	Add the URL where users will be redirected, typically your login page followed by /callback.
  Logout URI:	Add the URL where users will be redirected after logout (e.g., login.php).

  Note: Make sure you add /callback at the end of your redirect uri. It will look like this : “https://your_domain/login.php/callback”





• A message “App is configured successfully.” will appear confirming the successful creation of the OAuth application on miniOrange.



• Locate your application name in the applications list, click the three dots menu, and select "Edit".



• Now copy Client Id and Client Secret and store it somewhere safe for further use.

5. Modify the .env File

Now, back in your php project, update the .env file in the phpoauth folder with the client credentials you copied earlier.

Find the .env file at: /path/to/your-project/lib/vendor/miniorange/phpoauth/.env

• BASE_URL: Your base URI should look like this: https://<YOUR_DOMAIN>.xecurify.com/moas. It is your branding name followed by xecurify.com/moas.
• REDIRECT_URI: This is the same redirect uri we added while configuring PHP app in miniOrange. It will look like this: https://<your_domain>/login.php/callback
• LOGOUT_REDIRECT_URI: This is the same logout uri we added while configuring PHP App in miniOrange. It will look like this: https://<your_domain>/login.php

  CLIENT_ID:	<YOUR_CLIENT_ID>
  CLIENT_SECRET:	<YOUR_CLIENT_SECRET>
  BASE_URL:	https://<YOUR_DOMAIN>.xecurify.com/moas
  REDIRECT_URI:	<YOUR_REDIRECT_URI>
  LOGOUT_REDIRECT_URI:	<YOUR_LOGOUT_REDIRECT_URI>

6. Initialize the OAuth process in your PHP website

• Now that you have the library and credentials set up, initialize the OAuth process in your index/login Page. Use the following code snippets to configure and start using the OAuth connector.

Note: Add all the below scripts in the same login page in given sequence.



• Include the Autoload Script and Import Classes: You need to include the autoload script provided by the phpOAuth library and import necessary classes.

                
                  <?php
                  require_once 'path/to/phpOAuth/vendor/autoload.php';
                  
                  // Import necessary classes from the phpOAuth library.
                  use Miniorange\Phpoauth\{
                      Config\OAuthConfig,
                      Handlers\AuthorizationHandler,
                      Listeners\LoginListener,
                      Handlers\CallbackHandler
                  };
                  
                  // Initialize OAuth configuration and authorization handler.
                  try {
                      $config = new OAuthConfig();
                      $authHandler = new AuthorizationHandler($config);
                  } catch (Exception $e) {
                      echo "Error : " . $e->getMessage();
                  }
                  ?>                
                 

• Create a Login Listener to handle successful login and errors: This allows you to manage what happens upon successful login (e.g., creating a session or redirecting the user) and how to handle errors.

                  
                    <?php
                  class MyLoginSuccessListener implements LoginListener {
                      public function onLoginSuccess($userInfo) {
                          // Store the user object in the session 
                          // and Redirect the user to the dashboard or any other page based on your use case
                      }
                  
                      public function onError($errorMessage) {
                          // Handle the error: display it on the page or redirect to an error page
                      }
                  }
                  ?>                
                  
                

• Pass the URI to handle OAuth Callback.

                
                  <?php
                  $loginListener = new MyLoginSuccessListener();
                  $fullUri = $_SERVER['REQUEST_URI'];  // Retrieve the full request URI
                  
                  // Create an instance of CallbackHandler with the configuration and login listener
                  $myCallbackHandler = new CallbackHandler($config, $loginListener);
                  
                  // Handle the URI to process the OAuth callback
                  $myCallbackHandler->handleUri($fullUri);
                  ?>              
              

7. Start Authorization

• To initiate the authorization process, you'll need to call the startAuthorization method from your authorization handler class. This step is typically triggered by a user action, such as clicking a button. Here’s how to do it:

                  
                    <?php
                  // Call the startAuthorization method when the button is clicked
                  try {
                      $authHandler->startAuthorization();
                  } catch (Exception $e) {
                      echo "Error: " . $e->getMessage();
                  }
                  ?>                
                




View Example:

You might want to create a button in your HTML to trigger the authorization process. Here’s a simple example:

                      
                        <form method="post" action="">
                      <button type="submit" name="startAuth">Sign In with MiniOrange</button>
                      </form>
                      <?php
                        if (isset($_POST['startAuth'])) {
                            // Call the startAuthorization method when button is clicked
                            try {
                                $authHandler->startAuthorization();
                            } catch (Exception $e) {
                                echo "Error: " . $e->getMessage();
                            }
                        }
                        ?>                      
                    

This setup ensures that when the user clicks the "Login with miniOrange" button, the authorization process begins.

8. Test OAuth Connection in your PHP website

• Start Your Server: If using XAMPP or WAMP locally: Launch the server software (e.g., XAMPP or WAMP) and ensure Apache (or an equivalent web server) is running.
• Open Your Php Website in Browser: Open a web browser and enter the URL to access your application. For your local environment go to http://localhost/your-folder-name/ to access the starter application.
• Start and Test Authorization
  • Initiate the authorization process by clicking the "Login Button" button of your PHP website. This should redirect you to the authentication provider (miniOrange) to complete the login.
  
  
  
  • After a successful login, you should be redirected back to your application, where you can verify the OAuth flow and ensure your user is authenticated.

9. Check if the Session is Active (Optional)

Note: For checking the session, you need to pass the config object to isSessionActive function. If you are checking the session on a page other than index.php, you'll need to manage sharing the object across various pages. One way to achieve this is by serializing the object and storing it in the session.




You can check token validity by calling the isSessionActive method, which will verify if the tokens are still valid or expired. This check can be performed on each page load or during specific user activities at regular intervals.

• Call the isSessionActive Method: You can add the following code snippet to your PHP files to check the session status:

                  
                    <?php
                  require_once "phpOAuth/vendor/autoload.php";
                  use function Miniorange\Phpoauth\Handlers\isSessionActive;
                  
                  if (!isSessionActive($config)) {
                      echo "SESSION NOT FOUND PLEASE LOGIN";
                      // Redirect to session end page or call the logout function
                  }
                  ?>                
                

• You can show a popup and block the user screen on the session end and ask the user to login again.
• Place the session check at the beginning of your PHP files or in a centralized location that is executed with each page load.
• If the session has expired, you can either redirect the user to a specific session end page or a logout page or show a popup message informing the user that their session has ended and prompt them to log in again.

10. Implement Logout Functionality (Optional)

• The logout functionality from the MiniOrange PHP OAuth library logs the user out from the MiniOrange website in the browser.
• Add the following code snippet in the PHP file where the logout button is present.

  Note: You need to pass the same config object from the login page to the logout function, so to be able to use the same object here you can serialize the config object and store it in session and retrieve it here and pass it to the logout function.

  
  

                  
                    <?php
                require_once "phpOAuth/vendor/autoload.php";
                use function MiniOrange\Phpoauth\Handlers\logout;
                
                if (isset($_POST['logout'])) {
                    logout($config);
                    exit();
                }
                ?>                
                

                    
                      <form method="post" action="">
                    <button type="submit" name="logout">Logout</button>
                    </form>                    
                  

  

x

Work Email*

Download

 Your download should start now. If not, please email us at idpsupport@xecurify.com or contact us.