AUGMENT EXPERIENCES WITH A SAFER, SIMPLER AND MORE PRIVATE WAY TO LOGIN
A paradigm shift in the registration and sign-in process, Affinidi Login is a game-changing solution for developers. With our revolutionary passwordless authentication solution your user's first sign-in doubles as their registration, and all the necessary data for onboarding can be requested during this streamlined sign-in/signup process. End users are in full control, ensuring that they consent to the information shared in a transparent and user-friendly manner. This streamlined approach empowers developers to create efficient user experiences with data integrity, enhanced security and privacy, and ensures compatibility with industry standards.
| Passwordless Authentication | Decentralised Identity Management | Uses Latest Standards |
|---|---|---|
| Offers a secure and user-friendly alternative to traditional password-based authentication by eliminating passwords and thus removing the vulnerability to password-related attacks such as phishing and credential stuffing. | Leverages OID4VP to enable users to control their data and digital identity, selectively share their credentials and authenticate themselves across multiple platforms and devices without relying on a centralised identity provider. | Utilises OID4VP to enhance security of the authentication process by verifying user authenticity without the need for direct communication with the provider, reducing risk of tampering and ensuring data integrity. |
This package extends HybridAuth to enable passwordless authentication with the Affinidi OIDC provider.
Learn more about Hybridauth here
Quick Links
- Installation & Usage
- Create Affinidi Login Configuration
- Run Sample Playground Project
- Affinidi Login Integration in Fresh Laravel Project
To get started with Affinidi hybridauth, follow these steps:
- Install the Affinidi hybridauth package using Composer:
composer require affinidi/laravel-hybridauth-affinidi
- Create a configuration file
hybridauth.phpwith below content underconfigfolder:
<?php
return [
'affinidi' => [
'callback' => env('APP_URL') . '/login/affinidi/callback',
'keys' => [
'id' => env('PROVIDER_CLIENT_ID'),
'secret' => env('PROVIDER_CLIENT_SECRET')
],
'endpoints' => [
'api_base_url' => env('PROVIDER_ISSUER'),
'authorize_url' => env('PROVIDER_ISSUER') . '/oauth2/auth',
'access_token_url' => env('PROVIDER_ISSUER') . '/oauth2/token',
]
]
]
?>
- Create
LoginRegisterController.phpfile underapp\Http\Controllers, which has actions to perform normal login, logout, affinidi login and its callback, reference can be found here
<?php
namespace App\Http\Controllers;
use App\Http\Controllers\Controller;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
class LoginRegisterController extends Controller
{
private static $adapter;
public function __construct() {
$config = \Config::get('hybridauth.affinidi');
self::$adapter = new \Affinidi\HybridauthProvider\AffinidiProvider($config);
}
public function login()
{
return view('login');
}
public function home()
{
if (session("user")) {
return view('dashboard');
}
return redirect()->route('login')
->withErrors([
'email' => 'Please login to access the home.',
]);
}
public function logout(Request $request)
{
self::$adapter->disconnect();
Auth::logout();
$request->session()->invalidate();
$request->session()->regenerateToken();
return redirect()->route('login')
->withSuccess('You have logged out successfully!');
;
}
public function affinidiLogin(Request $request)
{
self::$adapter->authenticate();
}
public function affinidiCallback(Request $request)
{
try {
self::$adapter->authenticate();
$userProfile = self::$adapter->getUserProfile();
session(['user' => $userProfile]);
return redirect()->intended('home');
} catch (\Exception $e) {
return redirect()->route('login')
->withError($e->getMessage());
}
}
}
-
Open
routes\web.phpfile and Add Web Routes which invokes the above login controller actions, reference can be found here -
Create file
login.blade.phpunderresources\viewsfor adding Affinidi Login button, reference can be found here -
Create dashboard
dashboard.blade.phpunderresources\viewsfor displaying the logged in user info, reference can be found here -
Open
.envfile and update value ofAPP_URLtohttp://localhost:8000
APP_URL=http://localhost:8000
Create the Login Configuration using Affinidi Dev Portal as illustrated here. You can given name as "hybridauth App" and Redirect URIs as per your application specific e.g. "https:///login/affinidi/callback"
Important: Safeguard the Client ID and Client Secret and Issuer; you'll need them for setting up your environment variables. Remember, the Client Secret will be provided only once.
Note: By default Login Configuration will requests only Email VC, if you want to request email and profile VC, you can refer PEX query under (docs\loginConfig.json)[playground\example\docs\loginConfig.json] and execute the below affinidi CLI command to update PEX
affinidi login update-config --id <CONFIGURATION_ID> -f docs\loginConfig.json
Open the directory playground/example in VS code or your favourite editor
-
Install the dependencies by executing the below command in terminal
composer install -
Create the
.envfile in the sample application by running the following commandcp .env.example .env -
Create Affinidi Login Configuration as mentioned here
-
Update below environment variables in
.envbased on the auth credentials received from the Login Configuration created earlier:PROVIDER_CLIENT_ID="<AUTH.CLIENT_ID>" PROVIDER_CLIENT_SECRET="<AUTH.CLIENT_SECRET>" PROVIDER_ISSUER="<AUTH.CLIENT_ISSUER>"Sample values looks like below
PROVIDER_CLIENT_ID="xxxxx-xxxxx-xxxxx-xxxxx-xxxxx" PROVIDER_CLIENT_SECRET="xxxxxxxxxxxxxxx" PROVIDER_ISSUER="https://yyyy-yyy-yyy-yyyy.apse1.login.affinidi.io" -
Run the application
php artisan serve -
Open the http://localhost:8000/, which displays login page Important: You might error on redirect URL mismatch if you are using
http://127.0.0.1:8000/instead ofhttp://localhost:8000/. -
Click on
Affinidi Loginbutton to initiate OIDC login flow with Affinidi Vault