{"id":21171607,"url":"https://github.com/0k/multidomain-sso","last_synced_at":"2025-07-09T19:33:05.568Z","repository":{"id":4246732,"uuid":"5371934","full_name":"0k/multidomain-sso","owner":"0k","description":"Quick example of a PHP multi-domain browser single-sign-on","archived":false,"fork":false,"pushed_at":"2016-10-03T10:21:30.000Z","size":12,"stargazers_count":56,"open_issues_count":1,"forks_count":28,"subscribers_count":10,"default_branch":"master","last_synced_at":"2024-03-26T14:24:39.947Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/0k.png","metadata":{"files":{"readme":"README.rst","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2012-08-10T16:57:32.000Z","updated_at":"2023-11-26T22:08:20.000Z","dependencies_parsed_at":"2022-09-23T11:00:47.173Z","dependency_job_id":null,"html_url":"https://github.com/0k/multidomain-sso","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0k%2Fmultidomain-sso","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0k%2Fmultidomain-sso/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0k%2Fmultidomain-sso/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0k%2Fmultidomain-sso/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/0k","download_url":"https://codeload.github.com/0k/multidomain-sso/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225587756,"owners_count":17492633,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-20T16:08:43.054Z","updated_at":"2024-11-20T16:08:43.761Z","avatar_url":"https://github.com/0k.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"===============\nmultidomain-sso\n===============\n\nProof of concept for multi-domain single-sign on for PHP applications.\n\nGeneral Presentation\n====================\n\nWhat is it ?\n------------\n\nSay you have HTTP domains ``foo.com`` and ``bar.org`` part of the same\nauthentication domain. Which means that authentication from\nhttp://foo.com and http://bar.org uses the same database for\nauthentication, and users are able to log in both domain with their\npassword.\n\nAnd you want to manage a single-sign on, which would mean for instance:\n\n  1 - open http://foo.com, sign in.\n\n  2 - go to http://bar.org, hurray ! you are recognized and you are\n    already signed in with no action from you.\n\nThis is not about centralization of authentication. Authentication\nmecanism is a separate concern.\n\nThis is about circonventing the fact that when connecting to a domain for\nthe first time, the browser and the server have no clues allowing you to be\nrecognized. So how could we manage to log in other non-visited website ?\n\nDemo\n----\n\nWant to test-it ? check:\n\n  - http://foo.demo.0k.io/multidomain-sso/php\n  - http://bar.demo.0k.io/multidomain-sso/php\n\nThese domain are linked. If it doesn't seem to work with you, please send\nme a issue request !\n\nHow does it works ?\n-------------------\n\nThe trick is quite simple and not new: when logging in ``foo.com`` a\nsilent AJAX call will make your browser visit ``bar.org`` setting up\nsession information between the browser and the server and effectively\nlog you in ``bar.org``.  Thus, your future \"first\" visit to\n``bar.org`` won't be the real first time the browser and the server\ncommunicates.\n\n\nHow do you circumvents all javascript cross domain restrictions ?\n-----------------------------------------------------------------\n\nBy using HTTP headers accordingly to CORS_.\n\n.. _CORS: https://developer.mozilla.org/en-US/docs/HTTP_access_control\n\n\nDo you store the login password and send it to other domains ?\n--------------------------------------------------------------\n\nNo, you shouldn't store password anywhere. What is sent are tokens\nidentifying an already opened connection. These tokens are\noften called \"session ids\" and have the appearance of a random hex\nfingerprint string generated at login time.\n\n\nCan I re-use some parts ?\n-------------------------\n\nIf you find anything useful please feel free to borrow ideas and\ncode. Any comments, examples or code is welcome also.\n\n\nUsage\n=====\n\nOverview\n--------\n\n``auth.php`` provides the abstract class that needs to be implemented\nwith various subclasses. It needs:\n\n    - an ``AuthProvider``, which is used as the authentication backend\n    - an ``AuthTokenStore``, which is used to store locally authentication tokens\n    - an ``AuthWebTransmitter``, which is responsible of sending auth tokens\n\n``oeauth.php`` shows how to build a custom class. This one uses OpenERP\nas authentication backend, and classical PHP ``$_SESSION`` magic\nvariable for session token storage. And a re-usable Javascript pattern is used\nas a way to propagate tokens to other domains.\n\nYou could for example, replace the ``AuthProvider`` class to change\nthe authentication backend, without changing much in both two other\n(you might need to change code related to the session tokens that your\nnew ``AuthProvider`` will produce and require).\n\n\nRequirements\n------------\n\nThis packages requires php-oe-json_ which itself will require\nTivoka_ which was patched for session id support on version ``\u003e= 3.2.*`` .\n\n\n.. _php-oe-json: https://github.com/0k/php-oe-json\n.. _Tivoka: https://github.com/marcelklehr/tivoka\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F0k%2Fmultidomain-sso","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F0k%2Fmultidomain-sso","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F0k%2Fmultidomain-sso/lists"}