I'm thinking to develop a full-fledged Identity System in Laravel 5 with Passport.
Following is my requirement:
- I should have main identity management app like identity.mysite.com where all of my users are stored.
- I have 2 other applications APP1, APP2.
- When user request restricted resource on APP1, (s)he should get authenticated by identity.mysite.com
- Once authenticated, let user access resources on APP1
- Meantime, if user decided to access restricted resources on APP2, (s)he should not be asked to put credentials again.
Things I've tried:
- simpleSAMLphp - SAML is an option which does these things for me. But it is not as mature as OneLogin and I'm not thinking to go in SaaS model at this stage unless it is necessity.
- Laravel Passport - oAuth 2.0 seems tempting. I can even use, Passport Grant Tokens but I'm unsure on how reliable it is over SAML. Also, Laravel Passport is being widely used to authenticate API. Is it going to be useful while authenticating traditional session based apps? I haven't seen any example where the proper SSO is implemented with more than one application and laravel passport.
I know OAuth 2.0 is not an authentication protocol. Rather it uses something called Authorization but we probably can make it work to support Authentication protocol as mentioned here. Is it something, that Laravel passport supports?