Registration
Registration is owned by RegisteredUserController. Your app fills the view seam with
Oidc::registerView(...) and the action seam with Oidc::createUsersUsing(...); the package owns
the event dispatch, sign-in, and session regeneration.
Routes
Section titled “Routes”| Route name | Verb | Path | Middleware |
|---|---|---|---|
identity.register |
GET |
auth/register |
web, guest:identity |
identity.register.store |
POST |
auth/register |
web, guest:identity |
GET identity.register renders your bound registerView. If no view is bound, hitting the route
throws a RuntimeException.
The registration flow (POST identity.register.store)
Section titled “The registration flow (POST identity.register.store)”- The full request input is collected, with
emaillowercased. - The
createUsersUsingaction is invoked with that input array and must return the createdAuthenticatable. - Laravel’s
Illuminate\Auth\Events\Registeredevent is fired for the new user (this is what triggers the email verification notification when your user model implementsMustVerifyEmail). - The user is logged in on the
identityguard. - The session is regenerated.
Response
Section titled “Response”- A JSON request (
wantsJson) receives an empty201response. - A browser request is redirected via
redirect()->intended(...)toconfig('oidc.auth.home')(default/dashboard).
Validation lives in your action
Section titled “Validation lives in your action”The controller does not validate the registration input beyond lowercasing email. Ownership
of the rules is yours — enforce them inside your createUsersUsing action (or a form request that
feeds it), exactly where your app’s persistence and password hashing already live. This keeps the
package out of your user model’s shape:
use Illuminate\Support\Facades\Validator;
class CreateNewUser{ public function create(array $input): User { Validator::make($input, [ 'name' => ['required', 'string', 'max:255'], 'email' => ['required', 'email', 'unique:users'], 'password' => ['required', 'confirmed', Password::defaults()], ])->validate();
return User::create([ 'name' => $input['name'], 'email' => $input['email'], 'password' => Hash::make($input['password']), ]); }}Register it in a service provider boot():
use Bambamboole\LaravelOidc\Facades\Oidc;
Oidc::createUsersUsing(App\Actions\CreateNewUser::class);After registration
Section titled “After registration”When your user model implements MustVerifyEmail, the Registered event sends the verification
notification and the user is redirected/gated through the
email verification flow before reaching protected pages.