Installation
Requirements
Section titled “Requirements”- PHP
^8.4 - Laravel 11, 12, or 13
laravel/passport^13.4— the OAuth2 core the package builds on (installed as a dependency)
Install
Section titled “Install”composer require bambamboole/laravel-oidcThe service provider is auto-discovered.
Publish and run the migrations
Section titled “Publish and run the migrations”The package ships migrations that extend oauth_clients (post-logout redirect URIs, exchange
audiences, provisioning key, back-channel logout) and add its own tables (authentication
contexts, access-token contexts, TOTP factors, recovery codes, sessions, session participants).
The publish tag also includes the laravel/passkeys migration.
php artisan vendor:publish --tag=oidc-migrationsphp artisan migrateGenerate signing keys
Section titled “Generate signing keys”Tokens are signed with RS256. Generate an env-based keypair — it keeps keys out of the filesystem and manages rotation for you (see Key rotation):
php artisan oidc:rotate-keysThis writes OIDC_PRIVATE_KEY and OIDC_PUBLIC_KEY to your .env (pass --print to emit
them to stdout for a secrets manager instead).
Publish the config (optional)
Section titled “Publish the config (optional)”php artisan vendor:publish --tag=oidc-configThis writes config/oidc.php. See Configuration for every key.
Set the issuer
Section titled “Set the issuer”Set OIDC_ISSUER to the public origin of your provider (it falls back to app.url when unset).
Every URL advertised in the discovery document is derived from this origin, not the incoming
request’s host:
OIDC_ISSUER=https://id.example.comNext steps
Section titled “Next steps”- If you only want the OIDC provider, register a consent view (see Endpoints & discovery) and you are ready to authorize clients.
- If you want the auth engine too, bind your login/registration views and a create-user action — see Auth engine overview.