Affinidi Login Integration using Laravel and HybridAuth

Use this guide to learn how to integrate Affinidi Login on your projects.

Affinidi PHP Laravel Hybridauth

A code sample using Laravel framework and uses Hybridauth library to enable passwordless login using Affinidi IDP.

Before you begin
  1. Set up Affinidi Vault account. Follow the guide below if you haven’t set it up yet.
Set up Affinidi Vault

Set up an Affinidi Vault account using the Web Vault or install the Mobile Vault (for Android).

The same setup steps for Mobile Vault.

  1. Click on Get started if you are creating a new account, or click on Restore from Backup if you have an existing backup of your Affinidi Vault. Provide the Passphrase to secure your Affinidi Vault.

You have the option to enable Biometrics to unlock your Affinidi Vault easily instead of using Passphrase.

Affinidi Vault Setup
  1. Enter your email address to register with the Affinidi Vault. An OTP will be sent to this email for verification.
Affinidi Vault Passphrase
  1. Enter the OTP sent to the email you have provided for verification to complete the setup.
Affinidi Vault Email Verification

After successfully providing the OTP, you are redirected to the Affinidi Vault dashboard.

  1. Install the Affinidi CLI. Follow the guide below if it hasn’t been installed.
Set up Affinidi CLI
  1. Download and install NodeJS on your machine if you haven’t set it up yet.
  1. Install Affinidi CLI using Node Package Manager (npm).
npm install -g @affinidi/cli
  1. Verify that the installation is successful.
affinidi --version

  1. Make sure you have Git installed on your machine. Follow this guide on how to install Git.

  2. Set up the Composer on your machine if you haven’t set it up yet.

  3. Ensure that you have at least PHP 8.1 version installed on your machine.

Download the Application

You can download as ZIP file the code sample from the GitHub Repo or generate it using Affinidi CLI with the following command:

affinidi generate app --provider=affinidi --framework=laravel --library=hybridauth --path=affinidi-login-refcodes

Select n when prompted to Automatically configure sample app environment, we will configure it later.

The above command will generate the code sample in the affinidi-login-refcodes directory.

Install Dependencies

After successfully generating the code sample, go to the affinidi-login-refcodes directory and install the required dependencies using the following commands:

composer install

Create Login Configuration

Name: Affinidi Login Sample

Redirect URIs: http://localhost:8020/login/affinidi/callback

Using Affinidi CLI
  1. Log in to Affinidi CLI by running:
affinidi start
  1. Once you have successfully logged in, create the Login Configuration by running:
affinidi login create-config --name='Affinidi Login Sample' --redirect-uris='http://localhost:8020/login/affinidi/callback'
  • --name is what you want your login configuration to be called.
  • --redirect-uris is the URL on your application where the user gets redirected after the successful authentication.

Learn more on how to manage your Login Configurations using Affinidi CLI.

Using Affinidi Portal
Create new Login Configuratioin

  1. Go to  Affinidi Login under the Services section.

  2. Click on the Create Login Configuration and provide the required details.

  • Name is the string that describes your login configuration.
  • Redirect URIs is the URL on your application where the user gets redirected after the successful authentication.
  1. Click on create and confirm if all the details are correct.
Login Configuratation new client

  1. After confirming the details, another popup shows the Client ID and Client Secret for your Login Configuration. Copy the generated Client Credentials and use them to integrate with Affinidi Login.

  2. After copying the Client ID and Client Secret and closing the popup, you are redirected back to the Affinidi Login page.

Login Configuration uses the default Presentation Definition (presentationDefinition) and ID Token Mapping (idTokenMapping) that is used to request the user’s email address during the authentication flow.

Learn more about customising the Presentation Definition and ID Token using this guide.

Set up the Application

Once the Login Configuration is created, set up the client credentials provided to integrate Affinidi Login.

Copy and set up the environment variables:

cp .env.example .env

Set the following variables with the values provided by the Login Configuration:

PROVIDER_CLIENT_ID="<LoginConfig.auth.ClientID>"
PROVIDER_CLIENT_SECRET="<LoginConfig.auth.ClientSecret>"
PROVIDER_ISSUER="<LoginConfig.auth.Issuer>"

The <LoginConfig.auth.*> are values from Login Configuration.

Run the Application

After installing the dependencies and setting up the required details in the application, run the following command to start the app locally:

php artisan serve

Once it is successfully started, visit the app using the link http://localhost:8020.

To enable a seamless passwordless login experience with Affinidi Login, refer to the following key changes were implemented:

  1. Imported affinidi/laravel-hybridauth-affinidi to enable OAuth flow in the composer.json.
  2. Implemented the following function in the ./app/Http/Controllers/LoginRegisterController.php:
    • Initiate Hybridauth with affinidi as OAuth provider with the client credentials.
    • affinidiLogin endpoint to initiate the Affinidi Login flow using Hybridauth adapter.
    • affinidiCallback endpoint to receive the response from Affinidi Login and parse the user profile from the idToken.
    • logout endpoint to logout and invalidate the current session.

Explore the sample implementation to learn more about how the integration works.