Skip to content
rw3iss Auth

SsoBridgeController

class rw3iss\AuthServer\Laravel\Http\SsoBridgeController src/Http/SsoBridgeController.php ↗

HTTP face of the SSO bridge (social-login redirect flow). Routes are mounted by VenAuthServiceProvider when bridge.enabled is on:

GET {prefix}/{provider}/redirect → redirect() — kick off GET {prefix}/callback → callback() — finish

{prefix} defaults to auth/rw3iss (config bridge.route_prefix). Register https://<app>{/prefix}/callback in the app’s allowed_redirect_urls on the auth-server.

Password logins don’t pass through here — they go straight from the app’s own login form to {@see SessionBridge::loginWithPassword()} (see docs/SSO_BRIDGE.md for the Filament page override).

Methods

redirect()

function redirect(Request $request, string $provider): RedirectResponse

Kick off: 302 the browser to the provider via the auth-server.

callback()

function callback(Request $request): RedirectResponse

Finish: exchange code+state, establish the local session.

safeNext()

function safeNext(mixed $next): ?string

Validate a post-login ?next= target: only same-origin relative paths survive. Rejects absolute URLs, protocol-relative //host, backslash tricks, control chars, and anything carrying a scheme — open-redirect defense (a bare str_starts_with('/') let //evil.example through).