IntegrateBackends
Laravel integration
Authenticate via Olympus in a Laravel backend
Use Socialite with the socialiteproviders/keycloak provider (works with any standards-compliant OIDC provider including Olympus Hydra).
Setup
composer require laravel/socialite
composer require socialiteproviders/keycloakconfig/services.php:
'keycloak' => [
'client_id' => env('OLYMPUS_CLIENT_ID'),
'client_secret' => env('OLYMPUS_CLIENT_SECRET'),
'redirect' => env('OLYMPUS_REDIRECT_URI'),
'base_url' => env('OLYMPUS_ISSUER'), // e.g. https://ciam.your-domain
'realms' => '', // Olympus doesn't use realms, leave empty
],Route handlers
// routes/web.php
Route::get('/auth/login', function () {
return Socialite::driver('keycloak')->redirect();
});
Route::get('/auth/callback', function () {
$oauthUser = Socialite::driver('keycloak')->user();
$user = User::firstOrCreate(
['olympus_sub' => $oauthUser->id],
['email' => $oauthUser->email, 'name' => $oauthUser->name]
);
Auth::login($user);
return redirect('/dashboard');
});
Route::post('/auth/logout', function () {
Auth::logout();
// Trigger RP-initiated logout
return redirect(env('OLYMPUS_ISSUER') . '/oauth2/sessions/logout');
});API token validation
For REST APIs:
// app/Http/Middleware/ValidateOlympusToken.php
class ValidateOlympusToken
{
public function handle($request, Closure $next)
{
$token = $request->bearerToken();
if (!$token) abort(401);
$response = Http::asForm()
->withBasicAuth(env('HYDRA_ADMIN_USER'), env('HYDRA_ADMIN_PASS'))
->post(env('OLYMPUS_ISSUER') . '/admin/oauth2/introspect', ['token' => $token]);
$info = $response->json();
if (!($info['active'] ?? false)) abort(401);
$request->merge(['user_sub' => $info['sub']]);
return $next($request);
}
}Register and apply to API routes:
Route::middleware('olympus.token')->group(function () {
Route::get('/api/widgets', WidgetController::class);
});