Appearance
External Identity
External identity support gives applications a common shape for Socialite, OIDC, and other provider profiles.
The package does not decide whether a local user should be created, linked, or denied. The app owns that policy.
ExternalIdentity DTO
php
use Sopheak\JwtAuth\DTO\ExternalIdentity;
$identity = new ExternalIdentity(
provider: 'google',
providerUserId: 'google-123',
email: 'user@example.com',
emailVerified: true,
name: 'Test User',
avatar: 'https://example.test/avatar.png',
rawProfile: ['locale' => 'en'],
providerTokens: ['access_token' => 'provider-token'],
);Store or Link an Identity
php
use Sopheak\JwtAuth\Services\ExternalIdentityStore;
$record = app(ExternalIdentityStore::class)->store($identity, $user);By default, provider tokens are not stored. Enable external_identities.store_provider_tokens only when the app really needs them.
Provider Contract
Adapters can implement ExternalIdentityProvider:
php
use Sopheak\JwtAuth\Contracts\ExternalIdentityProvider;
final class SocialiteIdentityProvider implements ExternalIdentityProvider
{
// redirect(string $provider, array $options = [])
// callback(string $provider, Request $request)
}Typical App Flow
- App redirects the browser/client to the provider.
- Provider redirects back to the app callback.
- Adapter normalizes the provider user into
ExternalIdentity. - App links or creates the local user.
- App applies MFA, tenant, and business rules.
- App calls
JwtTokenService::issueTokenPair().