Skip to content
No description, website, or topics provided.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

LogonLabs PHP

The official LogonLabs PHP library.


composer require logonlabs/logonlabs-php

LogonLabs API

Instantiating a new client

  • Your APP_ID can be found in App Settings.
  • APP_SECRETS are configured here.
  • The LOGONLABS_API_ENDPOINT should be set to

Create a new instance of LogonClient.

use LogonLabs\IdPx\API\LogonClient as LogonClient;
$logonClient = new LogonClient(array(
    'app_id' => '{APP_ID}',
    'app_secret' => '{APP_SECRET}',
    'api_path' => '{LOGONLABS_API_ENDPOINT}',

SSO Login QuickStart

The StartLogin function in the JS library begins the LogonLabs managed SSO process.

Further documentation on starting the login process via our JavaScript client can be found at our GitHub page here. The following example demonstrates what to do once the callback Url has been used by our system to redirect the user back to your page:

$token = $_REQUEST['token'];
$loginData = $logonClient->validateLogin($token);
if ($loginData['body']['event_success']) {

PHP Only Workflow

The following workflow is required if you're using php to process all transaction requests. If this does not apply to you, please refer to the SSO Login QuickStart section.

Step 1 - StartLogin

This call begins the LogonLabs managed SSO process. The client_data property is optional and is used to pass any data that is required after validating the request. The client_encryption_key property is optionally passed if the application requires encrypting any data that is passed between the front and back ends of its infrastructure. The tags property is an Array of type Tag which is a simple object representing a key/value pair. The redirect is a key to allow auto-redirect or return a url for server redirection.

use LogonLabs\IdentityProviders as IdentityProviders;
$client_data = array("client_data" => "value");
$client_encryption_key = "qbTRzCvUju";
$tags = array("example-key" => "example-value");
$redirect = false;
$redirect_uri = $logonClient->startLogin(IdentityProviders::GOOGLE, "emailAddress", $client_data, $client_encryption_key, $tags, $redirect);

The redirect_uri property returned should be redirected to by the application. Upon submitting their credentials, users will be redirected to the callback_url set within the application settings at  

Step 2 - ValidateLogin

This method is used to validate the results of the login attempt. query_token corresponds to the query parameter with the name token appended to the callback url specified for your app. The response contains all details of the login and the user has now completed the SSO workflow. If there is any additional information to add, UpdateEvent can be called on the event_id returned.

use LogonLabs\EventValidationTypes as EventValidationTypes;

$token = $_REQUEST['token'];
$loginData = $logonClient->validateLogin($token);
if ($loginData['body']['event_success']) {
} else {
    $validation_details = $loginData['body']['validation_details'];
    if(strcasecmp($validation_details['auth_validation'], EventValidationTypes::Fail) == 0)) {
        //authentication with identity provider failed
    if(strcasecmp($validation_details['email_match_validation'], EventValidationTypes::Fail) == 0)) {
        //email didn't match the one provided to StartLogin
    if(strcasecmp($validation_details['ip_validation'], EventValidationTypes::Fail) == 0) 
        || strcasecmp($validation_details['geo_validation'], EventValidationTypes::Fail) == 0)
        || strcasecmp($validation_details['time_validation'], EventValidationTypes::Fail) == 0)) {
        //validation failed via restriction settings for the app


The CreateEvent method can be used to create events that are outside of our SSO workflows. UpdateEvent can be used to update any events made either by CreateEvent or by our SSO login.

use LogonLabs\EventValidationTypes as EventValidationTypes;
$local_validation = EventValidationTypes::Pass;
$tag = array(
    'key' => 'example-key',
    'value' => 'example-value'
$tags = array($tag);
$response = $logonClient->createEvent(LogonClient::LocalLogin, true,
        $local_validation, "email_address", "ip_address", "user_agent",
        "first_name", "last_name", $tags);

$event_id = $response['body']['event_id'];
$local_validation = EventValidationTypes::Fail;
$tags = array('failure-field' => 'detailed reason for failure');
$response = $logonClient->updateEvent($event_id, $local_validation, $tags);

Helper Methods


This method is used to retrieve a list of all providers enabled for the application. If an email address is passed to the method, it will return the list of providers available for that email domain.

$response = $logonClient->getProviders("emailAddress");
$result = $response['body'];
$identity_providers = $result['identity_providers'];
foreach ($identity_providers as $provider) {
    //each individual providers available for this email address


The PHP SDK has built in methods for encrypting strings using AES encryption. Use a value for your encryption key that only your client will know how to decrypt

use LogonLabs\IdPx\API\LogonClient as LogonClient;
$client_encryption_key = "qbTRzCvUju";
$value = "string to be encrypted";
$encrypted_string = LogonClient::encrypt($client_encryption_key, $value); 


This method parses out the value of the token query parameter returned with your callback url.

use LogonLabs\IdPx\API\LogonClient as LogonClient;
$callback_url = "";
$token = LogonClient::parseToken($callback_url);


//string(32) "7dc6e5dc4f2641aab64a6fa1ed91a3b1"
You can’t perform that action at this time.