I am using FusionAuth with Laravel quite differently than as example in official blog.
I am using FusionAuth hosted pages and OAuth flow.
-
guest are redirected to fusionauth login page from where they are redirected to myapp.com/callback?code=xxx on successful login.
-
backend exchange the authorization code for token with fusionAuth,
if successful: then either creates a new user entry in app DB with UUID given by fusionauth or fetches user entry (if already exist). and set a user session.
if fails: throws 401 unauthorized error. -
App doesn't store or use the authorization code after that, the user stays logged in as long as session is alive irrespective of FusionAuth SSO session or authorization code life time.
Is there any better way to implement SSO where fusionAuth's sessions also stays alive along with app's session? and where I can implement logout from all devices mechanism.
Laravel has inbuilt support for logoutFromOtherDevices in its Auth facade but we have already replaced Auth:: with self created sessions to use FusionAuth, can't we use fusionAuth with laravel Auth facade to utilize most of its features? or my apprch is wrong? Please correct me.