WIP

app/Http/Controllers/OIDCController.php

@@ -134,8 +134,13 @@ class OIDCController extends Controller
 
         $accessToken = Str::random(64);
 
-        $user->tokens()->updateOrCreate(['application_id' => $client->id], [
+        $user->tokens()->create([
-            'token' => $accessToken
+            'application_id' => $client->id,
+            'token' => $accessToken,
+            'issued_at' => now()->toDateTimeString(),
+            'expires_at' => now()->addMonth()->toDateTimeString(),
+            'ip' => $request->ip(),
+            'user_agent' => $request->userAgent(),
         ]);
 
         return response()->json([
@@ -217,4 +222,9 @@ class OIDCController extends Controller
             ]
         ]);
     }
+
+    public function logout(Request $request)
+    {
+        return view('logged-out');
+    }
 }

app/Livewire/AppInfoModal.php

@@ -15,11 +15,6 @@ class AppInfoModal extends Component
     public string $query = '';
     public ?string $icon = null;
 
-    public function mount()
-    {
-        $this->loadApp(4);
-    }
-
     public function updated($prop)
     {
         if ($prop == "query") {

app/Livewire/Forms/UserProfile.php

@@ -18,7 +18,7 @@ class UserProfile extends Component
     public string $name = '';
     public string $email = '';
     public ?string $preferred_username = null;
-    public string $avatar = '';
+    public ?string $avatar = null;
     #[Validate('image|max:10000')]
     public $avatarUpload;
     // Password
@@ -68,22 +68,26 @@ class UserProfile extends Component
         $this->dispatch('profile-updated', name: $user->name);
     }
 
-    /**
+    public function updatePassword(): void
-     * Send an email verification notification to the current user.
-     */
-    public function resendVerificationNotification(): void
     {
-        $user = Auth::user();
+        try {
+            $validated = $this->validate([
+                'current_password' => ['required', 'string', 'current_password'],
+                'password' => ['required', 'string', PasswordRule::defaults(), 'confirmed'],
+            ]);
+        } catch (ValidationException $e) {
+            $this->reset('current_password', 'password', 'password_confirmation');
 
-        if ($user->hasVerifiedEmail()) {
+            throw $e;
-            $this->redirectIntended(default: route('dashboard', absolute: false));
-
-            return;
         }
 
-        $user->sendEmailVerificationNotification();
+        Auth::user()->update([
+            'password' => Hash::make($validated['password']),
+        ]);
 
-        Session::flash('status', 'verification-link-sent');
+        $this->reset('current_password', 'password', 'password_confirmation');
+
+        $this->dispatch('password-updated');
     }
 
     public function render()

database/migrations/2025_07_28_030305_add_extra_info_to_authentication_tokens.php

@@ -0,0 +1,31 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     */
+    public function up(): void
+    {
+        Schema::table('authentication_tokens', function (Blueprint $table) {
+            $table->string('user_agent')->nullable();
+            $table->string('ip')->nullable();
+            $table->timestamp('issued_at');
+            $table->timestamp('expires_at');
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     */
+    public function down(): void
+    {
+        Schema::table('authentication_tokens', function (Blueprint $table) {
+            //
+        });
+    }
+};

package-lock.json

@@ -1,5 +1,5 @@
 {
-    "name": "homelab-sso",
+    "name": "authentikate",
     "lockfileVersion": 3,
     "requires": true,
     "packages": {

resources/views/dashboard.blade.php

@@ -1,8 +1,10 @@
 <x-layouts.app :title="__('Dashboard')">
     <div class="max-w-4xl mx-auto py-12">
-        <livewire:app-container />
+        <div class="grid grid-cols-2">
-        <div class="mt-4">
             <livewire:forms.user-profile />
         </div>
+        <div class="mt-4">
+            <livewire:app-container />
+        </div>
     </div>
 </x-layouts.app>

resources/views/livewire/forms/user-profile.blade.php

@@ -15,8 +15,12 @@
             </div>
             <div class="flex-1 flex flex-col justify-between">
                 <flux:text>{{auth()->user()->name}}</flux:text>
+                @if (!empty(auth()->user()->preferred_username))
                 <flux:text>{{auth()->user()->preferred_username}} <span class="italic">(preferred username)</span>
                 </flux:text>
+                @else
+                <flux:text>No preferred username</flux:text>
+                @endif
                 <flux:text>{{auth()->user()->email}}</flux:text>
             </div>
         </div>

resources/views/logged-out.blade.php

@@ -0,0 +1,8 @@
+<x-layouts.base>
+    <div class="flex flex-col items-center justify-center max-w-xl mx-auto h-screen">
+        <flux:heading size="xl" class="mb-8">You've been logged out of this app</flux:heading>
+        @auth
+        <flux:button href="{{route('dashboard')}}">Back to dashboard</flux:button>
+        @endauth
+    </div>
+</x-layouts.base>

routes/web.php

@@ -38,6 +38,7 @@ Route::prefix('application/o')->group(function () {
     Route::post('token', [OIDCController::class, 'token'])->withoutMiddleware(VerifyCsrfToken::class)->name('auth.token');
     Route::get('userinfo', [OIDCController::class, 'userinfo'])->name('auth.userinfo');
     Route::get('confirm', ConsentScreen::class)->name('auth.confirm');
+    Route::get('logout', [OIDCController::class, 'logout'])->name('auth.logout');
 });
 Route::get('.well-known/jwks.json', [OIDCController::class, 'jwks'])->name('auth.keys');
 Route::get('.well-known/openid-configuration', [OIDCController::class, 'openidConfig'])->name('auth.openid-configuration');