How to implement API authorization like Habra (TM)?

One API manipulates accounts, is responsible for storing user data and all reference to social networks. Let's call it company, and API position:

There is a project, call it project. API is located at

To log in to project new account no need to create. Universal account for all projects located in the company. The concept Habra with their TM - for local projects account is not required (but projects have profile).

How to build the architecture?
What tools to use?

The idea of a solution or how I imagine it:
On the client shows the login window, enter username password. Is sent to the API project:
API project is a request to the API with the accounts:
If everything is in order - is issued a token and returned in the API project, sohranyaetsya and sent to the customer. Then it is clear, the queries go with this token.
P. S. you Can directly make a request of the client
but it seemed better not to mix and make logic.

Additional infa:
API closed. Use will or JWT or Oauth 2.0 c grant owner (do not need to show the browser and ask permission, of course, the client trusted). All API write on Lumen.

Gratitude with tears in his eyes:
Pretty sure that idea is a crutch, and have already invented a good bike.
I would be grateful for any help!
July 12th 19 at 17:01
2 answers
July 12th 19 at 17:03
What you need! Can you tell me which is better to use for lumen? Suddenly you know - alvera45 commented on July 12th 19 at 17:06
July 12th 19 at 17:05
About SSO already suggested, that's about the lumen
Tell me this api approach? My goal is to make the clients ( not browsers) sso, and the goal is not in the entrance once - namely, that the account is universal for all projects. - alvera45 commented on July 12th 19 at 17:08
: Yes, this should do it - alvera45 commented on July 12th 19 at 17:11

Find more questions by tags APIRESTful APIPHPLaravel