• Stars
    star
    202
  • Rank 193,691 (Top 4 %)
  • Language
    PHP
  • License
    MIT License
  • Created over 9 years ago
  • Updated 4 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Keycloak Provider for OAuth 2.0 Client

Keycloak Provider for OAuth 2.0 Client

Latest Version Software License Build Status Coverage Status Quality Score Total Downloads

This package provides Keycloak OAuth 2.0 support for the PHP League's OAuth 2.0 Client.

Installation

To install, use composer:

composer require stevenmaguire/oauth2-keycloak

Usage

Usage is the same as The League's OAuth client, using \Stevenmaguire\OAuth2\Client\Provider\Keycloak as the provider.

Use authServerUrl to specify the Keycloak server URL. You can lookup the correct value from the Keycloak client installer JSON under auth-server-url, eg. http://localhost:8080/auth.

Use realm to specify the Keycloak realm name. You can lookup the correct value from the Keycloak client installer JSON under resource, eg. master.

Authorization Code Flow

$provider = new Stevenmaguire\OAuth2\Client\Provider\Keycloak([
    'authServerUrl'         => '{keycloak-server-url}',
    'realm'                 => '{keycloak-realm}',
    'clientId'              => '{keycloak-client-id}',
    'clientSecret'          => '{keycloak-client-secret}',
    'redirectUri'           => 'https://example.com/callback-url',
    'encryptionAlgorithm'   => 'RS256',                             // optional
    'encryptionKeyPath'     => '../key.pem'                         // optional
    'encryptionKey'         => 'contents_of_key_or_certificate'     // optional
    'version'               => '20.0.1',                            // optional
]);

if (!isset($_GET['code'])) {

    // If we don't have an authorization code then get one
    $authUrl = $provider->getAuthorizationUrl();
    $_SESSION['oauth2state'] = $provider->getState();
    header('Location: '.$authUrl);
    exit;

// Check given state against previously stored one to mitigate CSRF attack
} elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) {

    unset($_SESSION['oauth2state']);
    exit('Invalid state, make sure HTTP sessions are enabled.');

} else {

    // Try to get an access token (using the authorization coe grant)
    try {
        $token = $provider->getAccessToken('authorization_code', [
            'code' => $_GET['code']
        ]);
    } catch (Exception $e) {
        exit('Failed to get access token: '.$e->getMessage());
    }

    // Optional: Now you have a token you can look up a users profile data
    try {

        // We got an access token, let's now get the user's details
        $user = $provider->getResourceOwner($token);

        // Use these details to create a new profile
        printf('Hello %s!', $user->getName());

    } catch (Exception $e) {
        exit('Failed to get resource owner: '.$e->getMessage());
    }

    // Use this to interact with an API on the users behalf
    echo $token->getToken();
}

Refreshing a Token

$provider = new Stevenmaguire\OAuth2\Client\Provider\Keycloak([
    'authServerUrl'     => '{keycloak-server-url}',
    'realm'             => '{keycloak-realm}',
    'clientId'          => '{keycloak-client-id}',
    'clientSecret'      => '{keycloak-client-secret}',
    'redirectUri'       => 'https://example.com/callback-url',
]);

$token = $provider->getAccessToken('refresh_token', ['refresh_token' => $token->getRefreshToken()]);

Handling encryption

If you've configured your Keycloak instance to use encryption, there are some advanced options available to you.

Configure the provider to use the same encryption algorithm

$provider = new Stevenmaguire\OAuth2\Client\Provider\Keycloak([
    // ...
    'encryptionAlgorithm'   => 'RS256',
]);

or

$provider->setEncryptionAlgorithm('RS256');

Configure the provider to use the expected decryption public key or certificate

By key value
$key = "-----BEGIN PUBLIC KEY-----\n....\n-----END PUBLIC KEY-----";
// or
// $key = "-----BEGIN CERTIFICATE-----\n....\n-----END CERTIFICATE-----";

$provider = new Stevenmaguire\OAuth2\Client\Provider\Keycloak([
    // ...
    'encryptionKey'   => $key,
]);

or

$provider->setEncryptionKey($key);
By key path
$keyPath = '../key.pem';

$provider = new Stevenmaguire\OAuth2\Client\Provider\Keycloak([
    // ...
    'encryptionKeyPath'   => $keyPath,
]);

or

$provider->setEncryptionKeyPath($keyPath);

Testing

$ ./vendor/bin/phpunit

Contributing

Please see CONTRIBUTING for details.

Credits

License

The MIT License (MIT). Please see License File for more information.

More Repositories

1

trello-php

A php client for consuming the Trello API
PHP
82
star
2

oauth2-microsoft

Microsoft OAuth 2.0 support for the PHP League's OAuth 2.0 Client
PHP
65
star
3

uber-php

A php client for consuming Uber API
PHP
63
star
4

yelp-php

A php client for consuming Yelp API
PHP
56
star
5

laravel-middleware-csp

Provides support for enforcing Content Security Policy with headers in Laravel responses.
PHP
40
star
6

oauth2-salesforce

Salesforce Provider for the OAuth 2.0 Client
PHP
30
star
7

zurb-foundation-laravel

Build HTML form elements for Foundation inside Laravel 4
PHP
19
star
8

oauth2-bitbucket

Bitbucket OAuth 2.0 support for the PHP League's OAuth 2.0 Client
PHP
19
star
9

laravel-cache

Seamlessly adding caching to Laravel service objects
PHP
17
star
10

oauth2-dropbox

Dropbox Provider for the OAuth 2.0 Client
PHP
16
star
11

product-microservice-example

sample project to supplement training curriculum
PHP
16
star
12

oauth2-uber

Uber OAuth 2.0 support for the PHP League's OAuth 2.0 Client
PHP
12
star
13

oauth2-paypal

PayPal Provider for OAuth 2.0 Client
PHP
8
star
14

middleware-csp-php

Provides support for enforcing Content Security Policy with headers in PSR 7 responses.
PHP
7
star
15

ifttt-demo

Demo project for Events in Laravel 5
PHP
6
star
16

toran

PHP
6
star
17

oauth2-zendesk

Zendesk Provider for the OAuth 2.0 Client
PHP
5
star
18

oauth2-box

Box OAuth 2.0 support for the PHP League's OAuth 2.0 Client
PHP
4
star
19

laravel-uuid-model

Create non-incrementing Laravel models whose primary key is a UUID
PHP
4
star
20

oauth2-yelp

Yelp Provider for the OAuth 2.0 Client
PHP
2
star
21

encoding-php

A php client for consuming Encoding.com API
PHP
2
star
22

oauth2-nest

Nest Provider for the OAuth 2.0 Client
PHP
2
star
23

oauth2-eventbrite

Eventbrite OAuth 2.0 support for the PHP League's OAuth 2.0 Client
PHP
2
star
24

dotfiles

i use computers.
Vim Script
1
star
25

elvish-ipsum

Add Elvish words, sentences, and paragraphs to your Laravel project
PHP
1
star
26

bydreco-service

PHP
1
star
27

oauth2-basecamp

Basecamp Provider for the OAuth 2.0 Client
PHP
1
star
28

oauth2-wecounsel

WeCounsel OAuth 2.0 support for the PHP League's OAuth 2.0 Client
PHP
1
star
29

elvish-me

Primitive Laravel application to generate and define elvish language
PHP
1
star