facile-it/openid-bundle

This package is abandoned and no longer maintained. No replacement package was suggested.

A Symfony bundle to integrate OpenId login

Installs: 51

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 4

Forks: 0

Open Issues: 0

Type:symfony-bundle

0.1.0 2019-05-07 09:16 UTC

This package is auto-updated.

Last update: 2022-02-01 13:16:36 UTC


README

WARNING: this package is abandoned. Use an OAuth2 client instead, since OpenId Connect is a superset of that funtionality.

PHP Version Stable release Unstable release

Build status Coverage Status

This bundles add a new custom authentication provider for your Symfony firewall, allowing authentication of your users using a third party OpenId provider.

Installation

Require the package through Composer

composer require facile-it/openid-bundle

Add the bundle to your app kernel:

class AppKernel extends Kernel
{
    public function registerBundles()
    {
        $bundles = [
            // ...
            new Facile\OpenIdBundle\OpenIdBundle(),
        ];

        // ...

Configuration

Add the two needed routes to your routing configuration; names and paths are up to you:

## app/config/routing.yml

facile_openid_login: # your login route, that will redirect your user to the OpenId service
    path: /openid/login

facile_openid_check: # your check route, where your user will return back for authentication on your app
    path: /openid/check

Define a service that implements the \Facile\OpenIdBundle\Security\UserProvider interface:

<?php

namespace App\Security;

use Facile\OpenIdBundle\Security\Authentication\Token\OpenIdToken;
use Symfony\Component\Security\Core\User\UserInterface;

class MyOpenIdUserProvider implements \Facile\OpenIdBundle\Security\UserProvider
{
    /**
     * Authentication hook point for the entire bundle.
     *
     * During the authentication procedure, this method is called to identify the user to be
     * authenticated in the current session. This method will hold all the logic to associate
     * the given OpenId token to an user of the current application. The user can even be
     * instantiated (and/or persisted) on the fly, and it will be set in the current session
     * afterwards.
     *
     * @param OpenIdToken $token the token obtained during the post-authentication redirect
     *
     * @return UserInterface|null the user associated to that token, or null if no user is found
     */
    public function findUserByToken(OpenIdToken $token): ?UserInterface
    {
        // ...
    }
}

Under the Security bundle configuration of your Symfony application, configure the firewall like this:

security:
  # ...

  firewalls:
    my_secured_firewall:
      pattern: ^/(secured|openid) # choose the right pattern to protect behind the OpenId authentication 
      facile_openid:
        auth_endpoint: 'http://login.example.com/oauth2/authorize' # the endpoint of the OpenId service to redirect to for authentication 
        client_id: 'client_test' # your client ID
        login_path: facile_openid_login # the route name or path of your login route
        check_path: facile_openid_check # the route name or path of your check route
        jwt_key_path: '/some/path/to/jwt/public.key' # the file path to the public key that was used to sign the OpenId JWT token
        provider: App\Security\MyOpenIdUserProvider # the ID of the service implementing the UserProvider interface

        # optional configuration parameters:
        scope: # default value: ['email']; openid scope is implicit
        - email
        - profile 

NOTE: the login_path & check_path routes must be matched by the pattern of this firewall, or othewise the firewall will not be triggered.