facile-it / openid-bundle
A Symfony bundle to integrate OpenId login
Installs: 50
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 4
Forks: 0
Open Issues: 0
Type:symfony-bundle
Requires
- php: ^7.1
- lcobucci/jwt: ^3.2
- symfony/config: ^3.4|^4.0
- symfony/dependency-injection: ^3.4|^4.0
- symfony/http-kernel: ^3.4|^4.0
- symfony/routing: ^3.4|^4.0
- symfony/security-bundle: ^3.4|^4.0
Requires (Dev)
- drew/debug-statements-fixers: ^0.5
- facile-it/facile-coding-standard: ^0.3
- jangregor/phpstan-prophecy: ^0.3
- php-coveralls/php-coveralls: ^2.1
- phpspec/prophecy: ^1.8
- phpstan/phpstan: ^0.11.3
- phpstan/phpstan-phpunit: ^0.11
- phpunit/phpunit: ^7.5|^8.0.5
- symfony/browser-kit: ^3.4|^4.0
- symfony/framework-bundle: ^3.4|^4.0
- symfony/phpunit-bridge: ^4.2
This package is auto-updated.
Last update: 2022-02-01 13:16:36 UTC
README
WARNING: this package is abandoned. Use an OAuth2 client instead, since OpenId Connect is a superset of that funtionality.
This bundles add a new custom authentication provider for your Symfony firewall, allowing authentication of your users using a third party OpenId provider.
Installation
Require the package through Composer
composer require facile-it/openid-bundle
Add the bundle to your app kernel:
class AppKernel extends Kernel { public function registerBundles() { $bundles = [ // ... new Facile\OpenIdBundle\OpenIdBundle(), ]; // ...
Configuration
Add the two needed routes to your routing configuration; names and paths are up to you:
## app/config/routing.yml facile_openid_login: # your login route, that will redirect your user to the OpenId service path: /openid/login facile_openid_check: # your check route, where your user will return back for authentication on your app path: /openid/check
Define a service that implements the \Facile\OpenIdBundle\Security\UserProvider interface:
<?php namespace App\Security; use Facile\OpenIdBundle\Security\Authentication\Token\OpenIdToken; use Symfony\Component\Security\Core\User\UserInterface; class MyOpenIdUserProvider implements \Facile\OpenIdBundle\Security\UserProvider { /** * Authentication hook point for the entire bundle. * * During the authentication procedure, this method is called to identify the user to be * authenticated in the current session. This method will hold all the logic to associate * the given OpenId token to an user of the current application. The user can even be * instantiated (and/or persisted) on the fly, and it will be set in the current session * afterwards. * * @param OpenIdToken $token the token obtained during the post-authentication redirect * * @return UserInterface|null the user associated to that token, or null if no user is found */ public function findUserByToken(OpenIdToken $token): ?UserInterface { // ... } }
Under the Security bundle configuration of your Symfony application, configure the firewall like this:
security: # ... firewalls: my_secured_firewall: pattern: ^/(secured|openid) # choose the right pattern to protect behind the OpenId authentication facile_openid: auth_endpoint: 'http://login.example.com/oauth2/authorize' # the endpoint of the OpenId service to redirect to for authentication client_id: 'client_test' # your client ID login_path: facile_openid_login # the route name or path of your login route check_path: facile_openid_check # the route name or path of your check route jwt_key_path: '/some/path/to/jwt/public.key' # the file path to the public key that was used to sign the OpenId JWT token provider: App\Security\MyOpenIdUserProvider # the ID of the service implementing the UserProvider interface # optional configuration parameters: scope: # default value: ['email']; openid scope is implicit - email - profile
NOTE: the login_path & check_path routes must be matched by the pattern of this firewall, or othewise the firewall will not be triggered.