glance-project/authorization-service

Abstraction on top of the CERN Authorization Service API

Maintainers

Details

gitlab.cern.ch/fence/common/authorization-service

Installs: 4 490

Dependents: 0

Suggesters: 0

Security: 0

v1.0.0 2024-05-15 06:25 UTC

Requires

Requires (Dev)

proprietary dfc858c268a9f2534d47857ba4fc371ece2e3849

  • Mario Gunter Simao <mario.simao.woop@cern.ch>

This package is auto-updated.

Last update: 2024-10-31 09:02:45 UTC

README

This is an SDK to use CERN Authorization Service API.

Installation

Install using Composer:

composer require glance-project/authorization-service

Getting started

To use this library, you might need to have an application registered on Application Portal. If you do not know what this means, refer to the CERN Authorization Service documentation

With your application registered, you will use the Client ID and Client secret.

Usage

This library was designed to be used through several providers.

All providers can be created with application credentials or with an access token.

// Example of $inProduction. Adapt for your needs!
$inProduction = getenv("ENVIRONMENT") === "PRODUCTION";

$groupProvider = GroupProvider::createWithAppCredentials($clientId, $clientSecret, $inProduction);

$identityProvider = IdentityProvider::createWithAccessToken("eyJ0eXAiOiJKV1QiLCJhbGciOiJIUziJ9...", $inProduction);

GroupProvider

GroupProvider::findGroupByIdentifier()

Find a group by the identifier.

A GroupNotFoundException is thrown if the group does not exist.

$group = $groupProvider->findGroupByIdentifier("fence-developers");

$group->identifier();     // "fence-developers"
$group->id()->toString(); // "08d771b2-78da-2fc0-fbd3-3816f92282c8"

GroupProvider::createStaticGroup()

Create a static group. Only the identifier, display name and description are required.

$group = $groupProvider->createStaticGroup(
    "test-group",                                                // Identifier           (required)
    "A test group",                                              // Display name         (required)
    "This is a test group description",                          // Description          (required)
    GroupId::fromString("08d779a9-1e2c-72ad-52ff-45ff27e620c1"), // Administrators group (optional)
    Category::test(),                                            // Category             (optional)
    new DateTimeImmutable("2021-12-31"),                         // Expiration date      (optional)
    SelfSubscriptionPolicy::closed(),                            // Self subscription    (optional)
    PrivacyPolicy::groupAdministrators(),                        // Privacy policy       (optional)
    true                                                         // Approval required    (optional)
);

GroupProvider::deleteGroup()

Delete a group by the identifier.

$groupProvider->deleteGroup("fence-developers");

GroupProvider::synchronizeMembers()

Define the composition of a group using Identity IDs.

Members witch are not present on the given array of Identity IDs will be removed.

At the end, only the informed members will be part of the group.

$identityIds = $identityProvider->getIdsFromPersonIds([837034, 123456]);

$groupProvider->synchronizeMembers("fence-developers", $identityIds);

$members = $groupProvider->findMemberIdentities("fence-developers");

foreach ($members as $member) {
    echo $member->personId(); . "\n"
}

// Output:
// 837034
// 123456

GroupProvider::addMembersToGroup()

Add members to group without changing the whole group composition.

$identityIds = $identityProvider->getIdsFromPersonIds([837034, 123456]);

$groupProvider->addMembersToGroup("fence-developers", $identityIds);

GroupProvider::removeMembersFromGroup()

Remove members from group without changing the whole group composition.

$identityIds = $identityProvider->getIdsFromPersonIds([ 837034 ]);

$groupProvider->removeMembersFromGroup("fence-developers", $identityIds);

GroupProvider::findMemberIdentities()

Find members which are inside group. Returns an array of Identity objects.

$members = $groupProvider->findMemberIdentities("fence-developers");

foreach ($members as $member) {
    $member->personId();
    $member->displayName();
}

GroupProvider::findMemberGroupsFromGroup()

An exception will be thrown if there is no matching groupId or if the method fails.

$groups = $groupProvider->findMemberGroupsFromGroup("59edf297-bd07-4000-904d-80cc6288004a");

foreach ($groups as $group) {
    echo $group->toString() . "\n";
}

// Output:
// 59edf297-bd07-4000-904d-80cc6288004a
// dbcd6647-fd50-493e-9162-635f355794d4

GroupProvider::removeMemberGroupsFromGroup()

An exception will be thrown if there is no matching groupId or if the method fails.

$groupProvider->removeMemberGroupsFromGroup("59edf297-bd07-4000-904d-80cc6288004a");

GroupProvider::removeAllMembersFromGroup()

An exception will be thrown if there is no matching groupId or if the method fails.

$groupProvider->removeAllMembersFromGroup("59edf297-bd07-4000-904d-80cc6288004a");

GroupProvider::removeAllMemberGroupsFromGroup()

An exception will be thrown if there is no matching groupId or if the method fails.

$groupProvider->removeAllMemberGroupsFromGroup("59edf297-bd07-4000-904d-80cc6288004a");

GroupProvider::removeAllMembersAndAllGroupMembersFromGroup()

An exception will be thrown if there is no matching groupId or if the method fails.

$groupProvider->removeAllMembersAndAllGroupMembersFromGroup("59edf297-bd07-4000-904d-80cc6288004a");

IdentityProvider

IdentityProvider::getIdsFromPersonIds()

Get Identity IDs from given Person IDs.

When it is not possible to get a Identity ID, a FailedToFindIdentityIdException is thrown.

If you want a result with only the found IDs, refer to IdentityProvider::findIdsFromPersonIds().

$ids = $identityProvider->getIdsFromPersonIds([837034, 823204]);

foreach ($ids as $id) {
    echo $id->toString() . "\n";
}

// Output:
// 59edf297-bd07-4000-904d-80cc6288004a
// dbcd6647-fd50-493e-9162-635f355794d4

IdentityProvider::findIdsFromPersonIds()

Finds Identity IDs from given Person IDs.

When it is not possible to get a Identity ID, it is skipped and only the found IDs are returned.

If you want a method which throws an exception, refer to IdentityProvider::getIdsFromPersonIds().

$ids = $identityProvider->findIdsFromPersonIds([837034, 123456]); // 123456 does not exist

foreach ($ids as $id) {
    echo $id->toString() . "\n";
}

// Output:
// 59edf297-bd07-4000-904d-80cc6288004a

IdentityProvider::searchByName()

$identities = $identityProvider->searchByName("Mar");

foreach ($identities as $identity) {
    echo $identity->displayName() . "\n";
}

// Output:
// Mario Gunter Simao
// Marcelo Teixeira dos Santos

IdentityProvider::findByPersonId()

An exception will be thrown if there is no matching personId or if the method fails.

$identity = $identityProvider->findByPersonId(837034);

echo $identity->displayName();

// Output:
// Mario Gunter Simao

IdentityProvider::findByIdentityId()

An exception will be thrown if there is no matching identityId or if the method fails.

$identity = $identityProvider->findByIdentityId(" 59edf297-bd07-4000-904d-80cc6288004a");

echo $identity->displayName();

// Output:
// Mario Gunter Simao