halloverden / symfony-oidc-client-bundle
OpenID Connect client bundle for symfony
Installs: 2 813
Dependents: 2
Suggesters: 0
Security: 0
Stars: 0
Watchers: 3
Forks: 0
Open Issues: 1
Type:symfony-bundle
Requires
- php: >=8.2
- halloverden/symfony-oidc-contracts: ^2.0
- jms/serializer-bundle: ^5.0
- nyholm/psr7: ^1.3
- spomky-labs/base64url: ^2.0
- symfony/framework-bundle: ^6.4|^7.1
- symfony/http-client: ^6.4|^7.4
- web-token/jwt-bundle: ^3.0
- web-token/jwt-checker: ^3.0
- web-token/jwt-signature: ^3.0
- web-token/jwt-signature-algorithm-rsa: ^3.0
README
OpenID Connect client bundle for symfony
Install
composer require halloverden/symfony-oidc-client-bundle- Copy
hallo_verden_oidc_client.yamlinto your project folder and edit it to suit your needs.
Authenticators
Authenticators can be used to allow authentication with an access token from your OpenID provider.
- Create class that implements
HalloVerden\Security\Interfaces\OauthUserProviderServiceInterface - Enable authenticators and the class you want to use as services
HalloVerden\Security\Interfaces\OauthUserProviderServiceInterface: class: App\Services\OauthUserProviderService # Your class HalloVerden\Security\AccessTokenAuthenticator: ~ HalloVerden\Security\ClientCredentialsAccessTokenAuthenticator: ~
- Add authenticators to your security config.
guard: authenticators: - HalloVerden\Security\AccessTokenAuthenticator entry_point: HalloVerden\Security\AccessTokenAuthenticator
OauthAuthorizeService
You can use the OauthAuthorizeService to login users from the backend.
- Enable the service:
HalloVerden\Oidc\ClientBundle\Interfaces\OauthAuthorizeServiceInterface: class: HalloVerden\Oidc\ClientBundle\Services\OauthAuthorizeService arguments: $openIdProviderService: '@hv.oidc.openid_provider.default' # Default refers to the client_configurations key in you config $authorizeSuccessUrl: 'http://localhost/success' # Where to redirect the user on success $authorizeErrorUrl: 'http://localhost/error' # Where to redirect the user on error
- Create two controllers:
<?php namespace App\Controller; use HalloVerden\Oidc\ClientBundle\Interfaces\OauthAuthorizeServiceInterface; use Symfony\Component\HttpFoundation\RedirectResponse; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\Routing\Annotation\Route; /** * Class AuthorizeController * * @package App\Controller * * @Route("/authorize", methods={"GET"}, name="authorize") */ class AuthorizeController { /** * @param Request $request * @param OauthAuthorizeServiceInterface $oauthAuthorizeService * * @return RedirectResponse */ public function __invoke(Request $request, OauthAuthorizeServiceInterface $oauthAuthorizeService): RedirectResponse { return $oauthAuthorizeService->handleAuthorize($request); } }
<?php namespace App\Controller; use HalloVerden\Oidc\ClientBundle\Interfaces\OauthAuthorizeServiceInterface; use Symfony\Component\HttpFoundation\RedirectResponse;use Symfony\Component\HttpFoundation\Request; use Symfony\Component\Routing\Annotation\Route; /** * Class HandleAuthCodeController * * @package App\Controller * * @Route("/handle", methods={"GET"}, name="authcodehandle") */ class HandleAuthCodeController { /** * @param Request $request * @param OauthAuthorizeServiceInterface $oauthAuthorizeService * * @return RedirectResponse */ public function __invoke(Request $request, OauthAuthorizeServiceInterface $oauthAuthorizeService): RedirectResponse { return $oauthAuthorizeService->handleAuthCode($request); } }
Make sure your redirect_uri is to the handle controller.
You can now redirect you user to /authorize and you can listen to the AuthorizedEvent to know when a user is authorized.
Examples
Get AccessToken with client credentials grant
<?php $openIdProviderService->getTokenResponse(new ClientCredentialsGrant())->getAccessToken();