l2dw / elsa-auth-bundle
There is no license information available for the latest version (v2025.05.31) of this package.
Authentication bundle
v2025.05.31
2025-05-31 18:43 UTC
Requires (Dev)
- friendsofphp/php-cs-fixer: ^3.64
- phpro/grumphp: ^2.10
- phpstan/extension-installer: ^1.2
- phpstan/phpstan: ^1.9
- phpstan/phpstan-phpunit: ^1.2
- phpstan/phpstan-strict-rules: ^1.4
- phpstan/phpstan-symfony: ^1.2
This package is not auto-updated.
Last update: 2025-06-01 21:34:59 UTC
README
This bundle allow user to authenticate in your application using the following protocol:
- openId connect
- OAuth2
- SAML
- LDAP
References
- https://symfony.com/doc/5.x/security.html
- https://davegebler.com/post/coding/build-oauth2-server-php-symfony
- https://oauth2.thephpleague.com/
Requirements
- league/oauth2-client https://github.com/thephpleague/oauth2-client
Installation
1.
composer require l2dw/elsa-auth-bundle
# composer require league/oauth2-client league/oauth2-server nyholm/psr7 symfony/psr-http-message-bridge
# composer require doctrine/annotations doctrine/cache parsedown symfony/cache symfony/redis-messenger symfony/uid
# composer require doctrine/cache erusev/parsedown symfony/cache symfony/redis-messenger symfony/uid
# composer require doctrine/cache erusev/parsedown symfony/cache symfony/uid
Configuration
- Add bundle to your
config/bundles.php
file.
# file config/bundles.php
return [
// ...,
Elsa\Bundle\AuthBundle\ElsaAuthBundle::class => ['all' => true],];
- Configure routes.
# config/routes/bundles/elsa-auth-client.yaml
elsa-auth-bundle:
resource: "@ElsaAuthBundle/config/routes.yaml"
prefix: /auth
list of routes
login:
path: /login
login_check:
path: /login_check
logout:
path: /logout
registration:
path: /registration
forgot-password:
path: /forgot-password
reset-password:
path: /reset-password
userinfo:
path: /userinfo
profile:
path: /profile
update-profile:
path: /update-profile
change-password:
path: /change-password
authorize:
path: /authorize
token:
path: /token
jwks:
path: /.well-known/jwks.{_format}
openid-configuration:
path: /.well-known/openid-configuration
- Configure the clients.
# config/packages/bundles/elsa-auth.yaml
parameters:
OPENID_CLIENT_ID: "%env(resolve:OPENID_CLIENT_ID)%"
OPENID_CLIENT_SECRET: "%env(resolve:OPENID_CLIENT_SECRET)%"
OPENID_LOGIN: "%env(resolve:OPENID_LOGIN)%"
OPENID_VALIDATION: "%env(resolve:OPENID_VALIDATION)%"
OPENID_INFO: "%env(resolve:OPENID_INFO)%"
OPENID_SCOPES: "%env(resolve:OPENID_SCOPES)%"
OPENID_CALLBACK_SCHEME: "%env(resolve:OPENID_CALLBACK_SCHEME)%"
# elsa_auth:
# servers:
# oidc:
# type: openid
# client_id: "%OPENID_CLIENT_ID%"
# client_secret: "%OPENID_CLIENT_SECRET%"
# authorize_url: "%OPENID_LOGIN%"
# token_url: "%OPENID_VALIDATION%"
# userinfo_url: "%OPENID_INFO%"
# scopes: "%OPENID_SCOPES%"
# callback_scheme: "%OPENID_CALLBACK_SCHEME%"
- Configure security firewall.
# config/packages/security.yaml
security:
role_hierarchy:
ROLE_ADMIN: ROLE_USER
providers:
user_provider:
chain:
providers:
- users_in_memory
- dummy_user_provider
dummy_user_provider:
id: Elsa\Bundle\AuthBundle\User\DummyUserProvider
users_in_memory: # In-memory user provider
memory:
users:
admin:
password: "password123" # Use a plaintext or encoded password
roles: ["ROLE_ADMIN"]
user:
password: "password123"
roles: ["ROLE_USER"]
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
lazy: true
entry_point: form_login
provider: user_provider
# custom_authenticators:
# - Elsa\Bundle\AuthBundle\Client\AuthenticatorClientManager
form_login:
login_path: login
check_path: login_check
use_referer: true
oidc:
# type: openid
client_id: "%OIDC_CLIENT_ID%"
client_secret: "%OIDC_CLIENT_SECRET%"
authorize_url: "%OIDC_AUTHORIZE_URL%"
token_url: "%OIDC_TOKEN_URL%"
userinfo_url: "%OIDC_USERINFO_URL%"
scopes: "%OIDC_SCOPES%"
callback_scheme: "%OIDC_CALLBACK_SCHEME%"
logout:
path: logout
target: homepage
invalidate_session: true
delete_cookies: true
access_control:
- { path: ^/auth, roles: PUBLIC_ACCESS }
- { path: ^/, roles: ROLE_USER }