l2dw/elsa-auth-bundle

There is no license information available for the latest version (v2025.05.31) of this package.

Authentication bundle

Installs: 7

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Forks: 0

Type:bundle

v2025.05.31 2025-05-31 18:43 UTC

This package is not auto-updated.

Last update: 2025-06-01 21:34:59 UTC


README

This bundle allow user to authenticate in your application using the following protocol:

  • openId connect
  • OAuth2
  • SAML
  • LDAP

References

Requirements

Installation

1.

composer require l2dw/elsa-auth-bundle

# composer require league/oauth2-client league/oauth2-server nyholm/psr7 symfony/psr-http-message-bridge
# composer require doctrine/annotations doctrine/cache parsedown symfony/cache symfony/redis-messenger symfony/uid
# composer require doctrine/cache erusev/parsedown symfony/cache symfony/redis-messenger symfony/uid
# composer require doctrine/cache erusev/parsedown symfony/cache symfony/uid

Configuration

  1. Add bundle to your config/bundles.php file.
# file config/bundles.php
return [
    // ...,
    Elsa\Bundle\AuthBundle\ElsaAuthBundle::class => ['all' => true],];

  1. Configure routes.
# config/routes/bundles/elsa-auth-client.yaml

elsa-auth-bundle:
    resource: "@ElsaAuthBundle/config/routes.yaml"
    prefix: /auth

list of routes

login:
    path: /login

login_check:
    path: /login_check

logout:
    path: /logout

registration:
    path: /registration

forgot-password:
    path: /forgot-password

reset-password:
    path: /reset-password

userinfo:
    path: /userinfo

profile:
    path: /profile

update-profile:
    path: /update-profile

change-password:
    path: /change-password

authorize:
    path: /authorize

token:
    path: /token

jwks:
    path: /.well-known/jwks.{_format}

openid-configuration:
    path: /.well-known/openid-configuration
  1. Configure the clients.
# config/packages/bundles/elsa-auth.yaml
parameters:
    OPENID_CLIENT_ID: "%env(resolve:OPENID_CLIENT_ID)%"
    OPENID_CLIENT_SECRET: "%env(resolve:OPENID_CLIENT_SECRET)%"
    OPENID_LOGIN: "%env(resolve:OPENID_LOGIN)%"
    OPENID_VALIDATION: "%env(resolve:OPENID_VALIDATION)%"
    OPENID_INFO: "%env(resolve:OPENID_INFO)%"
    OPENID_SCOPES: "%env(resolve:OPENID_SCOPES)%"
    OPENID_CALLBACK_SCHEME: "%env(resolve:OPENID_CALLBACK_SCHEME)%"
# elsa_auth:
#     servers:
#         oidc:
#             type: openid
#             client_id: "%OPENID_CLIENT_ID%"
#             client_secret: "%OPENID_CLIENT_SECRET%"
#             authorize_url: "%OPENID_LOGIN%"
#             token_url: "%OPENID_VALIDATION%"
#             userinfo_url: "%OPENID_INFO%"
#             scopes: "%OPENID_SCOPES%"
#             callback_scheme: "%OPENID_CALLBACK_SCHEME%"
  1. Configure security firewall.
# config/packages/security.yaml
security:
    role_hierarchy:
        ROLE_ADMIN: ROLE_USER
    providers:
        user_provider:
            chain:
                providers:
                    - users_in_memory
                    - dummy_user_provider
        dummy_user_provider:
            id: Elsa\Bundle\AuthBundle\User\DummyUserProvider
        users_in_memory: # In-memory user provider
            memory:
                users:
                    admin:
                        password: "password123" # Use a plaintext or encoded password
                        roles: ["ROLE_ADMIN"]
                    user:
                        password: "password123"
                        roles: ["ROLE_USER"]

    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        main:
            lazy: true
            entry_point: form_login
            provider: user_provider
            # custom_authenticators:
            #     - Elsa\Bundle\AuthBundle\Client\AuthenticatorClientManager
            form_login:
                login_path: login
                check_path: login_check
                use_referer: true
            oidc:
                # type: openid
                client_id: "%OIDC_CLIENT_ID%"
                client_secret: "%OIDC_CLIENT_SECRET%"
                authorize_url: "%OIDC_AUTHORIZE_URL%"
                token_url: "%OIDC_TOKEN_URL%"
                userinfo_url: "%OIDC_USERINFO_URL%"
                scopes: "%OIDC_SCOPES%"
                callback_scheme: "%OIDC_CALLBACK_SCHEME%"
            logout:
                path: logout
                target: homepage
                invalidate_session: true
                delete_cookies: true

    access_control:
        - { path: ^/auth, roles: PUBLIC_ACCESS }
        - { path: ^/, roles: ROLE_USER }