sngular/sngulauth

Auth package against Keycloak for Saml and Openid-Connect

Maintainers

Details

github.com/manuel-garcia-sn/sngulauth

Homepage

Source

Issues

Installs: 2 793

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 2

Forks: 0

Open Issues: 0

1.5 2020-10-01 12:33 UTC

Requires

Requires (Dev)

MIT d2e000ffe17af17aa0aff486bb77abfdd84e524d

connectauthsamloneloginkeycloaksngular

This package is auto-updated.

Last update: 2024-03-29 04:05:00 UTC

README

Before start, you need some parameters

  • authServerUrl: keycloak auth url
  • realm: realm name that has been set up for the project
  • clientId: client id name that has been set up for the project
  • clientSecret: client secret name that has been set up for the project
  • redirectUri: the redirect url to be redirected after successful credentials prompt (this url must be valid on keycloak client configuration)
  • encryptionAlgorithm: algorithm to decode the JWT information, default is RS256
  • encryptionKeyString: the public key content in one line (without BEGIN PUBLIC KEY and END PUBLIC KEY) in order to decrypt the JWT and get the user info.

The auth process

The src/Provider/Keycloak/Protocol/Connect class needs an array to be instantiated with those parameters:

$auth = new Connect($config);

Then you can build the auth url to redirect user or display a link:

$authUrl = $auth->getAuthorizationUrl();

After user insert his credentials on Keycloak login page, it will be redirected to redirectUri parameter, with a code. Now you can fetch a token (League\OAuth2\Client\Token\AccessToken) against keycloak with those code:

$token = $auth->authByCode($_GET['code']);

Now you can get the resource owner (the user data) against keycloak

$user = $auth->getResourceOwner($token);

And decrypt the token to get the token payload:

$userData = $auth->decryptResponse($token->getToken());