stethome/ory-auth-bundle

Symfony Authenticator for Ory Kratos

Maintainers

Details

github.com/stethome/ory-auth-bundle

Source

Issues

Installs: 794

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 1

Forks: 0

Open Issues: 0

Type:symfony-bundle

v0.0.3 2023-11-06 21:18 UTC

Requires

Requires (Dev)

MIT 1f925250136cb9f8734b54665a03ddaf51d6b43c

  • StethoMe
  • Filip Maciejewski <maciejewski.woop@stethome.com>

symfonyAuthenticationbundleorykratos

This package is auto-updated.

Last update: 2024-04-23 21:57:46 UTC

README

Latest Stable Version

This bundle provides Symfony Authenticator for Ory Kratos

Installation

composer require stethome/ory-auth-bundle

If your project does not use Symfony Flex you need to manually register the bundle in config/bundles.php:

<?php

return [
    // your other bundles above
    StethoMe\OryAuthBundle\StethoMeOryAuthBundle::class => ['all' => true],
];

Configuration

To authenticate your users with Ory Kratos you need to enable ory_kratos authenticator on your firewall and create a user provider.

Firewall

Minimal configuration

security:
    providers:
        my_user_provider: { id: App\Security\Service\User\UserProvider }
        
    firewalls:
        main:
            provider: my_user_provider
            ory_kratos:    
                public_url: https://account.mycompany.com

Full configuration example

security:
    providers:
        my_user_provider: { id: App\Security\Service\User\UserProvider }
        my_other_user_provider: { id: App\Security\Service\User\OtherUserProvider }
        
    firewalls:
        main:
            provider: my_user_provider
            ory_kratos:
                # The URL where Ory Kratos's Public API is located at.
                # If this app and Ory Kratos are running in the same private network, this should be the private network address (e.g. kratos-public.svc.cluster.local)
                public_url: kratos-public.svc.cluster.local
                # The browser accessible URL where Ory Kratos's public API is located, only needed if it differs from public_url
                browser_url: https://account.mycompany.com
                # Name of the cookie holding Ory Kratos session
                session_cookie: ory_kratos_session
                # User provider used by OryKratosAuthenticator, defaults to firewall user provider
                provider: my_other_user_provider
                # Base authenticator service, the firewall authenticator will be child of this service
                authenticator: ~

User Provider

class UserProvider implements UserProviderInterface
{
    /**
     * @param AppUser $user
     */
    public function refreshUser(UserInterface $user): AppUser
    {
        return $user; // noop
    }

    public function loadUserByIdentifier(string $identifier): AppUser
    {
        // identifier is Ory Kratos Identity UUID
        return new AppUser($identifier);
    }

    public function supportsClass(string $class): bool
    {
        return $class === AppUser::class;
    }
}

class AppUser implements UserInterface
{
    private string $uuid;

    public function __construct(string $identity)
    {
        $this->uuid = $identity;
    }
    
    // UserInterface methods
};

License

This bundle is under the MIT license.
For the whole copyright, see the LICENSE file distributed with this source code.