tothbt/keycloak-bundle
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: tothbt:v1.2.0
Branches Tags
tothbt:master tothbt:2.0 tothbt:develop
tothbt:v2.0.0 tothbt:v1.3.2 tothbt:v1.2.2 tothbt:v1.1.1 tothbt:v1.0.2 tothbt:v1.3.1 tothbt:v1.3.0 tothbt:v1.2.1 tothbt:v1.2.0 tothbt:v1.1.0 tothbt:v1.0.1
...
compare: tothbt:v1.2.1
Branches Tags
tothbt:2.0 tothbt:master tothbt:develop
tothbt:v2.0.0 tothbt:v1.3.2 tothbt:v1.2.2 tothbt:v1.1.1 tothbt:v1.0.2 tothbt:v1.3.1 tothbt:v1.3.0 tothbt:v1.2.1 tothbt:v1.2.0 tothbt:v1.1.0 tothbt:v1.0.1

11 Commits
v1.2.0 ... v1.2.1

Author SHA1 Message Date
El. Abdellah
f2e6a6b4cb Update README.md 2022-03-06 18:07:16 +01:00
El. Abdellah
eec425222b Update ABELkeycloakBearerOnlyAdapterBundle.php 2022-03-06 17:17:43 +01:00
El. Abdellah
30bcc70c4f Merge pull request #5 from el-abdel/fix/deprecation 
fix deprecated response
 2022-03-06 15:26:32 +01:00
El. Abdellah
e719e3c6ff fix support method check 2022-03-01 17:39:54 +01:00
El. Abdellah
20015218a0 fix deprecated response 2022-02-28 14:06:43 +01:00
El. Abdellah
23de5882b0 Update README.md 2022-02-25 09:37:02 +01:00
El. Abdellah
56fba70416 Update README.md 2022-02-24 17:51:04 +01:00
El. Abdellah
f3d64ef323 Update README.md 2022-02-24 17:47:40 +01:00
El. Abdellah
ea95d68fb0 edit readme file 2022-01-03 11:03:16 +01:00
El. Abdellah
d1494427f2 Update README.md 2021-12-17 09:42:48 +01:00
El. Abdellah
c05aae70da Update README.md 2021-12-17 09:41:34 +01:00
4 changed files with 27 additions and 9 deletions
Expand all files Collapse all files

3
ABELkeycloakBearerOnlyAdapterBundle.php
View File

@@ -9,6 +9,9 @@ use Symfony\Component\HttpKernel\Bundle\Bundle;
class ABELkeycloakBearerOnlyAdapterBundle extends Bundle class ABELkeycloakBearerOnlyAdapterBundle extends Bundle
{ {
/**
* @return ExtensionInterface|null
*/
public function getContainerExtension() public function getContainerExtension()
{ {
if (null === $this->extension) { if (null === $this->extension) {

27
README.md
View File

@@ -5,10 +5,15 @@ This Symfony bundle is an adapter that allows securing API using keycloak Bearer
## Installation ## Installation
> Befor installing the bundle, automatic packages configuration can be activated with the following command:
> ```
> composer config extra.symfony.allow-contrib true
> ```
With composer: With composer:
``` ```
$ composer require abel/keycloak-bearer-only-adapter-bundle composer require abel/keycloak-bearer-only-adapter-bundle
``` ```
## Configuration ## Configuration
@@ -17,6 +22,15 @@ If you want to set up keycloak locally you can download it [here](https://www.ke
### Bundle configuration ### Bundle configuration
#### Via a recipe (Automatic)
This bundle hase a Symfony recipe that allow the automation of configuration via the Symfony Flex Composer plugin.
To enable recipe for your project, run the following command:
```
composer config extra.symfony.allow-contrib true
```
#### Manual
Having a running keycloak locally or in Docker and already configured a client with **Access Type = bearer-only** Having a running keycloak locally or in Docker and already configured a client with **Access Type = bearer-only**
here is the configuration to use: here is the configuration to use:
@@ -35,7 +49,7 @@ The best practice is to load your configuration from **.env** file.
# .env # .env
... ...
###> Abel_keycloak_bearer_only_adapter ### ###> Abel_keycloak_bearer_only_adapter ###
OAUTH_KEYCLOAK_ISSUER=http://keycloak.local:8080 OAUTH_KEYCLOAK_ISSUER=keycloak:8080
OAUTH_KEYCLOAK_REALM=my_realm OAUTH_KEYCLOAK_REALM=my_realm
OAUTH_KEYCLOAK_CLIENT_ID=my_bearer_client OAUTH_KEYCLOAK_CLIENT_ID=my_bearer_client
OAUTH_KEYCLOAK_CLIENT_SECRET=my_bearer_client_secret OAUTH_KEYCLOAK_CLIENT_SECRET=my_bearer_client_secret
@@ -45,10 +59,10 @@ OAUTH_KEYCLOAK_CLIENT_SECRET=my_bearer_client_secret
In case of using Keycloak with Docker locally replace **issuer** value with your keycloak container reference in the network In case of using Keycloak with Docker locally replace **issuer** value with your keycloak container reference in the network
For example, you can use the container IPAdresse, that you can get using this command: For example, you can use the service name, or container IPAdresse that you can get using this command:
``` ```
$ docker inspect <container id> | grep "IPAddress" docker inspect <container id> | grep "IPAddress"
``` ```
### Symfony security configuration ### Symfony security configuration
@@ -76,6 +90,7 @@ security:
access_control: access_control:
- { path: ^/api/, roles: ROLE_API } - { path: ^/api/, roles: ROLE_API }
``` ```
> :information_source: Referring to Symfony [documentation](https://symfony.com/doc/5.3/security.html#roles), roles must start with **ROLE_** (otherwise, things won't work as expected)
### Keycloak configuration ### Keycloak configuration
To configure keycloak to work with this bundle, [here](./Resources/docs/keycloak-config-guide.md) is a step by step documentation for a basic configuration of keycloak. To configure keycloak to work with this bundle, [here](./Resources/docs/keycloak-config-guide.md) is a step by step documentation for a basic configuration of keycloak.
@@ -86,5 +101,5 @@ To configure keycloak to work with this bundle, [here](./Resources/docs/keycloak
| Bundle Version | Symfony Version | | Bundle Version | Symfony Version |
| ------------------------------------------------------|--------------------| | ------------------------------------------------------|--------------------|
| V1.0.1 | >=4.0.0 <5.0.0 | | V1.0.1 | >=4.0.0 <5.0.0 |
| V1.1.0 (uses old authentication systeme with guard) | >=5.0.0 <6.0.0 | | V1.1.* (uses old authentication systeme with guard) | >=5.0.0 <6.0.0 |
| V1.2.0 (uses new authentication systeme) | >=5.3.0 <6.0.0 | | V1.2.* (uses new authentication systeme) | >=5.3.0 <6.0.0 |

4
Security/Authenticator/KeycloakBearerAuthenticator.php
View File

@@ -11,7 +11,7 @@ use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException; use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;
use Symfony\Component\Security\Http\Authenticator\AbstractAuthenticator; use Symfony\Component\Security\Http\Authenticator\AbstractAuthenticator;
use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge; use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
use Symfony\Component\Security\Http\Authenticator\Passport\PassportInterface; use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
use Symfony\Component\Security\Http\Authenticator\Passport\SelfValidatingPassport; use Symfony\Component\Security\Http\Authenticator\Passport\SelfValidatingPassport;
class KeycloakBearerAuthenticator extends AbstractAuthenticator class KeycloakBearerAuthenticator extends AbstractAuthenticator
@@ -31,7 +31,7 @@ class KeycloakBearerAuthenticator extends AbstractAuthenticator
return true; return true;
} }
public function authenticate(Request $request): PassportInterface public function authenticate(Request $request): Passport
{ {
$token = $request->headers->get('Authorization'); $token = $request->headers->get('Authorization');
if (null === $token || empty($token)) { if (null === $token || empty($token)) {

2
Security/User/KeycloakBearerUserProvider.php
View File

@@ -85,7 +85,7 @@ class KeycloakBearerUserProvider implements UserProviderInterface{
*/ */
public function supportsClass(string $class) public function supportsClass(string $class)
{ {
return KeycloakBearerUser::class === $class || is_subclass_of(KeycloakBearerUser, User::class); return KeycloakBearerUser::class === $class || is_subclass_of($class, KeycloakBearerUser::class);
} }