Compare commits
12 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
5c734a7ed9 | ||
|
|
f2e6a6b4cb | ||
|
|
eec425222b | ||
|
|
30bcc70c4f | ||
|
|
e719e3c6ff | ||
|
|
20015218a0 | ||
|
|
23de5882b0 | ||
|
|
56fba70416 | ||
|
|
f3d64ef323 | ||
|
|
ea95d68fb0 | ||
|
|
d1494427f2 | ||
|
|
c05aae70da |
@@ -9,6 +9,9 @@ use Symfony\Component\HttpKernel\Bundle\Bundle;
|
||||
|
||||
class ABELkeycloakBearerOnlyAdapterBundle extends Bundle
|
||||
{
|
||||
/**
|
||||
* @return ExtensionInterface|null
|
||||
*/
|
||||
public function getContainerExtension()
|
||||
{
|
||||
if (null === $this->extension) {
|
||||
|
||||
27
README.md
27
README.md
@@ -5,10 +5,15 @@ This Symfony bundle is an adapter that allows securing API using keycloak Bearer
|
||||
|
||||
## Installation
|
||||
|
||||
> Befor installing the bundle, automatic packages configuration can be activated with the following command:
|
||||
> ```
|
||||
> composer config extra.symfony.allow-contrib true
|
||||
> ```
|
||||
|
||||
With composer:
|
||||
|
||||
```
|
||||
$ composer require abel/keycloak-bearer-only-adapter-bundle
|
||||
composer require abel/keycloak-bearer-only-adapter-bundle
|
||||
```
|
||||
|
||||
## Configuration
|
||||
@@ -17,6 +22,15 @@ If you want to set up keycloak locally you can download it [here](https://www.ke
|
||||
|
||||
### Bundle configuration
|
||||
|
||||
#### Via a recipe (Automatic)
|
||||
This bundle hase a Symfony recipe that allow the automation of configuration via the Symfony Flex Composer plugin.
|
||||
To enable recipe for your project, run the following command:
|
||||
|
||||
```
|
||||
composer config extra.symfony.allow-contrib true
|
||||
```
|
||||
|
||||
#### Manual
|
||||
Having a running keycloak locally or in Docker and already configured a client with **Access Type = bearer-only**
|
||||
here is the configuration to use:
|
||||
|
||||
@@ -35,7 +49,7 @@ The best practice is to load your configuration from **.env** file.
|
||||
# .env
|
||||
...
|
||||
###> Abel_keycloak_bearer_only_adapter ###
|
||||
OAUTH_KEYCLOAK_ISSUER=http://keycloak.local:8080
|
||||
OAUTH_KEYCLOAK_ISSUER=keycloak:8080
|
||||
OAUTH_KEYCLOAK_REALM=my_realm
|
||||
OAUTH_KEYCLOAK_CLIENT_ID=my_bearer_client
|
||||
OAUTH_KEYCLOAK_CLIENT_SECRET=my_bearer_client_secret
|
||||
@@ -45,10 +59,10 @@ OAUTH_KEYCLOAK_CLIENT_SECRET=my_bearer_client_secret
|
||||
|
||||
In case of using Keycloak with Docker locally replace **issuer** value with your keycloak container reference in the network
|
||||
|
||||
For example, you can use the container IPAdresse, that you can get using this command:
|
||||
For example, you can use the service name, or container IPAdresse that you can get using this command:
|
||||
|
||||
```
|
||||
$ docker inspect <container id> | grep "IPAddress"
|
||||
docker inspect <container id> | grep "IPAddress"
|
||||
```
|
||||
### Symfony security configuration
|
||||
|
||||
@@ -76,6 +90,7 @@ security:
|
||||
access_control:
|
||||
- { path: ^/api/, roles: ROLE_API }
|
||||
```
|
||||
> :information_source: Referring to Symfony [documentation](https://symfony.com/doc/5.3/security.html#roles), roles must start with **ROLE_** (otherwise, things won't work as expected)
|
||||
### Keycloak configuration
|
||||
|
||||
To configure keycloak to work with this bundle, [here](./Resources/docs/keycloak-config-guide.md) is a step by step documentation for a basic configuration of keycloak.
|
||||
@@ -86,5 +101,5 @@ To configure keycloak to work with this bundle, [here](./Resources/docs/keycloak
|
||||
| Bundle Version | Symfony Version |
|
||||
| ------------------------------------------------------|--------------------|
|
||||
| V1.0.1 | >=4.0.0 <5.0.0 |
|
||||
| V1.1.0 (uses old authentication systeme with guard) | >=5.0.0 <6.0.0 |
|
||||
| V1.2.0 (uses new authentication systeme) | >=5.3.0 <6.0.0 |
|
||||
| V1.1.* (uses old authentication systeme with guard) | >=5.0.0 <6.0.0 |
|
||||
| V1.2.* (uses new authentication systeme) | >=5.3.0 <6.0.0 |
|
||||
|
||||
@@ -11,7 +11,7 @@ use Symfony\Component\Security\Core\Exception\AuthenticationException;
|
||||
use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;
|
||||
use Symfony\Component\Security\Http\Authenticator\AbstractAuthenticator;
|
||||
use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
|
||||
use Symfony\Component\Security\Http\Authenticator\Passport\PassportInterface;
|
||||
use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
|
||||
use Symfony\Component\Security\Http\Authenticator\Passport\SelfValidatingPassport;
|
||||
|
||||
class KeycloakBearerAuthenticator extends AbstractAuthenticator
|
||||
@@ -31,7 +31,7 @@ class KeycloakBearerAuthenticator extends AbstractAuthenticator
|
||||
return true;
|
||||
}
|
||||
|
||||
public function authenticate(Request $request): PassportInterface
|
||||
public function authenticate(Request $request): Passport
|
||||
{
|
||||
$token = $request->headers->get('Authorization');
|
||||
if (null === $token || empty($token)) {
|
||||
|
||||
@@ -85,7 +85,7 @@ class KeycloakBearerUserProvider implements UserProviderInterface{
|
||||
*/
|
||||
public function supportsClass(string $class)
|
||||
{
|
||||
return KeycloakBearerUser::class === $class || is_subclass_of(KeycloakBearerUser, User::class);
|
||||
return KeycloakBearerUser::class === $class || is_subclass_of($class, KeycloakBearerUser::class);
|
||||
}
|
||||
|
||||
|
||||
@@ -100,7 +100,7 @@ class KeycloakBearerUserProvider implements UserProviderInterface{
|
||||
'base_uri' => $this->issuer,
|
||||
]);
|
||||
|
||||
$response = $client->post('/auth/realms/'.$this->realm.'/protocol/openid-connect/token/introspect', [
|
||||
$response = $client->post('/realms/'.$this->realm.'/protocol/openid-connect/token/introspect', [
|
||||
'auth' => [$this->client_id, $this->client_secret],
|
||||
'form_params' => [
|
||||
'token' => $accessToken,
|
||||
|
||||
Reference in New Issue
Block a user