tothbt/keycloak-bundle
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b303c94643d7c3cf54caebff64c268d94d8121bb
keycloak-bundle/README.md
Abdellah ELMAKHROUBI b303c94643 first commit
2020-11-19 15:26:54 +01:00

2.6 KiB
Raw Blame History

ABELkeycloakBearerOnlyAdapterBundle

This Symfony bundle is an adapter that allows securing API using keycloak Bearer Only clients.

Installation

With composer:

$ composer require abel/keycloak-bearer-only-adapter-bundle

Configuration

If you want to set up keycloak locally you can download it here and follow instructions from the official documentation.

Bundle configuration

Having a running keycloak locally or in Docker and already configured a client with Access Type = bearer-only here is the configuration to use:

# config/packages/abel_keycloak_bearer_only_adapter.yaml
abel_keycloak_bearer_only_adapter:
    issuer: '%env(OAUTH_KEYCLOAK_ISSUER)%' # your accessible keycloak url
    realm: '%env(OAUTH_KEYCLOAK_REALM)%' # your keycloak realm name
    client_id: '%env(OAUTH_KEYCLOAK_CLIENT_ID)%' # your keycloak client id
    client_secret: '%env(OAUTH_KEYCLOAK_CLIENT_SECRET)%' # your keycloak client secret

The best practice is to load your configuration from .env file.

# .env
...
###> Keycloak ###
KEYCLOAK_ISSUER=http://keycloak.local:8080
KEYCLOAK_REALM=my_realm
KEYCLOAK_CLIENT_ID=my_bearer_client
KEYCLOAK_CLIENT_SECRET=my_bearer_client_secret
###< Keycloak ###
...

In case of using Keycloak with Docker locally replace issuer value with your keycloak container reference in the network

For example, you can use the container IPAdresse, that you can get using this command:

$ docker inspect <container id> | grep "IPAddress"

Symfony security configuration

To secure your API with Keycloak you must change the default security configuration in symfony.

Here is a simple configuration that restrict access to /api/* routes only to user with role ROLE_API :

# config/packages/security.yaml
security:
    providers:
        keycloak_bearer_user_provider:
            id: ABEL\Bundle\keycloakBearerOnlyAdapterBundle\Security\User\KeycloakBearerUserProvider
    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        api:
            pattern: ^/api/
            guard:
                provider: keycloak_bearer_user_provider
                authenticators:
                    - ABEL\Bundle\keycloakBearerOnlyAdapterBundle\Security\Authenticator\KeycloakBearerAuthenticator
            stateless: true
        main:
            anonymous: ~
    access_control:
        - { path: ^/api/, roles: ROLE_API }
Reference in New Issue View Git Blame Copy Permalink