Add public function authenticateCodegrant()

[stefanomarty]

Thanks for fixing the hasRole()!

This is not an issue, more like a little enhancement. I added a function to vendor/mainick/keycloak-client-bundle/src/Provider/KeycloakClient.php in order to get a Code Grant authentication (via authorization_code):

	public function authenticateCodegrant(): ?AccessTokenInterface
    {
        try {
            if (!isset($_GET['code'])) {
                // If we don't have an authorization code then get one
                $authUrl = $this->keycloakProvider->getAuthorizationUrl();
                $_SESSION['oauth2state'] = $this->keycloakProvider->getState();
                header('Location: '.$authUrl);
                exit;

            // Check given state against previously stored one to mitigate CSRF attack
            } elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) {
                unset($_SESSION['oauth2state']);
                exit('Invalid state, make sure HTTP sessions are enabled.');
            } else {
                // Try to get an access token (using the authorization code grant)
                try {
                    $token = $this->keycloakProvider->getAccessToken('authorization_code', [
                        'code' => $_GET['code']
                    ]);
                } catch (Exception $e) {
                    exit('Failed to get access token: '.$e->getMessage());
                }
            }
            $accessToken = new AccessToken();
            $accessToken->setToken($token->getToken())
                ->setExpires($token->getExpires())
                ->setRefreshToken($token->getRefreshToken())
                ->setValues($token->getValues());

            $this->keycloakClientLogger->info('KeycloakClient::authenticateCodegrant', [
                'token' => $accessToken->getToken(),
                'expires' => $accessToken->getExpires(),
                'refresh_token' => $accessToken->getRefreshToken(),
            ]);

            return $accessToken;
        }
        catch (\Exception $e) {
            $this->keycloakClientLogger->error('KeycloakClient::authenticateCodegrant', [
                'error' => $e->getMessage(),
            ]);

            return null;
        }
    }

The function can be called just like the authenticate() but without user and password. Login is then handled directly from Keycloak:
$iamToken = $this->iamClient->authenticateCodegrant();

I'm sorry but I do not know PHPUnit, I tried to get this new function to pass the tests but I couldn't make it happen. According to your policy the test must be passed before sending a PR, so I'm posting it here hoping you find this function useful.

[mainick]

Hi @stefanomarty

Thanks for your contribution!

I close this issue because exists already an issue for to allow sso authentication via Keycloak #7 .
I’m working at this functionality, I’m allowing the integration with the Symfony Security Component.