You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is not an issue, more like a little enhancement. I added a function to vendor/mainick/keycloak-client-bundle/src/Provider/KeycloakClient.php in order to get a Code Grant authentication (via authorization_code):
public function authenticateCodegrant(): ?AccessTokenInterface
{
try {
if (!isset($_GET['code'])) {
// If we don't have an authorization code then get one
$authUrl = $this->keycloakProvider->getAuthorizationUrl();
$_SESSION['oauth2state'] = $this->keycloakProvider->getState();
header('Location: '.$authUrl);
exit;
// Check given state against previously stored one to mitigate CSRF attack
} elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) {
unset($_SESSION['oauth2state']);
exit('Invalid state, make sure HTTP sessions are enabled.');
} else {
// Try to get an access token (using the authorization code grant)
try {
$token = $this->keycloakProvider->getAccessToken('authorization_code', [
'code' => $_GET['code']
]);
} catch (Exception $e) {
exit('Failed to get access token: '.$e->getMessage());
}
}
$accessToken = new AccessToken();
$accessToken->setToken($token->getToken())
->setExpires($token->getExpires())
->setRefreshToken($token->getRefreshToken())
->setValues($token->getValues());
$this->keycloakClientLogger->info('KeycloakClient::authenticateCodegrant', [
'token' => $accessToken->getToken(),
'expires' => $accessToken->getExpires(),
'refresh_token' => $accessToken->getRefreshToken(),
]);
return $accessToken;
}
catch (\Exception $e) {
$this->keycloakClientLogger->error('KeycloakClient::authenticateCodegrant', [
'error' => $e->getMessage(),
]);
return null;
}
}
The function can be called just like the authenticate() but without user and password. Login is then handled directly from Keycloak:
$iamToken = $this->iamClient->authenticateCodegrant();
I'm sorry but I do not know PHPUnit, I tried to get this new function to pass the tests but I couldn't make it happen. According to your policy the test must be passed before sending a PR, so I'm posting it here hoping you find this function useful.
The text was updated successfully, but these errors were encountered:
I close this issue because exists already an issue for to allow sso authentication via Keycloak #7 .
I’m working at this functionality, I’m allowing the integration with the Symfony Security Component.
Thanks for fixing the hasRole()!
This is not an issue, more like a little enhancement. I added a function to vendor/mainick/keycloak-client-bundle/src/Provider/KeycloakClient.php in order to get a Code Grant authentication (via authorization_code):
The function can be called just like the authenticate() but without user and password. Login is then handled directly from Keycloak:
$iamToken = $this->iamClient->authenticateCodegrant();
I'm sorry but I do not know PHPUnit, I tried to get this new function to pass the tests but I couldn't make it happen. According to your policy the test must be passed before sending a PR, so I'm posting it here hoping you find this function useful.
The text was updated successfully, but these errors were encountered: