CODEWITHSUNDEEP
php
dash_d
dash_d

Reputation: 1

how to integrating keycloak with php(using stevenmaguire oauth2-keycloak)

require '../../../lampp/htdocs/app';
session_start();

$provider = new Stevenmaguire\OAuth2\Client\Provider\Keycloak([
    'authServerUrl'             => 'http://localhost:8080/auth',
    'realm'                     => 'simple',
    'clientId'                  => 'demo_one',
    'clientSecret'              => '0f076fd9-6c3b-493d-942c-7b964bd7ca0d',
    'redirectUri'               => 'http://localhost/app',
    'encryptionAlgorithm'       => 'RS256',     //optional
    'encryptionKey'             => null,     //optional
    'encryptionKeyPath'         => null      //optional
]);

if(!isset($_GET['code']) || !isset($_SESSION['oauth2state'])) {
    // If we don't have an authorization code then get one
    
    $authUrl = $provider->getAuthorizationUrl();
    $_SESSION['oauth2state'] = $provider->getState();
    header('Location: '.$authUrl);
    exit;

// Check given state against previously stored one to mitigate CSRF attack
} elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) {
    unset($_SESSION['oauth2state']);
    exit('Invalid state, make sure HTTP sessions are enabled.');
} else {
    // Try to get an access token (using the authorization coe grant)
    try {
        $token = $provider->getAccessToken('authorization_code', [
            'code' => $_GET['code']
        ]);
    } catch (Exception $e) {
        exit('Failed to get access token: '.$e->getMessage());
    }

    // Optional: Now you have a token you can look up a users profile data
    try {

        // We got an access token, let's now get the user's details
        $user = $provider->getResourceOwner($token);
        // Use these details to create a new profile
        printf('Hello %s <br><br>', $user->getName());

    } catch (Exception $e) {
        exit('Failed to get resource owner: '.$e->getMessage());
    }

    // Use this to interact with an API on the users behalf
//    echo $token->getToken();
}


// comment out the following two lines when deployed to production
// defined('YII_DEBUG') or define('YII_DEBUG', true);
// defined('YII_ENV') or define('YII_ENV', 'dev');

//require(__DIR__ . '/vendor/autoload.php');
require (__DIR__. '/vendor/autoload.php');
require(__DIR__ . '/vendor/yiisoft/yii2/Yii.php');
//require (__DIR__. '/data.php');
$config = require(__DIR__ . '/config/web.php');

(new yii\web\Application($config))->run();

how to solve it for integrating with it. have use stevenmaguire outh2-keycloak plugins.gives some problem to run this project.I am completely new to this area and prefer number 2,3. I have set up an Keycloak server and wrote a) for my User DB in the Keycloak server.

Upvotes: 0

Views: 2520

Answers (1)

Jaquarh
Jaquarh

Reputation: 6693

You're checking if there is a request parameter code. If there isn't, you instantly assume the session oauth2state is set.

if(!isset($_GET['code']) || !isset($_SESSION['oauth2state']))

Check both keys are set before using them.

Upvotes: 1

Related Questions