Download the PHP package cloudcogsio/oauth2-keycloak without Composer

On this page you can find all versions of the php package cloudcogsio/oauth2-keycloak. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package oauth2-keycloak

Keycloak Provider for OAuth 2.0 Client

GitHub GitHub last commit

This package provides Keycloak OAuth 2.0 support for the PHP League's OAuth 2.0 Client.

The client uses Keycloak's services endpoint to query the OpenID Provider Metadata for autodiscovery of relevant endpoints for authorization, tokens and public keys for token introspection.

Installation

To install, use composer:

Usage

Usage is the same as The League's OAuth client, using \Cloudcogs\OAuth2\Client\Provider\Keycloak as the provider.

Configuration via Keycloak OIDC JSON file

The client can be configured by passing the Keycloak OIDC JSON file that can be downloaded from your Keycloak server.

  1. Go to your Keycloak Admin
  2. Select the "Clients" option
  3. Select the Client ID of the required client
  4. Select the "Installation" tab
  5. In the "Format Option" dropdown, choose "Keycloak OIDC JSON"
  6. Download. (Default filename is "keycloak.json")

When using the Keycloak OIDC JSON file, only the file and a redirectUri is required to setup the client.

Provider Configuration with Keycloak OIDC JSON (keycloak.json)

Configuration via Options

The client can also be configured without a Keycloak OIDC JSON file by passing (at minimum) the and options required for endpoint autodiscovery.

You will still need to reference the OIDC JSON configuration in Keycloak to retrieve the values for and . These would be the and .

Provider Configuration with and options

Authorization Code Flow

Assuming was configured as outlined via one of the methods above.

Refreshing a Token

Client Logout

The client provides a method to conveniently process a logout action.

A redirect URI can be passed to the method or the option of the client will be used for redirection. The URI must be configured in the "Valid Redirect URIs" field of the client definition in Keycloak.

Resource Owner Password Credentials Grant

🛑 DANGER! We advise against using this grant type if the service provider supports the authorization code grant type (see above), as this reinforces the password anti-pattern, allowing users to think it’s okay to trust third-party applications with their usernames and passwords.

That said, there are use-cases where the resource owner password credentials grant is acceptable and useful.

Client Credentials Grant

When your application acts on its own behalf to access resources it controls or owns in a service provider, it may use the client credentials grant type.

The client credentials grant type is best when storing the credentials for your application privately and never exposing them (e.g., through the web browser, etc.) to end-users. This grant type functions like the resource owner password credentials grant type, but it does not request a user’s username or password. It uses only the client ID and client secret issued to your client by the service provider.

Additional Notes

OpenID Connect Discovery endpoint

By default, this client uses the endpoint to discover all other endpoints for the Keycloak server once the and options are supplied to create the client.

This is handled by the library. See https://github.com/cloudcogsio/oauth2-openid-connect-discovery

Keycloak Public Key(s)

During endpoint discovery, the Keycloak realm public key(s) are retrieved and cached locally. This is needed to decode the access token which is then added to the object as additional values.

Caching of Public Keys

Caching of JWKs are handled by an instance of which is installed with .

You can provide your own instance of a to handle storage of the Keycloak realm's public key.

Token Introspection

By default, the accessToken is decoded locally using the cached public keys. Decoded data is populated and made available in the object.

This is performed automatically by the client and requires no additional configuration.

Token Introspection via Keycloak Server

All tokens issued by the Keycloak server (accessToken, refreshToken etc.) can be introspected using the Keycloak token introspection endpoint.

The client provides an method to carry out this operation.

Custom Access Token Class

The branch of this repository implements a custom class that extends the base class.

Keycloak provides a property This custom class adds additional methods that checks and detects the validity of the . The theory of operation is the same as that provided by the base class for checking and detecting the validity of the .

NOTE: At this time a custom AccessToken class is not supported by the base AbstractProvider class of .

Method signature changes are required before custom Access Token classes (such as the one provided above) can be used. See https://github.com/thephpleague/oauth2-client/issues/897

License

The MIT License (MIT). Please see License File for more information.


All versions of oauth2-keycloak with dependencies

PHP Build Version
Package Version
Requires cloudcogsio/oauth2-openid-connect-discovery Version dev-master
laminas/laminas-http Version ~2.14.3
laminas/laminas-diactoros Version ^2.6.0
fig/http-message-util Version ~1.1.5
ext-json Version *
ext-curl Version *
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package cloudcogsio/oauth2-keycloak contains the following files

Loading the files please wait ....