PHP code example of klsoft / yii3-keycloak-authz

1. Go to this page and download the library: Download klsoft/yii3-keycloak-authz library. Choose the download type require.

2. Extract the ZIP file and open the index.php.

3. Add this code to the index.php.
    
        
<?php
require_once('vendor/autoload.php');

/* Start to develop here. Best regards https://php-download.com/ */

    

klsoft / yii3-keycloak-authz example snippets


namespace MyNamespace;

use Klsoft\Yii3KeycloakAuthz\KeycloakRepositoryInterface;
use Klsoft\Yii3KeycloakAuthz\PermissionTicketResult;
use Klsoft\Yii3KeycloakAuthz\PermissionTicketResponse;

final class KeycloakRepository implements KeycloakRepositoryInterface
{
    public function __construct(
        private string $realm,
        private string $realmUri)
    {
    }

    public function getPermissionTicket(string $accessToken, array $permissions): PermissionTicketResult
    {
        $url = "$this->realmUri/authz/protection/permission";

        $options = [
            'http' => [
                'ignore_errors' => true,
                'method' => 'POST',
                'header' => [
                    'Content-type: application/json',
                    "Authorization: Bearer $accessToken"],
                'content' => json_encode($permissions)
            ],
        ];
        $responseData = file_get_contents($url, false, stream_context_create($options));
        $responseStatusCode = $this->getHttpResponseStatusCode($http_response_header[0]);
        if (!empty($responseData)) {
            $responseArr = json_decode($responseData, true);
            if (isset($responseArr['ticket'])) {
                return new PermissionTicketResult(new PermissionTicketResponse(
                    $this->realm, 
                    $this->realmUri, 
                    $responseArr['ticket']));
            }
            return new PermissionTicketResult(null, $responseStatusCode, $responseArr);
        }

        return new PermissionTicketResult(null, $responseStatusCode);
    }

    private function getHttpResponseStatusCode(string $responseHeader): int
    {
        if (preg_match("/^HTTP\/[\d.]+\s+(\d{3})\s.*$/", $responseHeader, $matches)) {
            return intval($matches[1]);
        }
        return 0;
    }
}

return [
    'realm' => 'myrealm',
    'realmUri' => 'http://localhost:8080/realms/myrealm',
];

use Klsoft\Yii3KeycloakAuthz\KeycloakRepositoryInterface;

KeycloakRepositoryInterface::class => [
        'class' => KeycloakRepository::class,
        '__construct()' => [
            'realm' => $params['realm'],
            'realmUri' => $params['realmUri']
        ]
    ]

use Yiisoft\Auth\Middleware\Authentication;
use Klsoft\Yii3KeycloakAuthz\Middleware\Authorization;

Application::class => [
        '__construct()' => [
            'dispatcher' => DynamicReference::to([
                'class' => MiddlewareDispatcher::class,
                'withMiddlewares()' => [
                    [
                        Authentication::class,
                        Authorization::class,
                        FormatDataResponseAsJson::class,
                        static fn() => new ContentNegotiator([
                            'application/xml' => new XmlDataResponseFormatter(),
                            'application/json' => new JsonDataResponseFormatter(),
                        ]),
                        ErrorCatcher::class,
                        static fn(ExceptionResponderFactory $factory) => $factory->create(),
                        RequestBodyParser::class,
                        Router::class,
                        NotFoundMiddleware::class,
                    ],
                ],
            ]),
        ],
    ]

use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Message\ResponseInterface;
use Klsoft\Yii3KeycloakAuthz\Permission;

final class ProductController
{
    public function __construct(private ProductPresenterInterface $productPresenter)
    {
    }

    #[Permission(
        'product',
        ['create']
    )]
    public function create(ServerRequestInterface $request): ResponseInterface
    {
        return $this->productPresenter->createProduct($request);
    }
}

#[Permission(  
    'product',  
    ['create'],  
    ['organization' => ['acme']]  
)]
public function create(ServerRequestInterface $request): ResponseInterface

#[Permission(  
    'product',  
    ['create'],  
    ['organization' => [  
        '__container_entry_identifier',  
        OrganizationPresenterInterface::class,  
        'getOrganizationName',  
        ['__request']]  
    ]  
)]
public function create(ServerRequestInterface $request): ResponseInterface

use Psr\Container\ContainerInterface;
use Klsoft\Yii3KeycloakAuthz\Middleware\Authorization;
use Klsoft\Yii3KeycloakAuthz\Permission;

'CreateProductPermission' => static function (ContainerInterface $container) {
        return $container
            ->get(Authorization::class)
            ->withPermissions([
                new Permission('product', ['create'])
            ]);
    }

Route::post('/product/create')
        ->middleware('CreateProductPermission')
        ->action([ProductController::class, 'create'])
        ->name('product/create')