1. Go to this page and download the library: Download klsoft/yii3-keycloak-authz library. Choose the download type require.
2. Extract the ZIP file and open the index.php.
3. Add this code to the index.php.
<?php
require_once('vendor/autoload.php');
/* Start to develop here. Best regards https://php-download.com/ */
klsoft / yii3-keycloak-authz example snippets
namespace MyNamespace;
use Klsoft\Yii3KeycloakAuthz\KeycloakRepositoryInterface;
use Klsoft\Yii3KeycloakAuthz\PermissionTicketResult;
use Klsoft\Yii3KeycloakAuthz\PermissionTicketResponse;
final class KeycloakRepository implements KeycloakRepositoryInterface
{
public function __construct(
private string $realm,
private string $realmUri)
{
}
public function getPermissionTicket(string $accessToken, array $permissions): PermissionTicketResult
{
$url = "$this->realmUri/authz/protection/permission";
$options = [
'http' => [
'ignore_errors' => true,
'method' => 'POST',
'header' => [
'Content-type: application/json',
"Authorization: Bearer $accessToken"],
'content' => json_encode($permissions)
],
];
$responseData = file_get_contents($url, false, stream_context_create($options));
$responseStatusCode = $this->getHttpResponseStatusCode($http_response_header[0]);
if (!empty($responseData)) {
$responseArr = json_decode($responseData, true);
if (isset($responseArr['ticket'])) {
return new PermissionTicketResult(new PermissionTicketResponse(
$this->realm,
$this->realmUri,
$responseArr['ticket']));
}
return new PermissionTicketResult(null, $responseStatusCode, $responseArr);
}
return new PermissionTicketResult(null, $responseStatusCode);
}
private function getHttpResponseStatusCode(string $responseHeader): int
{
if (preg_match("/^HTTP\/[\d.]+\s+(\d{3})\s.*$/", $responseHeader, $matches)) {
return intval($matches[1]);
}
return 0;
}
}
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Message\ResponseInterface;
use Klsoft\Yii3KeycloakAuthz\Permission;
final class ProductController
{
public function __construct(private ProductPresenterInterface $productPresenter)
{
}
#[Permission(
'product',
['create']
)]
public function create(ServerRequestInterface $request): ResponseInterface
{
return $this->productPresenter->createProduct($request);
}
}
#[Permission(
'product',
['create'],
['organization' => ['acme']]
)]
public function create(ServerRequestInterface $request): ResponseInterface
#[Permission(
'product',
['create'],
['organization' => [
'__container_entry_identifier',
OrganizationPresenterInterface::class,
'getOrganizationName',
['__request']]
]
)]
public function create(ServerRequestInterface $request): ResponseInterface
use Psr\Container\ContainerInterface;
use Klsoft\Yii3KeycloakAuthz\Middleware\Authorization;
use Klsoft\Yii3KeycloakAuthz\Permission;
'CreateProductPermission' => static function (ContainerInterface $container) {
return $container
->get(Authorization::class)
->withPermissions([
new Permission('product', ['create'])
]);
}