'providers' => [
'users' => [
'driver' => 'keycloak-users',
'model' => App\User::class,
'modelSearchField' => 'email', // field in User model for searching
'keyCloakSearchField' => 'id',
'userCreator' => App\KeyCloak\UserCreator::class, // class mast implement SlowCheetah\KeycloakWebGuard\Contracts\CreateUserInterface
'syncUser' => App\KeyCloak\SyncUser::class, // class mast implement SlowCheetah\KeycloakWebGuard\Contracts\SyncUserInterface
],
// ...
]
if (Gate::denies('keycloak-web', 'manage-account')) {
return abort(403);
}
if (Gate::denies('keycloak-web', ['manage-account'])) {
return abort(403);
}
if (Gate::denies('keycloak-web', 'manage-account', 'another-resource')) {
return abort(403);
}
$this->middleware('keycloak-web-can:manage-something-cool');
// For multiple roles, separate with '|'
$this->middleware('keycloak-web-can:manage-something-cool|manage-something-nice|manage-my-application');
// On RouteServiceProvider.php for example
Route::prefix('admin')
->middleware('keycloak-web')
->namespace($this->namespace)
->group(base_path('routes/web.php'));
// Or with Route facade in another place
Route::group(['middleware' => 'keycloak-web'], function () {
Route::get('/admin', 'Controller@admin');
});
// On your EncryptCookies middleware
class EncryptCookies extends Middleware
{
protected $except = [];
public function __construct(EncrypterContract $encrypter)
{
parent::__construct($encrypter);
/**
* This will disable in runtime.
*
* If you have a "session.cookie" option or don't care about changing the app name
* (in another environment, for example), you can only add it to "$except" array on top
*/
$this->disableFor(config('session.cookie'));
}
}