OpenID Connect client bundle for symfony
composer require halloverden/symfony-oidc-client-bundle
- Copy
hallo_verden_oidc_client.yaml
into your project folder and edit it to suit your needs.
Authenticators can be used to allow authentication with an access token from your OpenID provider.
- Create class that implements
HalloVerden\Security\Interfaces\OauthUserProviderServiceInterface
- Enable authenticators and the class you want to use as services
HalloVerden\Security\Interfaces\OauthUserProviderServiceInterface: class: App\Services\OauthUserProviderService # Your class HalloVerden\Security\AccessTokenAuthenticator: ~ HalloVerden\Security\ClientCredentialsAccessTokenAuthenticator: ~
- Add authenticators to your security config.
guard: authenticators: - HalloVerden\Security\AccessTokenAuthenticator entry_point: HalloVerden\Security\AccessTokenAuthenticator
You can use the OauthAuthorizeService to login users from the backend.
- Enable the service:
HalloVerden\Oidc\ClientBundle\Interfaces\OauthAuthorizeServiceInterface: class: HalloVerden\Oidc\ClientBundle\Services\OauthAuthorizeService arguments: $openIdProviderService: '@hv.oidc.openid_provider.default' # Default refers to the client_configurations key in you config $authorizeSuccessUrl: 'http://localhost/success' # Where to redirect the user on success $authorizeErrorUrl: 'http://localhost/error' # Where to redirect the user on error
- Create two controllers:
<?php namespace App\Controller; use HalloVerden\Oidc\ClientBundle\Interfaces\OauthAuthorizeServiceInterface; use Symfony\Component\HttpFoundation\RedirectResponse; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\Routing\Annotation\Route; /** * Class AuthorizeController * * @package App\Controller * * @Route("/authorize", methods={"GET"}, name="authorize") */ class AuthorizeController { /** * @param Request $request * @param OauthAuthorizeServiceInterface $oauthAuthorizeService * * @return RedirectResponse */ public function __invoke(Request $request, OauthAuthorizeServiceInterface $oauthAuthorizeService): RedirectResponse { return $oauthAuthorizeService->handleAuthorize($request); } }
<?php namespace App\Controller; use HalloVerden\Oidc\ClientBundle\Interfaces\OauthAuthorizeServiceInterface; use Symfony\Component\HttpFoundation\RedirectResponse;use Symfony\Component\HttpFoundation\Request; use Symfony\Component\Routing\Annotation\Route; /** * Class HandleAuthCodeController * * @package App\Controller * * @Route("/handle", methods={"GET"}, name="authcodehandle") */ class HandleAuthCodeController { /** * @param Request $request * @param OauthAuthorizeServiceInterface $oauthAuthorizeService * * @return RedirectResponse */ public function __invoke(Request $request, OauthAuthorizeServiceInterface $oauthAuthorizeService): RedirectResponse { return $oauthAuthorizeService->handleAuthCode($request); } }
Make sure your redirect_uri is to the handle controller.
You can now redirect you user to /authorize and you can listen to the AuthorizedEvent
to know when a user is authorized.
Get AccessToken with client credentials grant
<?php
$openIdProviderService->getTokenResponse(new ClientCredentialsGrant())->getAccessToken();