Skip to content
Snippets Groups Projects
Select Git revision
  • 89d4166cdfe6885b4c67709dbdaeb533fe58c3fc
  • main default
  • keycloak-deprecate
  • remove-jwt-easy
  • ci-update
  • v0.1.15
  • v0.1.14
  • v0.1.13
  • v0.1.12
  • v0.1.11
  • v0.1.10
  • v0.1.9
  • v0.1.8
  • v0.1.7
  • v0.1.6
  • v0.1.5
  • v0.1.4
  • v0.1.3
  • v0.1.2
  • v0.1.1
  • v0.1.0
21 results

dbp-relay-auth-bundle

Christoph Reiter's avatar
Add an interface that allows customizing the user roles
Reiter, Christoph authored 
This adds UserRolesInterface which is used for converting the
oauth2 scopes to symfony roles.

The default interface implementation converts them to "ROLE_SCOPE_FOO".

The interface also gets passed the user ID and can fetch roles from other
places as well, like LDAP, or ignore the scopes etc.

Fixes #4
89d4166c
History
Christoph Reiter's avatar 89d4166c
History
Name Last commit Last update
src
tests
.gitignore
.gitlab-ci.yml
.php-cs-fixer.dist.php
.renovaterc.json
CHANGELOG.md
LICENSE
README.md
composer.json
composer.lock
phpstan.neon
phpunit.xml.dist
psalm.xml
README.md

DBP Relay Auth Bundle

GitLab | Packagist

Bundle Configuration

created via ./bin/console config:dump-reference DbpRelayAuthBundle | sed '/^$/d'

# Default configuration for "DbpRelayAuthBundle"
dbp_relay_auth:
    # The base URL for the OIDC server (in case of Keycloak fort the specific realm)
    server_url:           ~ # Example: 'https://keycloak.example.com/auth/realms/my-realm'
    # If set only tokens which contain this audience are accepted (optional)
    required_audience:    ~ # Example: my-api
    # How much the system time of the API server and the Keycloak server
    # can be out of sync (in seconds). Used for local token validation.
    local_validation_leeway: 120
    # If remote validation should be used. If set to false the token signature will
    # be only checked locally and not send to the keycloak server
    remote_validation:    false
    # The ID of the client (client credentials flow) used for remote token validation
    # (optional)
    remote_validation_id: ~ # Example: client-token-check
    # The client secret for the client referenced by client_id (optional)
    remote_validation_secret: ~ # Example: mysecret
    # The Keycloak server base URL
    frontend_keycloak_server: ~ # Example: 'https://keycloak.example.com/auth'
    # The keycloak realm
    frontend_keycloak_realm: ~ # Example: client-docs
    # The ID for the keycloak client (authorization code flow) used for API docs or similar
    frontend_keycloak_client_id: ~ # Example: client-docs