Skip to content
Commits on Source (4)
Expand all Hide whitespace changes
Inline Side-by-side
CHANGELOG.md
View file @ d06af6d8
# v0.1.12 - 2022-11-15
* Added new `frontend_client_id` config entry as a replacement for `frontend_keycloak_client_id`
* Deprecated config entries: `frontend_keycloak_server`, `frontend_keycloak_realm`, `frontend_keycloak_client_id`
# v0.1.9 - 2022-05-11
* Add a health check for remote token validation via the introspection endpoint
......
composer.lock
View file @ d06af6d8
This diff is collapsed.
docs/config.md
View file @ d06af6d8
......@@ -20,12 +20,8 @@ dbp_relay_auth:
remote_validation_id: ~ # Example: client-token-check
# The client secret for the client referenced by client_id (optional)
remote_validation_secret: ~ # Example: mysecret
# The Keycloak server base URL
frontend_keycloak_server: ~ # Example: 'https://keycloak.example.com/auth'
# The keycloak realm
frontend_keycloak_realm: ~ # Example: client-docs
# The ID for the keycloak client (authorization code flow) used for API docs or similar
frontend_keycloak_client_id: ~ # Example: client-docs
# The client ID for the OIDC client (authorization code flow) used for API docs and other frontends provided by the API itself
frontend_client_id: ~ # Example: client-docs
```
## Configuration Discovery
......@@ -56,17 +52,6 @@ There are two modes of operation:
everything is handled by the OIDC server.
## Frontend Keycloak Config (FIXME)
At this time the bundle is still depending on Keycloak as a specific OIDC server
for some optional functionality. The auth bundle handles the OIDC login
component of the OpenAPI docs provided by the core bundle (the login button at
the top left).
We are looking into providing a frontend web component that works with all OIDC
serves to remove this dependency.
## Remote Validation Client with Keycloak
To create a client which can validate/introspect tokens in Keycloak create a
......
src/DependencyInjection/Configuration.php
View file @ d06af6d8
......@@ -46,17 +46,25 @@ class Configuration implements ConfigurationInterface
->example('mysecret')
->end()
// API docs. This is still Keycloak specific because we only have a keycloak
// web component right now.
// API Frontend (API docs etc)
->scalarNode('frontend_client_id')
->info('The client ID for the OIDC client (authorization code flow) used for API docs and other frontends provided by the API itself')
->example('client-docs')
->end()
// [DEPRECATED]
->scalarNode('frontend_keycloak_server')
->setDeprecated('dbp/relay-auth-bundle', '0.1.12', 'No longer needed')
->info('The Keycloak server base URL')
->example('https://keycloak.example.com/auth')
->end()
->scalarNode('frontend_keycloak_realm')
->setDeprecated('dbp/relay-auth-bundle', '0.1.12', 'No longer needed')
->info('The keycloak realm')
->example('client-docs')
->end()
->scalarNode('frontend_keycloak_client_id')
->setDeprecated('dbp/relay-auth-bundle', '0.1.12', 'Use "frontend_client_id" instead')
->info('The ID for the keycloak client (authorization code flow) used for API docs or similar')
->example('client-docs')
->end()
......
src/DependencyInjection/DbpRelayAuthExtension.php
View file @ d06af6d8
......@@ -39,6 +39,8 @@ class DbpRelayAuthExtension extends ConfigurableExtension implements PrependExte
{
$config = $container->getExtensionConfig($this->getAlias())[0];
$this->extendArrayParameter($container, 'dbp_api.twig_globals', [
'oidc_server_url' => $config['server_url'] ?? '',
'oidc_frontend_client_id' => $config['frontend_client_id'] ?? '',
'keycloak_server_url' => $config['frontend_keycloak_server'] ?? '',
'keycloak_realm' => $config['frontend_keycloak_realm'] ?? '',
'keycloak_frontend_client_id' => $config['frontend_keycloak_client_id'] ?? '',
......