1-0-0-1/laravel-keycloak-extended-guard 问题修复 & 功能扩展

解决BUG、新增功能、兼容多环境部署,快速响应你的开发需求

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

1-0-0-1/laravel-keycloak-extended-guard

Composer 安装命令:

composer require 1-0-0-1/laravel-keycloak-extended-guard

包简介

Keycloak Guard for Laravel with remote validation

README 文档

README

This package helps you authenticate users on a Laravel API based on JWT tokens generated from Keycloak Server with remote checks.

Install

Require the package

composer require AlexeyShchetkin/laravel-keycloak-extended-guard

Configuration

Laravel Auth

Changes on config/auth.php

    'web' => [
        'driver' => 'session',
        'provider' => 'users',
    ],
    'keycloak' => [ # <-- Add this block
        'driver' => 'keycloak',
        'provider' => 'users',
    ],

Laravel Routes

Just protect some endpoints on routes/api.php and you are done!

// public endpoints
Route::get('/hello', function () {
    return ':)';
});

// protected endpoints
Route::middleware('auth:keycloak')->post('/secret_page', function () {
    return 'Welcome to secret place';
});

Keycloak Guard

The Keycloak Extended Guard configuration can be handled from Laravel .env file. Be sure all strings are trimmed.

Optionally you can publish the config file.

php artisan vendor:publish  --provider="KeycloakExtendedGuard\KeycloakExtendedGuardServiceProvider"
<?php

return [
    // Keycloak secret (Configure->Realm Settings->Keys->RS256->Public key)
    'client_secret' => env('KEYCLOAK_CLIENT_SECRET', ''),
    // Confirm token with request to keycloak server
    'required_server_confirm' => env('KEYCLOAK_REQUIRED_SERVER_CONFIRM', false),
    // Keycloak server URL
    'base_url' => env('KEYCLOAK_BASE_URL', ''),
    // Keycloak realm
    'realm' => env('KEYCLOAK_REALM', ''),
    // Load user from user provider if token valid
    'load_user' => env('KEYCLOAK_LOAD_USER', false),
    'user_provider_credential' => env('KEYCLOAK_USER_PROVIDER_CREDENTIAL', 'username'),
    'token_principal_attribute' => env('KEYCLOAK_TOKEN_PRINCIPAL_ATTRIBUTE', 'preferred_username'),
];

client_secret

Required.

The Keycloak Server realm public key (string).

How to get realm public key? Click on "Realm Settings" > "Keys" > "Algorithm RS256" Line > "Public Key" Button

load_user

Required. Default is false.

If you do not have an users table you must disable this. It fetchs user from database and fill values into authenticated user object. If enabled, it will work together with user_provider_credential and token_principal_attribute.

user_provider_credential

Required. Default is username.

The field from "users" table that contains the user unique identifier (eg. username, email, nickname). This will be confronted against token_principal_attribute attribute, while authenticating.

token_principal_attribute

Required. Default is preferred_username.

The property from JWT token that contains the user identifier. This will be confronted against user_provider_credential attribute, while authenticating.

required_server_confirm

Required. Default is false.

Allow token validation on keycloak server

base_url

Optional

Keycloak server URL

realm

Optional

Keycloak realm name

统计信息

  • 总下载量: 21
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 0
  • 点击次数: 2
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 0
  • Watchers: 1
  • Forks: 0
  • 开发语言: PHP

其他信息

  • 授权协议: proprietary
  • 更新时间: 2022-02-02

承接程序开发

PHP开发

VUE

Vue开发

前端开发

小程序开发

公众号开发

系统定制

数据库设计

云部署

网站建设

安全加固