README

IMISSU2 RBAC Connector with Keycloak.

Requirements

1. Your client type MUST BE confidential to get client secret.
2. Enable Service Account in IMISSU2 to get data from RBAC Connector.
3. Assign roles in Service Accounts tab in client page IMISSU2.

What is Service Account?

A service account is a special type of provider account (e.g. Google, Keycloak, etc) intended to represent a non-human user that needs to authenticate and be authorized to access data in provider APIs.

Setup

1. Create file .env and set value of RBAC_CONNECTOR_HOST_URL, KEYCLOAK_CLIENT_ID, and KEYCLOAK_CLIENT_SECRET.

RBAC_CONNECTOR_HOST_URL=<imissu2-website>
KEYCLOAK_CLIENT_ID=<keycloak-client-id>
KEYCLOAK_CLIENT_SECRET=<keycloak-client-secret>

1. Install package with command below.

composer require ristekusdi/rbac-connector

Common Use Cases

Here are common use cases that you need to use this package.

Get Users and Total Users

<?php

use RistekUSDI\RBAC\Connector\Connector;

/**
 * $users_raw return data type array of users with field id, firstName, lastName, email, username, and attributes.
 * 
 * Params: first, max, search, q. All parameters are optional
 * 
 * $start = pagination offset (default 0)
 * $max = maximum result size (default 10)
 * $search = you can search by firstName, lastName, email, and username
 * 
 * Values of parameter 'q' are:
 * - unud_user_type_id:1
 * - unud_user_type_id:2
 * - unud_user_type_id:3
 *
*/
$users_raw = (new Connector())->getUsers(array(
    'first' => $start,
    'max' => $length,
    'search' => $search,
    // key "q" is optional
    'q' => 'unud_user_type_id:2 unud_user_type_id:3'
));

/**
 * $total_users return data type integer
 * 
 * Parameters: search, q. All parameters are optional.
 * 
 * $search = you can search by firstName, lastName, email, and username
 * Values of parameter 'q' are:
 * - unud_user_type_id:1
 * - unud_user_type_id:2
 * - unud_user_type_id:3
 * 
*/
$total_users = (new Connector())->totalUsers(array(
    'search' => $search,
    // key "q" is optional
    'q' => 'unud_user_type_id:2 unud_user_type_id:3'
));

Store user

<?php

use RistekUSDI\RBAC\Connector\Connector;

/**
 * Store user
 * @param $data (user entity)
*/
(new Connector())->storeUser($data);

Show user

<?php

use RistekUSDI\RBAC\Connector\Connector;

/**
 * Show user by username
 * 
 * */
$user = (new Connector())->showUser($username);

Update user

<?php

use RistekUSDI\RBAC\Connector\Connector;

/**
 * Update user by username
 * @param $username, $data (user entity)
 * */
$user = (new Connector())->showUser($username, $data);

Assigned User to Client Role

<?php

use RistekUSDI\RBAC\Connector\Connector;

/**
 * 
 * Params: user_id, client_id, and roles. All parameters are required.
 * 
 * $user_id = id of user NOT id_sso
 * $client_id = client_id from value $_SERVER['KEYCLOAK_CLIENT_ID'] or config('sso.client_id')
 * $roles = array of role_name
 * 
*/
(new Connector())->syncAssignedUserClientRoles($user_id, $client_id, $roles);

Get client roles

<?php

use RistekUSDI\RBAC\Connector\Connector;

/**
 * Get client roles.
 * 
 * @param $clientId string (required)
 * @param $roles array (optional)
 * 
 * Note: $roles array come from your DB app.
 * Example: $roles = ['Administrator', 'Mahasiswa', 'Dosen', 'Pegawai'];
 *
*/
(new Connector())->getClientRoles($clientId, $roles = array());

Create a role in a client

<?php

use RistekUSDI\RBAC\Connector\Connector;

/**
 * Store role into client.
 * 
 * Parameters: client_id, role_name. All parameters are required.
 * 
 * $client_id = client_id from value $_SERVER['KEYCLOAK_CLIENT_ID'] or config('sso.client_id')
 * $role_name = role name
 *
*/
(new Connector())->storeClientRole($client_id, $role_name);

Update role name in a client

<?php

use RistekUSDI\RBAC\Connector\Connector;

/**
 * Update role name in a client.
 * 
 * Parameters: client_id, previous_role_name, current_role_name. All parameters are required.
 * 
 * $client_id = client_id from value $_SERVER['KEYCLOAK_CLIENT_ID'] or config('sso.client_id')
 * $previous_role_name = previous role name
 * $current_role_name = current role name
 *
*/
(new Connector())->updateClientRoleName($client_id, $previous_role_name, $current_role_name);

Delete role from a client

<?php

use RistekUSDI\RBAC\Connector\Connector;

/**
 * Delete role from client.
 * 
 * Parameters: client_id, role_name. All parameters are required.
 * 
 * $client_id = client_id from value $_SERVER['KEYCLOAK_CLIENT_ID'] or config('sso.client_id')
 * $role_name = role name
 *
*/
(new Connector())->deleteClientRole($client_id, $role_name);