PHPackages abel/keycloak-bearer-only-adapter-bundle - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. abel/keycloak-bearer-only-adapter-bundle ActiveSymfony-bundle[Authentication & Authorization](/categories/authentication) abel/keycloak-bearer-only-adapter-bundle ======================================== Keycloak security adapter for bearer only clients v1.3.2(3y ago)43.5k↓100%4[2 issues](https://github.com/el-abdel/ABELkeycloakBearerOnlyAdapterBundle/issues)MITPHPPHP >=7.2.5 Since Dec 11Pushed 3y ago1 watchersCompare [ Source](https://github.com/el-abdel/ABELkeycloakBearerOnlyAdapterBundle)[ Packagist](https://packagist.org/packages/abel/keycloak-bearer-only-adapter-bundle)[ RSS](/packages/abel-keycloak-bearer-only-adapter-bundle/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (10)Dependencies (5)Versions (12)Used By (0) ABELkeycloakBearerOnlyAdapterBundle =================================== [](#abelkeycloakbeareronlyadapterbundle) This Symfony bundle is an adapter that allows securing API using keycloak Bearer Only clients. Installation ------------ [](#installation) > Befor installing the bundle, automatic packages configuration can be activated with the following command: > > ``` > composer config extra.symfony.allow-contrib true > > ``` With composer: ``` composer require abel/keycloak-bearer-only-adapter-bundle ``` Configuration ------------- [](#configuration) If you want to set up keycloak locally you can download it [here](https://www.keycloak.org/downloads) and follow instructions from [the official documentation](https://www.keycloak.org/docs/latest/server_installation/index.html). ### Bundle configuration [](#bundle-configuration) #### Via a recipe (Automatic) [](#via-a-recipe-automatic) This bundle hase a Symfony recipe that allow the automation of configuration via the Symfony Flex Composer plugin. To enable recipe for your project, run the following command: ``` composer config extra.symfony.allow-contrib true ``` #### Manual [](#manual) Having a running keycloak locally or in Docker and already configured a client with **Access Type = bearer-only**here is the configuration to use: ``` # config/packages/abel_keycloak_bearer_only_adapter.yaml abel_keycloak_bearer_only_adapter: issuer: '%env(OAUTH_KEYCLOAK_ISSUER)%' # your accessible keycloak url realm: '%env(OAUTH_KEYCLOAK_REALM)%' # your keycloak realm name client_id: '%env(OAUTH_KEYCLOAK_CLIENT_ID)%' # your keycloak client id client_secret: '%env(OAUTH_KEYCLOAK_CLIENT_SECRET)%' # your keycloak client secret #ssl_verification: False # by default ssl_verification is set to False ``` The best practice is to load your configuration from **.env** file. ``` # .env ... ###> Abel_keycloak_bearer_only_adapter ### OAUTH_KEYCLOAK_ISSUER=keycloak:8080 OAUTH_KEYCLOAK_REALM=my_realm OAUTH_KEYCLOAK_CLIENT_ID=my_bearer_client OAUTH_KEYCLOAK_CLIENT_SECRET=my_bearer_client_secret ###< Abel_keycloak_bearer_only_adapter ### ... ``` > Since Keycloak 17 the default distribution is now powered by **Quarkus**, while the legacy **WildFly** powered distribution will still be around until June 2022 > The new distribution introduces a number of breaking changes, including: > > - `/auth` removed from the default context path > ⚠️ **If you are using a legacy version make sure to include /auth in OAUTH\_KEYCLOAK\_ISSUER** > Example: `keycloak:8080/auth` In case of using Keycloak with Docker locally replace **issuer** value with your keycloak container reference in the network For example, you can use the service name, or container IPAdresse that you can get using this command: ``` docker inspect | grep "IPAddress" ``` ### Symfony security configuration [](#symfony-security-configuration) To secure your API with Keycloak you must change the default security configuration in symfony. Here is a simple configuration that restrict access to `/api/*` routes only to user with role **ROLE\_API** : ``` # config/packages/security.yaml security: enable_authenticator_manager: true providers: keycloak_bearer_user_provider: id: ABEL\Bundle\keycloakBearerOnlyAdapterBundle\Security\User\KeycloakBearerUserProvider firewalls: dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false api: pattern: ^/api/ provider: keycloak_bearer_user_provider custom_authenticators: - ABEL\Bundle\keycloakBearerOnlyAdapterBundle\Security\Authenticator\KeycloakBearerAuthenticator stateless: true access_control: - { path: ^/api/, roles: ROLE_API } ``` > ℹ️ Referring to Symfony [documentation](https://symfony.com/doc/5.3/security.html#roles), roles must start with **ROLE\_** (otherwise, things won't work as expected) ### Keycloak configuration [](#keycloak-configuration) To configure keycloak to work with this bundle, [here](./Resources/docs/keycloak-config-guide.md) is a step by step documentation for a basic configuration of keycloak. ### Compatibility [](#compatibility) Bundle VersionSymfony VersionV1.0.1>=4.0.0 <5.0.0V1.1.\* (uses old authentication systeme with guard)>=5.0.0 <6.0.0V1.2.\* (uses new authentication systeme)>=5.3.0 <6.0.0V1.3.\*>=6.0.0 <7.0.0 ### Health Score 28 — LowBetter than 54% of packages Maintenance10 Infrequent updates — may be unmaintained Popularity26 Limited adoption so far Community11 Small or concentrated contributor base Maturity55 Maturing project, gaining track record Bus Factor1 Top contributor holds 97.1% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~89 days Recently: every ~76 days Total 10 Last Release 1177d ago PHP version history (3 changes)v1.0.1PHP ^7.1 v1.1.0PHP ^7.2.5|^8.0 v1.2.0PHP >=7.2.5 ### Community Maintainers ![](https://www.gravatar.com/avatar/f334333d43d4292c4a10909c510951052cf2876238654b5f43e11bc632e094b8?d=identicon)[el-abdel](/maintainers/el-abdel) --- Top Contributors [![el-abdel](https://avatars.githubusercontent.com/u/20129721?v=4)](https://github.com/el-abdel "el-abdel (34 commits)")[![Gwemox](https://avatars.githubusercontent.com/u/9432727?v=4)](https://github.com/Gwemox "Gwemox (1 commits)") --- Tags apiauthenticationhacktoberfestkeycloakoauthsecuritysymfonysymfony-bundle ### Embed Badge ![Health badge](/badges/abel-keycloak-bearer-only-adapter-bundle/health.svg) ``` [![Health](https://phpackages.com/badges/abel-keycloak-bearer-only-adapter-bundle/health.svg)](https://phpackages.com/packages/abel-keycloak-bearer-only-adapter-bundle) ``` ### Alternatives [sylius/sylius E-Commerce platform for PHP, based on Symfony framework. 8.4k5.6M651](/packages/sylius-sylius)[symfony/security-bundle Provides a tight integration of the Security component into the Symfony full-stack framework 2.5k172.9M1.8k](/packages/symfony-security-bundle)[gesdinet/jwt-refresh-token-bundle Implements a refresh token system over Json Web Tokens in Symfony 70516.4M35](/packages/gesdinet-jwt-refresh-token-bundle)[simplesamlphp/simplesamlphp A PHP implementation of a SAML 2.0 service provider and identity provider. 1.1k12.4M193](/packages/simplesamlphp-simplesamlphp)[scheb/2fa Two-factor authentication for Symfony applications (please use scheb/2fa-bundle to install) 578630.7k1](/packages/scheb-2fa)[scheb/2fa-bundle A generic interface to implement two-factor authentication in Symfony applications 6914.0M62](/packages/scheb-2fa-bundle) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)