PHPackages dmstr/yii2-usuario-keycloak - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. dmstr/yii2-usuario-keycloak ActiveLibrary[Authentication & Authorization](/categories/authentication) dmstr/yii2-usuario-keycloak =========================== Yii2 usuario keycloak plugin 4.2.2(7mo ago)212.2k↓16.7%2PHP Since Jan 13Pushed 2mo ago4 watchersCompare [ Source](https://github.com/dmstr/yii2-usuario-keycloak)[ Packagist](https://packagist.org/packages/dmstr/yii2-usuario-keycloak)[ RSS](/packages/dmstr-yii2-usuario-keycloak/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (10)Dependencies (9)Versions (47)Used By (0) Yii2 usuario keycloak client ============================ [](#yii2-usuario-keycloak-client) Installation ------------ [](#installation) Install the package via composer ``` composer require dmstr/yii2-usuario-keycloak ``` For the installation of usuario see [usuario docs](https://yii2-usuario.readthedocs.io/en/latest/) Setup ----- [](#setup) To run a keycloak using Docker (compose) please see [docker-compose.keycloak.yml](docker/docker-compose.keycloak.yml) in the docker folder For local development you should add keycloak-local to your /etc/hosts like this: 127.0.0.1 keycloak-local You may need to replace 127.0.0.1 with your docker ip Configuration ------------- [](#configuration) **This part of config is mandatory. With this we add keycloak as a "social network"** ``` KEYCLOAK_CLIENT_NAME=Keycloak KEYCLOAK_CLIENT_ID=app # See credentials tab in example realms app client KEYCLOAK_CLIENT_SECRET= KEYCLOAK_ISSUER_URL=http://keycloak-local:8080/realms/example ``` ``` use yii\authclient\Collection; use Da\User\AuthClient\Keycloak; return [ 'components' => [ 'authClientCollection' => [ 'class' => Collection::class, 'clients' => [ 'keycloak' => [ 'class' => Keycloak::class, 'title' => getenv('KEYCLOAK_CLIENT_NAME'), 'clientId' => getenv('KEYCLOAK_CLIENT_ID'), 'clientSecret' => getenv('KEYCLOAK_CLIENT_SECRET'), 'issuerUrl' => getenv('KEYCLOAK_ISSUER_URL') ] ] ], 'user' => [ // So that the session do not get mixed up 'enableAutoLogin' => false ] ] ] ``` **Enable front channel logout from keycloak when user logs out in app** ``` use dmstr\usuario\keycloak\controllers\SecurityController; return [ 'modules' => [ 'user' => [ 'controllerMap' => [ 'security' => [ 'class' => SecurityController::class ] ] ] ] ] ``` **Only allow login to users with verified emails** ``` use Da\User\Event\SocialNetworkAuthEvent; use dmstr\usuario\keycloak\controllers\SecurityController; use yii\web\ForbiddenHttpException; return [ 'modules' => [ 'user' => [ 'controllerMap' => [ 'security' => [ 'class' => SecurityController::class, 'on ' . SocialNetworkAuthEvent::EVENT_BEFORE_AUTHENTICATE => function (SocialNetworkAuthEvent $event) { if (isset($event->getClient()->getUserAttributes()['email_verified']) && $event->getClient()->getUserAttributes()['email_verified'] === false) { throw new ForbiddenHttpException(Yii::t('usuario-keycloak', 'Account is not verified. Please confirm your registration email.')); } } ] ] ] ] ] ``` **Disabled the sending of a welcome message when a user is from keycloak** ``` return [ 'modules' => [ 'user' => [ 'sendWelcomeMailAfterSocialNetworkRegistration' => false ] ] ] ``` **If you do not want to allow identity switching. This is recommended because potential RBAC Roles with the TokenRoleRule may not work correctly** ``` return [ 'modules' => [ 'user' => [ 'enableSwitchIdentities' => false ] ] ] ``` **Logout the user if the keycloak token is expired** This only works in a web application so add your config accordingl and needs some slight modifications to your user component. You can copy and use this example or extend your existing user compoent. ```