PHPackages hamidou-ie/keycloak-client-bundle - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. hamidou-ie/keycloak-client-bundle ActiveSymfony-bundle[Authentication & Authorization](/categories/authentication) hamidou-ie/keycloak-client-bundle ================================= Keycloak client bundle for Symfony, designed to simplify Keycloak integration into your application and provide additional functionality for token management and user information access 074PHPCI passing Since Feb 25Pushed 4mo agoCompare [ Source](https://github.com/hamidou-ie/KeycloakClientBundle)[ Packagist](https://packagist.org/packages/hamidou-ie/keycloak-client-bundle)[ RSS](/packages/hamidou-ie-keycloak-client-bundle/feed)WikiDiscussions main Synced 3w ago READMEChangelogDependenciesVersions (1)Used By (0) KeycloakClientBundle ==================== [](#keycloakclientbundle) [![Latest Version](https://camo.githubusercontent.com/1b6899bad616cd7e666a4d26d15086b5d69bc4f2e115adf962de0d3d5380184b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f72656c656173652f68616d69646f752d69652f4b6579636c6f616b436c69656e7442756e646c652e7376673f7374796c653d666c61742d737175617265)](https://github.com/hamidou-ie/KeycloakClientBundle/releases)[![Software License](https://camo.githubusercontent.com/55c0218c8f8009f06ad4ddae837ddd05301481fcf0dff8e0ed9dadda8780713e/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d627269676874677265656e2e7376673f7374796c653d666c61742d737175617265)](LICENSE.md)[![Total Downloads](https://camo.githubusercontent.com/16cf855f5c902c66417d22e1133cfb2e5a690c329746929664783ae5efe9cb7d/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f68616d69646f752d69652f6b6579636c6f616b2d636c69656e742d62756e646c652e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/hamidou-ie/keycloak-client-bundle) The `KeycloakClientBundle` bundle is a wrapper for the `stevenmaguire/oauth2-keycloak` package, designed to simplify Keycloak integration into your application in Symfony and provide additional functionality for token management and user information access. It also includes a listener to verify the token on every request. Configuration ------------- [](#configuration) Before installing this package, you need to configure it manually. You can do this by creating a `hamidou_ie_keycloak_client.yaml` file in the `config/packages` directory of your project and adding the following configuration: ``` # config/packages/hamidou_ie_keycloak_client.yaml hamidou_ie_keycloak_client: keycloak: verify_ssl: '%env(bool:IAM_VERIFY_SSL)%' base_url: '%env(IAM_BASE_URL)%' realm: '%env(IAM_REALM)%' client_id: '%env(IAM_CLIENT_ID)%' client_secret: '%env(IAM_CLIENT_SECRET)%' redirect_uri: '%env(IAM_REDIRECT_URI)%' encryption_algorithm: '%env(IAM_ENCRYPTION_ALGORITHM)%' encryption_key: '%env(IAM_ENCRYPTION_KEY)%' encryption_key_path: '%env(IAM_ENCRYPTION_KEY_PATH)%' version: '%env(IAM_VERSION)%' # Optional: Whitelist of allowed domains for JWKS endpoint (security feature) # If not specified, only the domain from base_url is allowed allowed_jwks_domains: - 'keycloak.example.com' - '*.auth.example.com' # Supports wildcard subdomains ``` Additionally, it's recommended to add the following environment variables to your project's environment file (e.g., `.env` or `.env.local`) with the appropriate values for your configuration: ``` ###> hamidou-ie/keycloak-client-bundle ### IAM_VERIFY_SSL=true # Verify SSL certificate IAM_BASE_URL='' # Keycloak server URL IAM_REALM='' # Keycloak realm name IAM_CLIENT_ID='' # Keycloak client id IAM_CLIENT_SECRET='' # Keycloak client secret IAM_REDIRECT_URI='' # Keycloak redirect uri IAM_ENCRYPTION_ALGORITHM='' # RS256, HS256, JWKS, etc. IAM_ENCRYPTION_KEY='' # public key IAM_ENCRYPTION_KEY_PATH='' # public key path IAM_VERSION='' # Keycloak version ###< hamidou-ie/keycloak-client-bundle ### ``` Make sure to replace the placeholder values with your actual configuration values. Once you have configured the package and environment variables, you can proceed with the installation. Installation ------------ [](#installation) You can install this package using [Composer](http://getcomposer.org/): ``` composer require hamidou-ie/keycloak-client-bundle ``` Then, enable the bundle by adding it to the list of registered bundles in the `config/bundles.php` file of your project: ``` // config/bundles.php return [ // ... HamidouIe\KeycloakClientBundle\HamidouIeKeycloakClientBundle::class => ['all' => true], ]; ``` By configuring the package before installation, you ensure that it will be ready to use once installed. Usage ----- [](#usage) ### Symfony 8 stateless API (access\_token OIDC) [](#symfony-8-stateless-api-access_token-oidc) If your application uses Symfony 8 `security.access_token` with an OIDC token handler, you **do not need** extra `KEYCLOAK_*` environment variables. This bundle derives the required values from `IAM_BASE_URL`, `IAM_REALM`, and `IAM_CLIENT_ID` through **env var processors**: - `%env(keycloak_issuer:IAM_BASE_URL)%` → `{IAM_BASE_URL}/realms/{IAM_REALM}` - `%env(keycloak_discovery_base_uri:IAM_BASE_URL)%` → `issuer + "/"` Example `security.yaml` snippet: ``` security: providers: oidc_user_provider: # Use either your own user provider service or the optional one from this bundle (see below) id: HamidouIe\KeycloakClientBundle\Security\User\DoctrineOidcUserProvider firewalls: main: stateless: true provider: oidc_user_provider access_token: token_handler: oidc: claim: email algorithms: [ 'RS256' ] audience: '%env(IAM_CLIENT_ID)%' issuers: [ '%env(keycloak_issuer:IAM_BASE_URL)%' ] discovery: base_uri: '%env(keycloak_discovery_base_uri:IAM_BASE_URL)%' cache: id: cache.app ``` ### Optional: Doctrine OIDC user provider (sync local User) [](#optional-doctrine-oidc-user-provider-sync-local-user) To keep a centralized `user` table and synchronize basic profile fields from Keycloak (`firstname`, `lastname`, `email`, `username`), enable the provider: ``` # config/packages/hamidou_ie_keycloak_client.yaml hamidou_ie_keycloak_client: oidc: doctrine_user_provider: enabled: true # Defaults work for Api\\Entity\\User with dn/email fields and Keycloak standard claims. # user_class: 'Api\\Entity\\User' ``` Matching strategy: - Prefer stable Keycloak subject: `dn = oidc:{sub}` - Fallback to `email` By default, roles from the token are also synchronized into `user.roles`. If you want to sync **only** the roles for your configured client (`resource_access[{client_id}].roles`), set: ``` hamidou_ie_keycloak_client: oidc: doctrine_user_provider: enabled: true roles_source: client ``` ### Get the Keycloak client [](#get-the-keycloak-client) You can get the Keycloak client by injecting the `HamidouIe\KeycloakClientBundle\Interface\IamClientInterface`interface in your controller or service. To use it, you need to add the following configuration to your `config/services.yaml` file: ``` services: HamidouIe\KeycloakClientBundle\Interface\IamClientInterface: alias: HamidouIe\KeycloakClientBundle\Provider\KeycloakClient ``` Then, you can use it in your controller or service: ```