PHPackages oxodao/qne-oauth-bundle - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. oxodao/qne-oauth-bundle ActiveLibrary[Authentication & Authorization](/categories/authentication) oxodao/qne-oauth-bundle ======================= A Quick And Easy OAuth2 opiniated client bundle 0.1.0(6mo ago)051MITPHPPHP >=8.4 Since Oct 18Pushed 6mo agoCompare [ Source](https://github.com/oxodao/qne-oauth-bundle)[ Packagist](https://packagist.org/packages/oxodao/qne-oauth-bundle)[ RSS](/packages/oxodao-qne-oauth-bundle/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (1)Dependencies (12)Versions (2)Used By (0) QneOAuthBundle ============== [](#qneoauthbundle) Quick'n'Easy OAuth Bundle is a Symfony bundle to easily add OAuth authentication to your API Platform project. It piggy-backs on LexikJWTAuthenticationBundle and GesdinetJWTRefreshTokenBundle to provide a seamless integration of OAuth and JWT authentication. Albeit a not the cleanest way to do it, the OAuth tokens are NO LONGER used once the user is connected. This let you use the same setup as for regular user without having to worry about what's in the token. It also lets you customize the token for your app however you want (e.g. use Mercure). Only offline oauth token are used server-side to refresh the user information (like roles) when your refresh token is called. Currently only tested with Keycloak, it provides the following feature: - Generate the OAuth login URL (Or directly redirect to it depending on your setup) - Exchage the OAuth code for a JWT token - Bring your own user entity - Role synchronization - Works in combination with standard password authentication Warning ------- [](#warning) Although I tried to stay as close as possible to the OAuth2 standard, this was only tested with Keycloak, so not sure if it work with other providers. It is also pretty tailored to my use case, so if you have any issue or want a feature, please open a PR. For now, it only support ONE OAuth provider per project. It does not support CSRF protection through the state parameter. For now ROLES SYNCHRONIZATION IS MANDATORY ! At some point I'd like to have an option so that the provider's roles doesn't matter (Which would also stop the need for the user to log in through OAuth every time their offline token expires). Usage ----- [](#usage) ### Keycloak [](#keycloak) As an exemple, and because this is the only one currently implemented, let's setup Keycloak. First we create a client in the master realm: - Go to the admin interface, clients, "Create a client" - Fill the ID of the client: my\_project and set a name / description. - Let the default settings on the second screen except "Client authentication" which you should enable. - On the last screen, fill the values: - Root URL: `http://localhost` => Your app frontend base url - Home URL: `/` - Valid Redirect URIs: `/oauth-callback` => The frontend URL that your OAuth provider will redirect to after login - In the roles you can create an "ROLE\_ADMIN" role (or any role your app will need) - Then in "Groups" you can create an "admin" group and assign the "admin" role to it in the mapping tab. - Finally you can add / remove your users in the member tab of the group. By default, the user will have to log in again every 30 days because of the offline token expiration. You can change that by going into the realm settings and updating the "Offline Session Max" value in the "Tokens" tab. You can get the `client_secret` in the "Credentials" tab of your client. ### Bundle setup [](#bundle-setup) ``` $ composer require oxodao/qne-oauth-bundle ``` Then enable the bundle in your `config/bundles.php`: ```