idci/guzzle-bundle-knpu-oauth2-plugin

This bundle integrates KnpU OAuth2 functionality using a Guzzle Bundle plugin.

v1.0.0 2023-10-04 22:30 UTC

This package is auto-updated.

Last update: 2024-12-06 16:24:48 UTC


README

This bundle integrates KnpU OAuth2 functionality using a Guzzle Bundle plugin.

This bundle was highly inspired by the work of this: gregurco/guzzle-bundle-oauth2-plugin. The OAuth2 negociation to retrieved the AccessToken is handle with knpuniversity/oauth2-client-bundle and league/oauth2-client.

Installation

With composer:

$ composer require idci/guzzle-bundle-knpu-oauth2-plugin

Enable bundle

Overrides the registerBundles function in src/Kernel.php like this:

    public function registerBundles(): iterable
    {
        $contents = require $this->getBundlesPath();
        foreach ($contents as $class => $envs) {
            if ($envs[$this->environment] ?? $envs['all'] ?? false) {
                if ($class === \EightPoints\Bundle\GuzzleBundle\EightPointsGuzzleBundle::class) {
                    yield new $class([
                        new \IDCI\Bundle\GuzzleBundleKnpUOAuth2Plugin\IDCIGuzzleBundleKnpUOAuth2Plugin(),
                    ]);
                } else {
                    yield new $class();
                }
            }
        }
    }

Configuration

Configure your KnpUOAuth2 client as described into the offical documentation into config/packages/knpu_oauth2_client.yaml. Here is an example using a Keycloak client:

knpu_oauth2_client:
    clients:
        my_keycloak_client:
            type: keycloak
            auth_server_url: '%env(string:KEYCLOAK_SERVER_BASE_URL)%'
            realm: '%env(string:KEYCLOAK_REALM)%'
            client_id: '%env(string:KEYCLOAK_CLIENT_ID)%'
            client_secret: '%env(string:KEYCLOAK_CLIENT_SECRET)%'
            redirect_route: null
            redirect_params: { }
            # encryption_algorithm: null # Optional: Encryption algorith, i.e. RS256
            # encryption_key_path: null # Optional: Encryption key path, i.e. ../key.pem
            # encryption_key: null # Optional: Encryption key, i.e. contents of key or certificate
            # version: '20.0.1' # Optional: The keycloak version to run against
            # use_state: false # whether to check OAuth2 "state": defaults to true

Then when you wants to automatically add a bearer token to your Guzzle client request, simply use the knpu_oauth2 plugin configuration into config/packages/eight_points_guzzle.yaml. Here is an example that use the my_keycloak_client KnpUOAuth2 client:

eight_points_guzzle:
    clients:
        my_guzzle_client:
            base_url: '%env(string:MY_GUZZLE_CLIENT_ENV_BASE_URL)%'
            options:
                auth: knpu_oauth2
            plugin:
                knpu_oauth2:
                    client: my_keycloak_client

If you wants to store your bearer token, you can use the persistent option to true. By default this bundle use the cache.app service to store the bearer token, but you can change this with the cache_service_id option. Here is an example that store your bearer token using a custom Symfony\Component\Cache\Adapter\RedisAdapter service.

config/services.yaml:

services:
    app.redis_provider:
        class: \Redis
        factory: ['Symfony\Component\Cache\Adapter\RedisAdapter', 'createConnection']
        arguments:
            - 'redis://%env(resolve:REDIS_HOST)%'

    app.cache.adapter.redis.keycloak:
        parent: 'cache.adapter.redis'
        tags:
            - { name: 'cache.pool', namespace: 'KEYCLOAK' }

config/packages/cache.yaml:

framework:
    cache:
        pools:
            app.keycloak.cache:
                default_lifetime: 600 # Ten minutes
                adapter: app.cache.adapter.redis.keycloak
                provider: app.redis_provider

config/packages/eight_points_guzzle.yaml:

eight_points_guzzle:
    clients:
        my_guzzle_client:
            base_url: '%env(string:MY_GUZZLE_CLIENT_ENV_BASE_URL)%'
            options:
                auth: knpu_oauth2
            plugin:
                knpu_oauth2:
                    client: my_keycloak_client
                    persistent: true
                    cache_service_id: app.keycloak.cache