keycloak added

cultuurnet · Jul 16, 2024 · 9407375 · 9407375
1 parent 1369553
commit 9407375
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 25 deletions.
diff --git a/app/Auth/AuthServiceProvider.php b/app/Auth/AuthServiceProvider.php
@@ -14,27 +14,14 @@ public function register(Application $app): void
     {
         $app[Auth0::class] = $app::share(
             function (Application $app) {
+                if ($app['config']['keycloak']['enable']) {
+                    return new Auth0(
+                        $this->getParams($app['config']['keycloak'])
+                    );
+                }
+
                 return new Auth0(
-                    [
-                        'domain' => $app['config']['auth0']['domain'],
-                        'client_id' => $app['config']['auth0']['client_id'],
-                        'client_secret' => $app['config']['auth0']['client_secret'],
-                        'redirect_uri' => $app['config']['auth0']['callback_url'],
-                        'scope' => implode(
-                            ' ',
-                            [
-                                'openid',
-                                'email',
-                                'profile',
-                                'offline_access',
-                                'https://api.publiq.be/auth/uitpas_balie',
-                                'https://api.publiq.be/auth/uitpas_balie_insights',
-                            ]
-                        ),
-                        'audience' => 'https://api.publiq.be',
-                        'persist_id_token' => false,
-                        'id_token_leeway' => 30,
-                    ]
+                    $this->getParams($app['config']['auth0'])
                 );
             }
         );
@@ -53,4 +40,22 @@ public function boot(Application $app): void
     {
 
     }
-}
+
+    private function getParams(array $auth) : array
+    {
+        return [
+            'domain' => $auth['domain'],
+            'clientId' => $auth['client_id'],
+            'clientSecret' => $auth['client_secret'],
+            'cookieSecret' => $auth['cookieSecret'],
+            'redirectUri' => $auth['callback_url'],
+            'scope' => [
+                'openid',
+                'email',
+                'profile',
+                'offline_access',
+            ],
+            'audience' => ['https://api.publiq.be'],
+        ];
+    }
+}
diff --git a/src/Auth/AuthController.php b/src/Auth/AuthController.php
@@ -59,7 +59,7 @@ public function __construct(
         $this->redirectUrlAfterLogin = $redirectUrlAfterLogin;
     }
 
-    public function redirectToLoginService(Request $request): void
+    public function redirectToLoginService(Request $request): RedirectResponse
     {
         // Clear any persistent Auth0 data that lingers in some edge cases even if the user is considered to be logged
         // out by the Balie app. For example, when a user with only a v2 id logs in they get an error because they need
@@ -79,12 +79,13 @@ public function redirectToLoginService(Request $request): void
             $this->session->set('auth_destination', $destination);
         }
 
-        // The Auth0 SDK sets a Location header and then exits, so we do not need to return a Response object.
-        $this->auth0->login(null, null, $this->loginParameters);
+        return new RedirectResponse($this->auth0->login(null, null, $this->loginParameters));
     }
 
     public function storeTokenAndRedirectToFrontend(): RedirectResponse
     {
+        $this->auth0->exchange();
+
         $accessToken = $this->auth0->getAccessToken();
         $uitIDv1Token = $this->uitIDv1TokenService->getV1TokenForAuth0AccessToken($accessToken);
 
@@ -117,4 +118,4 @@ public function getToken(): JsonResponse
 
         return new JsonResponse(['token' => $accessToken]);
     }
-}
+}