diff --git a/app/Auth/AuthServiceProvider.php b/app/Auth/AuthServiceProvider.php index 8f06190b..790c78c7 100644 --- a/app/Auth/AuthServiceProvider.php +++ b/app/Auth/AuthServiceProvider.php @@ -14,27 +14,14 @@ public function register(Application $app): void { $app[Auth0::class] = $app::share( function (Application $app) { + if ($app['config']['keycloak']['enable']) { + return new Auth0( + $this->getParams($app['config']['keycloak']) + ); + } + return new Auth0( - [ - 'domain' => $app['config']['auth0']['domain'], - 'client_id' => $app['config']['auth0']['client_id'], - 'client_secret' => $app['config']['auth0']['client_secret'], - 'redirect_uri' => $app['config']['auth0']['callback_url'], - 'scope' => implode( - ' ', - [ - 'openid', - 'email', - 'profile', - 'offline_access', - 'https://api.publiq.be/auth/uitpas_balie', - 'https://api.publiq.be/auth/uitpas_balie_insights', - ] - ), - 'audience' => 'https://api.publiq.be', - 'persist_id_token' => false, - 'id_token_leeway' => 30, - ] + $this->getParams($app['config']['auth0']) ); } ); @@ -53,4 +40,22 @@ public function boot(Application $app): void { } -} + + private function getParams(array $auth) : array + { + return [ + 'domain' => $auth['domain'], + 'clientId' => $auth['client_id'], + 'clientSecret' => $auth['client_secret'], + 'cookieSecret' => $auth['cookieSecret'], + 'redirectUri' => $auth['callback_url'], + 'scope' => [ + 'openid', + 'email', + 'profile', + 'offline_access', + ], + 'audience' => ['https://api.publiq.be'], + ]; + } +} \ No newline at end of file diff --git a/src/Auth/AuthController.php b/src/Auth/AuthController.php index 06de7153..ab97afc0 100644 --- a/src/Auth/AuthController.php +++ b/src/Auth/AuthController.php @@ -59,7 +59,7 @@ public function __construct( $this->redirectUrlAfterLogin = $redirectUrlAfterLogin; } - public function redirectToLoginService(Request $request): void + public function redirectToLoginService(Request $request): RedirectResponse { // Clear any persistent Auth0 data that lingers in some edge cases even if the user is considered to be logged // out by the Balie app. For example, when a user with only a v2 id logs in they get an error because they need @@ -79,12 +79,13 @@ public function redirectToLoginService(Request $request): void $this->session->set('auth_destination', $destination); } - // The Auth0 SDK sets a Location header and then exits, so we do not need to return a Response object. - $this->auth0->login(null, null, $this->loginParameters); + return new RedirectResponse($this->auth0->login(null, null, $this->loginParameters)); } public function storeTokenAndRedirectToFrontend(): RedirectResponse { + $this->auth0->exchange(); + $accessToken = $this->auth0->getAccessToken(); $uitIDv1Token = $this->uitIDv1TokenService->getV1TokenForAuth0AccessToken($accessToken); @@ -117,4 +118,4 @@ public function getToken(): JsonResponse return new JsonResponse(['token' => $accessToken]); } -} +} \ No newline at end of file