-
Notifications
You must be signed in to change notification settings - Fork 7
/
Keycloak.php
96 lines (83 loc) · 2.72 KB
/
Keycloak.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
<?php
namespace dokuwiki\plugin\oauthkeycloak;
use dokuwiki\plugin\oauth\Service\AbstractOAuth2Base;
use OAuth\Common\Http\Uri\Uri;
/**
* Custom Service for Keycloak oAuth
*/
class Keycloak extends AbstractOAuth2Base
{
/**
* Defined scopes are listed here:
* @link https://www.keycloak.org/docs/latest/server_admin/#_client_scopes
*/
const SCOPE_OPENID = 'openid';
/**
* Endpoints are listed here:
* @link https://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml#authorization-server-metadata
*/
const ENDPOINT_AUTH = 'authorization_endpoint';
const ENDPOINT_TOKEN = 'token_endpoint';
const ENDPOINT_USERINFO = 'userinfo_endpoint';
/**
* This endpoint is used for backchannel logout and documented here
* @link https://www.keycloak.org/docs/latest/server_admin/#con-basic-settings_server_administration_guide
*/
const ENDPOINT_LOGOUT = 'end_session_endpoint';
protected $discovery;
/**
* Return URI of discovered endpoint
*
* @return string
*/
public function getEndpoint(string $endpoint)
{
if (!isset($this->discovery)) {
$plugin = plugin_load('helper', 'oauthkeycloak');
$json = file_get_contents($plugin->getConf('openidurl'));
if (!$json) throw new \Exception('Failed accessing ' . $plugin->getConf('openidurl'));
$this->discovery = json_decode($json, true);
}
if (!isset($this->discovery[$endpoint])) return '';
return $this->discovery[$endpoint];
}
/** @inheritdoc */
public function getAuthorizationEndpoint()
{
return new Uri($this->getEndpoint(self::ENDPOINT_AUTH));
}
/** @inheritdoc */
public function getAccessTokenEndpoint()
{
return new Uri($this->getEndpoint(self::ENDPOINT_TOKEN));
}
/** @inheritdoc */
protected function getAuthorizationMethod()
{
return static::AUTHORIZATION_METHOD_HEADER_BEARER;
}
/**
* Logout from Keycloak
*
* @return void
* @throws \OAuth\Common\Exception\Exception
*/
public function logout()
{
$token = $this->getStorage()->retrieveAccessToken($this->service());
$refreshToken = $token->getRefreshToken();
if (!$refreshToken) {
return;
}
$parameters = [
'client_id' => $this->credentials->getConsumerId(),
'client_secret' => $this->credentials->getConsumerSecret(),
'refresh_token' => $refreshToken,
];
$this->httpClient->retrieveResponse(
new Uri($this->getEndpoint(self::ENDPOINT_LOGOUT)),
$parameters,
$this->getExtraOAuthHeaders()
);
}
}