yey
This commit is contained in:
90
auth_keycloak.php
Normal file
90
auth_keycloak.php
Normal file
@@ -0,0 +1,90 @@
|
||||
<?php
|
||||
// auth_keycloak.php
|
||||
|
||||
class KeycloakAuth {
|
||||
private $baseUrl;
|
||||
private $realm;
|
||||
private $clientId;
|
||||
private $clientSecret;
|
||||
private $redirectUri;
|
||||
|
||||
public function __construct() {
|
||||
$this->baseUrl = rtrim(KEYCLOAK_BASE_URL, '/');
|
||||
$this->realm = KEYCLOAK_REALM;
|
||||
$this->clientId = KEYCLOAK_CLIENT_ID;
|
||||
$this->clientSecret = KEYCLOAK_CLIENT_SECRET;
|
||||
$this->redirectUri = KEYCLOAK_REDIRECT_URI;
|
||||
}
|
||||
|
||||
public function getLoginUrl() {
|
||||
$params = [
|
||||
'client_id' => $this->clientId,
|
||||
'redirect_uri' => $this->redirectUri,
|
||||
'response_type' => 'code',
|
||||
'scope' => 'openid email profile'
|
||||
];
|
||||
return $this->baseUrl . '/realms/' . $this->realm . '/protocol/openid-connect/auth?' . http_build_query($params);
|
||||
}
|
||||
|
||||
public function getLogoutUrl() {
|
||||
$params = [
|
||||
'client_id' => $this->clientId,
|
||||
'post_logout_redirect_uri' => $this->redirectUri
|
||||
];
|
||||
return $this->baseUrl . '/realms/' . $this->realm . '/protocol/openid-connect/logout?' . http_build_query($params);
|
||||
}
|
||||
|
||||
public function getToken($code) {
|
||||
$url = $this->baseUrl . '/realms/' . $this->realm . '/protocol/openid-connect/token';
|
||||
$fields = [
|
||||
'grant_type' => 'authorization_code',
|
||||
'client_id' => $this->clientId,
|
||||
'client_secret' => $this->clientSecret,
|
||||
'code' => $code,
|
||||
'redirect_uri' => $this->redirectUri
|
||||
];
|
||||
|
||||
$ch = curl_init();
|
||||
curl_setopt($ch, CURLOPT_URL, $url);
|
||||
curl_setopt($ch, CURLOPT_POST, true);
|
||||
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($fields));
|
||||
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
|
||||
|
||||
$response = curl_exec($ch);
|
||||
if ($response === false) {
|
||||
error_log('Keycloak Token Error: ' . curl_error($ch));
|
||||
curl_close($ch);
|
||||
return null;
|
||||
}
|
||||
curl_close($ch);
|
||||
|
||||
return json_decode($response, true);
|
||||
}
|
||||
|
||||
public function getUserInfo($accessToken) {
|
||||
$url = $this->baseUrl . '/realms/' . $this->realm . '/protocol/openid-connect/userinfo';
|
||||
|
||||
$ch = curl_init();
|
||||
curl_setopt($ch, CURLOPT_URL, $url);
|
||||
curl_setopt($ch, CURLOPT_HTTPHEADER, [
|
||||
'Authorization: Bearer ' . $accessToken
|
||||
]);
|
||||
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
|
||||
|
||||
$response = curl_exec($ch);
|
||||
if ($response === false) {
|
||||
error_log('Keycloak UserInfo Error: ' . curl_error($ch));
|
||||
curl_close($ch);
|
||||
return null;
|
||||
}
|
||||
curl_close($ch);
|
||||
|
||||
return json_decode($response, true);
|
||||
}
|
||||
|
||||
public function verifyUser($email, $pdo) {
|
||||
$stmt = $pdo->prepare("SELECT * FROM users WHERE email = :email");
|
||||
$stmt->execute([':email' => $email]);
|
||||
return $stmt->fetch(PDO::FETCH_ASSOC);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user