91 lines
2.9 KiB
PHP
91 lines
2.9 KiB
PHP
<?php
|
|
// auth_keycloak.php
|
|
|
|
class KeycloakAuth {
|
|
private $baseUrl;
|
|
private $realm;
|
|
private $clientId;
|
|
private $clientSecret;
|
|
private $redirectUri;
|
|
|
|
public function __construct() {
|
|
$this->baseUrl = rtrim(KEYCLOAK_BASE_URL, '/');
|
|
$this->realm = KEYCLOAK_REALM;
|
|
$this->clientId = KEYCLOAK_CLIENT_ID;
|
|
$this->clientSecret = KEYCLOAK_CLIENT_SECRET;
|
|
$this->redirectUri = KEYCLOAK_REDIRECT_URI;
|
|
}
|
|
|
|
public function getLoginUrl() {
|
|
$params = [
|
|
'client_id' => $this->clientId,
|
|
'redirect_uri' => $this->redirectUri,
|
|
'response_type' => 'code',
|
|
'scope' => 'openid email profile'
|
|
];
|
|
return $this->baseUrl . '/realms/' . $this->realm . '/protocol/openid-connect/auth?' . http_build_query($params);
|
|
}
|
|
|
|
public function getLogoutUrl() {
|
|
$params = [
|
|
'client_id' => $this->clientId,
|
|
'post_logout_redirect_uri' => $this->redirectUri
|
|
];
|
|
return $this->baseUrl . '/realms/' . $this->realm . '/protocol/openid-connect/logout?' . http_build_query($params);
|
|
}
|
|
|
|
public function getToken($code) {
|
|
$url = $this->baseUrl . '/realms/' . $this->realm . '/protocol/openid-connect/token';
|
|
$fields = [
|
|
'grant_type' => 'authorization_code',
|
|
'client_id' => $this->clientId,
|
|
'client_secret' => $this->clientSecret,
|
|
'code' => $code,
|
|
'redirect_uri' => $this->redirectUri
|
|
];
|
|
|
|
$ch = curl_init();
|
|
curl_setopt($ch, CURLOPT_URL, $url);
|
|
curl_setopt($ch, CURLOPT_POST, true);
|
|
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($fields));
|
|
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
|
|
|
|
$response = curl_exec($ch);
|
|
if ($response === false) {
|
|
error_log('Keycloak Token Error: ' . curl_error($ch));
|
|
curl_close($ch);
|
|
return null;
|
|
}
|
|
curl_close($ch);
|
|
|
|
return json_decode($response, true);
|
|
}
|
|
|
|
public function getUserInfo($accessToken) {
|
|
$url = $this->baseUrl . '/realms/' . $this->realm . '/protocol/openid-connect/userinfo';
|
|
|
|
$ch = curl_init();
|
|
curl_setopt($ch, CURLOPT_URL, $url);
|
|
curl_setopt($ch, CURLOPT_HTTPHEADER, [
|
|
'Authorization: Bearer ' . $accessToken
|
|
]);
|
|
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
|
|
|
|
$response = curl_exec($ch);
|
|
if ($response === false) {
|
|
error_log('Keycloak UserInfo Error: ' . curl_error($ch));
|
|
curl_close($ch);
|
|
return null;
|
|
}
|
|
curl_close($ch);
|
|
|
|
return json_decode($response, true);
|
|
}
|
|
|
|
public function verifyUser($email, $pdo) {
|
|
$stmt = $pdo->prepare("SELECT * FROM users WHERE email = :email");
|
|
$stmt->execute([':email' => $email]);
|
|
return $stmt->fetch(PDO::FETCH_ASSOC);
|
|
}
|
|
}
|