robsontenorio / laravel-keycloak-guard Goto Github PK
View Code? Open in Web Editor NEW🔑 Simple Keycloak Guard for Laravel
License: MIT License
🔑 Simple Keycloak Guard for Laravel
License: MIT License
Bom dia Robson, tudo bem ?
Estou precisando integrar o Lumen com o keycloak em uma API, você teria alguma documentação ou projeto de teste com esse pacote implementado ? Estou tendo dificuldades de entender como funciona o pacote criado por ti ou um da Vizir.
Hi @robsontenorio ,
I am using your package and i reviewed all my keycloak settings and still getting the error "[Keycloak Guard] Signature verification failed".
Sometimes i see different implementations about to build a private or public cert key. A lot of people use "----- BEGIN PUBLIC KEY --- " and other people use "----- BEGIN CERTIFICATE -----". I really dont know what is the correct way but i tried both and didnt work the auth.
Can you teach me how extract the public and private key from my keycloak, maybe i using the wrong key pair?
Thanks
If the allowed_resources is not present in the JWT, it produce this error:
KeycloakGuard\Exceptions\ResourceAccessNotAllowedException: [Keycloak Guard] The decoded JWT token has not a valid
resource_access allowed by API. Allowed resources by API: in file /var/www/html/vendor/robsontenorio/laravel-keycloak-guard/src/KeycloakGuard.php on line 169
It can be really usefull if you want to manage your roles in the app and be more flexible to change the auth keycloak realm for example.
Also, some keycloak realm that you need to be authenticated don't give this param and it's a problem for the package.
I am planning to create a custom guard in my laravel backend code, based on your llb, but adding the control of the token via userInfo endpoint. Would you like to add this feature?
Hello I have a problem with laravel-keycloak-guard.
Everything seems to be going smoothly, but when I try to access user data via \ Auth :: user () it returns an empty user object.
I would like to know that if my KEYCLOAK_LOAD_USER_FROM_DATABASE variable is set to false, the user object is not loaded with the user data contained in the sent token?
Here we can see that a new version is available:
https://github.com/firebase/php-jwt
Keep following updates of dependencies is important, that's why I iopened this issue.
All KeycloakGuard's properites and methods are private. When we want to overwrite the class to add some additional logic it makes it more complicated. The question is if private is by design or can we change the props to be protected.
We will be happy to provide a PR with the changes if you accept it.
Thanks for the grat package!
I've successfully obtained an access token as follow:
eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJSNnpnSXF6dHp4aVlVY25aR2JmOHBfLU5jams1VmhqNGprUzNndXdCb0pJIn0.eyJleHAiOjE2MjAyNTEyMTUsImlhdCI6MTYxNzY1OTIxNSwiYXV0aF90aW1lIjoxNjE3NjU3NDcwLCJqdGkiOiJiMDVjY2NjMi03N2RjLTQ3NmEtOGY2NS1jZDA1ZTc3OWFkOTUiLCJpc3MiOiJodHRwOi8vZGV2LnNoYW5iZS5pbzo4MDgwL2F1dGgvcmVhbG1zL3NoYW5iZSIsImF1ZCI6ImFjY291bnQiLCJzdWIiOiJkNTVkNzZhYS0wODY3LTQwZGUtYTVmNS00NTU4MWMyODhkNTIiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJzaGFuYmUtYXBwIiwic2Vzc2lvbl9zdGF0ZSI6ImVlOWU4YzM3LWRlYmEtNDU5YS05OThiLWNhOWQ1OGRlMTZkZSIsImFjciI6IjEiLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sInNjb3BlIjoib3BlbmlkIHByb2ZpbGUgb2ZmbGluZV9hY2Nlc3MgZW1haWwiLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwibmFtZSI6Ik1laHJkYWQgU2hva3JpIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiY29kZS5wb2V0OTVAZ21haWwuY29tIiwiZ2l2ZW5fbmFtZSI6Ik1laHJkYWQiLCJmYW1pbHlfbmFtZSI6IlNob2tyaSIsImVtYWlsIjoiY29kZS5wb2V0OTVAZ21
apparently firebase/jwt checks for .
to segment token and this token has 1 . so 2 segments is generated(it should be 3)
Does keycloak has a special config to generate 3 segments? as far as I know this is an open id connect access token And I don't have any idea why it doesn't have 2 dots in it.
Hi!
Can you share to me how you use laravel socialite in getting token from keycloak server?
Thank you :)
Hello my friends.
laravel-keycloak does not connect to keycloak to verify token. OK? The firebase lib is used to check the veracity of the token, am I correct? How should my User table look, should I include the username field? I'm generating a token with insomnia and trying to consume a protected endpoint, so I get the following error:
[Keycloak Guard] Signature verification failed
Are there any usage examples?
Thanks.
Hi, I am using Laravel 8.37.0 and Vuejs. I have installed and configured this package as per the instruction given in the read-me file. But I am getting following error message while calling from postman. Kindly check and help me to resolve this issue.
"message": "[Keycloak Guard] Signature verification failed",
"exception": "KeycloakGuard\Exceptions\TokenException",
"file": "/opt/lampp/htdocs/archive/officer-hwn-web-robsontenorio/vendor/robsontenorio/laravel-keycloak-guard/src/KeycloakGuard.php",
"line": 41,
In my auth.php I have
'defaults' => [
'guard' => 'api',
'passwords' => 'users',
],
'guards' => [
'api' => [
'driver' => 'keycloak',
'provider' => 'users',
// 'hash' => false,
],
],
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\Models\User::class,
],
In my config/keycloak.php i have
return [
'realm_public_key' => env('KEYCLOAK_REALM_PUBLIC_KEY', "MII####"),
'load_user_from_database' => env('KEYCLOAK_LOAD_USER_FROM_DATABASE', true),
'user_provider_credential' => env('KEYCLOAK_USER_PROVIDER_CREDENTIAL', 'email'),
'token_principal_attribute' => env('KEYCLOAK_TOKEN_PRINCIPAL_ATTRIBUTE', 'username'),
'append_decoded_token' => env('KEYCLOAK_APPEND_DECODED_TOKEN', false),
'allowed_resources' => env('KEYCLOAK_ALLOWED_RESOURCES', null)
];
In Postman Request
Method : Get
URL : 127.0.0.1:8000/api/v1/protected-endpoint
Authorization :
Type :Bearer_token , Token {{access_token}}
Body :
username : "###user@###corp.com"
password : test1
grant_type:password
Hello, I am experiencing problems with the validation of the signature in laravel ^ 8.54, it does not validate the signature, I debugged the library and it gives an error in the openssl_verify of the JWT.php class line 264, the parameters of the token, signature, key , The algorithm is correct, you can see that they arrive, but when validating the signature, it throws an error.
KeycloakGuard\Exceptions\TokenException: [Keycloak Guard] Signature verification failed in file
vendor/robsontenorio/laravel-keycloak-guard/src/KeycloakGuard.php on line 44
Hello, I am using the latest version of keycloak (4.3.0.Final) which encourages ClientID & Secret with a URL redirect.
I do not see where I would configure this into your application?
The use of a Realm Public Key is not encouraged as our IT security policy calls for periodic rotation of Realm Key Pairs. It would be much better to configure my Laravel Application on a per-client, rather than per-realm basis. Are you looking to implement this into this code?
What am I missing?
If I create a custom request in my API like CustomerRequest
and put in a required|string|max:50
. Auth redirects directly to login page if it returns false. Especally in API this is not very usefull. Does anybody know, how to get ErrorHandling ?
I want keyclock for authentication process for web in Laravel. is this package suitable for that?
Thanks for this great solution! It works realy nice. Just have one problem. I tried:
Auth::hasRole('SuperUser') => true
and also insert use Illuminate\Contracts\Auth\Guard;
But it returned me a syntax error (unexpected '=>' (T_DOUBLE_ARROW).
I am also using realm roles. Is Auth::hasRole checking this, too?
hi, I want to authenticate users between multiple micro services.. and each micro service will have an authentication..
I found your package.. and it seems work for me.. but the problem is I don't know how to tell keycloak to use the users of keycloak panel for authentication.. not to lookup in laravel users table, because there is no users table in my services.
please help me with my issue.. or if you have any suggestion to help me find my solution that be great
thank you
Hi,
is it possible to add an Exception Handler?
I would prefer a 4xx Http Status Code with a message instead of a 500 Server error in some cases.
For example the ResourceAccessNotAllowedException
=> 403 - You do not have the resource access
Best regards
thoss
I am able to get the default methods response in controller files. But when I try to call the same methods in blade files like below
<body>
Welcome {{Auth::user()}}
</body>
Getting empty response in the view. Please help me where I am going wrong?
Hello,
I am testing your laravel module for keycloak.
I followed the instructions mentioned in the readme. But I have error messages that appear :
In your module, should we set the keycloack database: ie, should we tell your module that it must connect to the keycloak database? If yes, how ?
Can you help me ?
Regards,
Christophe
I'd like to avoid the resource_access control, because i would like to manage directly from my backend, i connot find any solution around if not delete directly the control in the Guard.
It would be great have a configuration at Keycloak.init(), but i cannot find it.
Any solutions?
Hi Robson,
Thank you for this package, it's very helpful.
I found an issue that the user token is valid but the default function like Auth::user(), Auth::id() ... are not working, because the user attribute is null.
I resolved it by adding this line after authentication :
$this->user = $this->provider->retrieveByCredentials([$this->config['user_provider_credential'] => $this->decodedToken->{$this->config['user_provider_credential']}]);
Configuration and user providers are not published.
php artisan vendor:publish --provider="KeycloakGuard\KeycloakGuardServiceProvider"
"Nothing to publish for tag []."
Hi and first of all a praise for the development, but unfortunately I have a problem with authentication.
My steps:
php artisan make:auth
composer require robsontenorio/laravel-keycloak-guard
php artisan vendor:publish --provider="KeycloakGuard\KeycloakGuardServiceProvider"
config/auth.php
like the documentationKEYCLOAK_REALM_PUBLIC_KEY="************************************" KEYCLOAK_LOAD_USER_FROM_DATABASE= KEYCLOAK_USER_PROVIDER_CREDENTIAL="email" KEYCLOAK_TOKEN_PRINCIPAL_ATTRIBUTE= KEYCLOAK_APPEND_DECODED_TOKEN= KEYCLOAK_ALLOWED_RESOURCES="https://***/auth"
Route::group(['middleware' => 'auth:api'], function () {
Route::resource('blog', 'Api\BlogController');
});
each time if i call the url /api/blog i was redirect to the /login.. then if i want to authenticate, i get this error:
Call to undefined method KeycloakGuard\KeycloakGuard::attempt()
Am I doing something wrong?
Hi,
On my production server, I have this error even on public endpoints :
Argument 2 passed to KeycloakGuard\Token::decode() must be of the type string, null given, called in robsontenorio/laravel-keycloak-guard/src/KeycloakGuard.php on line 39
#0 robsontenorio/laravel-keycloak-guard/src/KeycloakGuard.php(39): KeycloakGuard\Token::decode(NULL, NULL)
#1 robsontenorio/laravel-keycloak-guard/src/KeycloakGuard.php(27): KeycloakGuard\KeycloakGuard->authenticate()
#2 robsontenorio/laravel-keycloak-guard/src/KeycloakGuardServiceProvider.php(21): KeycloakGuard\KeycloakGuard->__construct(Object(Illuminate\Auth\EloquentUserProvider), Object(Illuminate\Http\Request))
#3 Illuminate/Auth/AuthManager.php(111): KeycloakGuard\KeycloakGuardServiceProvider->KeycloakGuard\{closure}(Object(Illuminate\Foundation\Application), 'api', Array)
#4 Illuminate/Auth/AuthManager.php(88): Illuminate\Auth\AuthManager->callCustomCreator('api', Array)
#5 Illuminate/Auth/AuthManager.php(68): Illuminate\Auth\AuthManager->resolve('api')
#6 Illuminate/Auth/AuthManager.php(54): Illuminate\Auth\AuthManager->guard('api')
I don't have this problem on dev (local).
Thanks for your help.
Charlie
I'm trying to implement a similar setup to the example. My frontend authenticates with KeyCloak and I make a test request to the backend. My test request is GET /api/v1/bla
and has a header Authorization: Bearer eyJhbG...
. When I refresh my browser, my frontend identifies the KC session as active and working. My user is identified via email in Laravel and in the KC.
My test route:
Route::group(['middleware' => 'auth:api'], function () {
Route::get('bla', function () {
Log::debug("boo");
return JsonResponse::create(["T" => 23], 200);
});
});
So, the 1st time I call bla, it timeouts after ~3.1 minutes. Then the 2nd time it works (wtf) and then the 3rd time it responds with {"code":500,"message":"[Keycloak Guard] Expired token"}
.
Could it be that I have configured something somewhere incorrectly? I don't know where to look or where to start, I'm completely lost. I want to handle all authorization myself in the Laravel app, I just want to authenticate the user with KC and map them to a Laravel user.
I send an request:
GET /www/seas-siscof-servicos/public/api/grupos HTTP/1.1 Accept: / Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI5XzFQTUhXVW9qdlptQWIxNzhMVFkyU1N0U211RHM0eWkwbEJtNldMQTJBIn0.eyJleHAiOjE2MjYyMDM4NzAsImlhdCI6MTYyNjIwMzU3MCwiYXV0aF90aW1lIjoxNjI2MjAzNTY4LCJqdGkiOiJlYThhMWMyMC1jMTczLTQxYjItOTEzMS00MmI4MzgxNTExNzEiLCJpc3MiOiJodHRwczovL2lkbS1ob21vbG9nYWNhby5wcm9kYW0uYW0uZ292LmJyL2F1dGgvcmVhbG1zL3Npc2NvZiIsImF1ZCI6ImFjY291bnQiLCJzdWIiOiJkYjM4YTIxZi1hOWE1LTQ2OTktYjIzYi0xY2RkMGRlM2NiYjgiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJzaXNjb2Ytd2ViIiwibm9uY2UiOiI5MWJhMTlkMi1jNjIxLTQxMjItOWE0Ni1iMWZjMjcyNTg1ZWQiLCJzZXNzaW9uX3N0YXRlIjoiYzBlYzVhZjMtOGE4ZC00NGFlLTkzZmYtZTRhNmJiYTM4YTBjIiwiYWNyIjoiMSIsImFsbG93ZWQtb3JpZ2lucyI6WyIqIl0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJvcGVuaWQgZW1haWwgcHJvZmlsZSIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwibmFtZSI6IkNvcmludGhvIEZlcm5hbmRlcyIsInByZWZlcnJlZF91c2VybmFtZSI6IjczMjk0Nzk5MjY4IiwiZ2l2ZW5fbmFtZSI6IkNvcmludGhvIiwibG9jYWxlIjoicHQtQlIiLCJmYW1pbHlfbmFtZSI6IkZlcm5hbmRlcyIsImVtYWlsIjoiY29yaW50aG9AcHJvZGFtLmFtLmdvdi5iciJ9.HXlPrfrQPXsdLfBmeERZ62v4LFeSsROGaE1-fvhMemiXV6lQZo-62ldGQekQZGzH2_lJzZH5KR95kbifSxkGhX1eHD-x0Yh_Da4S0HWISR4hAh69CbB5HXKTwPzcMRz8ngvqMOItOBEfKdRtIfPsbqypNYhrWM-m84h6IGJWki5amIIWcmWC_vii2jUaLWYO1qygHLcIq3SIeh9yBRRWQzT1XUyGyaoBNwQIY6zUj0JTTSPLMOP_52_5q-y-2WT_7v7Os9Tg1AzXHssEbef-D3IJJtzgbl3vGgWqJAPy4dhKeT4SOSIK4DsUiUBKaOO2kFQOWzE6iOUWRaFj3fBTBg Host: localhost User-Agent: insomnia/2021.4.1
But, always get an "Unauthorized" return
I'm using Lumen 8.0
When I make a request to a route guarded by the keycloak
middleware with an invalid bearer token, such as with an expired token or invalid resource_access
, the response status code is set to 500. I'd expect this to be a 401 instead since the problem is related to being unauthorized, not an internal error. I think this behavior may lead to confusion, especially when Laravel's APP_DEBUG
is disabled in production environments. In that case only the following is returned:
Status: 500 Internal Server Error
{
"message": "Server Error"
}
I did some experimenting and if the KeycloakGuardException
extends from Illuminate\Auth\AuthenticationException
instead of \UnexpectedValueException
, a 401 will be returned.
Is this normal behavior or is there some configuration I'm missing? I apologize if I'm missing something obvious, I'm new to Laravel. Any help would be greatly appreciated!
Hi
I got the error message of
KeycloakGuard\Exceptions\TokenException
[Keycloak Guard] Cannot handle token prior to 2020-12-02T01:54:16+0000
when try to verify the access_token.
My route is
Route::group(['middleware' => 'auth:api'], function () {
Route::get('/protected', function () {
return Auth::token();
});
});
The route did returns full decoded JWT token from authenticated user only after several seconds after the token was generated.
I am not sure whether I need to clean cache or do something to make it work.
The error displayed on vendor/robsontenorio/laravel-keycloak-guard/src/KeycloakGuard.php: Line 41
try {
$this->decodedToken = Token::decode($this->request->bearerToken(), $this->config['realm_public_key']);
} catch (\Exception $e) {
throw new TokenException($e->getMessage());
}
Is the package supports the latest keycloak server?
where do we put the server details for keycloak authentication?
Hi, I could not find if this issue has been discussed before.
Currently this project only supports sending the access token via authorization header (bearer token). I have a use case where we also need to support sending the access token via query param / form input.
Possibly a method like what is used in the Laravel TokenGuard would be the answer.
Hi,
when I try to retrieve some resources from my api laravel application , I have the following error :
"message": "[Keycloak Guard] Algorithm not allowed",
"exception": "KeycloakGuard\Exceptions\TokenException",
"file": "C:\*******\keycloak-laravel\vendor\robsontenorio\laravel-keycloak-guard\src\KeycloakGuard.php",
"line": 41,
Do you have any idea about this ?
Thanks for you answer.
Charlie
If I store some information about users in Laravel App Database (Users table)
So I have same users in DB:
KEYCLOAK_LOAD_USER_FROM_DATABASE = true
How can I organize registration flow with your package to store users in both databases?
I get below error when make a reguest to my APi
KeycloakGuard\Exceptions\ResourceAccessNotAllowedException: [Keycloak Guard] The decoded JWT token has not a valid resource_access
allowed by API. Allowed resources by API: in file C:\xampp\htdocs\psyphy\psyphy\lead_service\vendor\robsontenorio\laravel-keycloak-guard\src\KeycloakGuard.php on line 164
Hello ,
I'm getting this error while trying to connect to my small application.
What did I do wrong ?
Here is my project : https://github.com/Jenkiiz/test_guard.git
Thank you !
I tried out your implementation and I am having some trouble.
Symfony\Component\Routing\Exception\RouteNotFoundException
Route [login] not defined.
http://localhost:8000/api/protected-endpoint
latest laravel
I have made default as requested (for API) and using firecamp for testing. I wonder what I am doing wrong.
What is the expected behaviour to reach a site which is protected and not authenticated? Do you have a sample implementation at hand which I can look at?
I would be using laravel as an API server only and use reactjs as UI, but after a few days research I might move away from laravel (not that openidconnect client friendly by default). You are my last hope:) PHP can natively run on hosting servers hence my choice instead of an expressjs or some other which requires at least a docker/kubernetes/etc
I hope you can answer fast though my project is private so non-commercial.
Im getting this error message after trying to access an url with access_token bearer. I did setup the required parameter .env
What did I do wrong ?
I get an error Call to undefined method KeycloakGuard\KeycloakGuard::attempt(). I'm using Laravel 8 and I've followed the steps according to in README.md.
Can anyone help me ? :'(
Hello,
In your Requirements, it is mentioned the following thing:
I do not have a "users" table : except that of keycloak.
In addition, my database is under postgresql: is there a specific configuration to set up for this connection to the table users laravel with this (your) module ?
Regards,
Christophe
[2021-12-11 23:20:18] development.ERROR: 'Call to undefined method KeycloakGuard\KeycloakGuard::attempt()' - File: '/var/www/html/vendor/laravel/framework/src/Illuminate/Auth/AuthManager.php' - Method: 'login' at line: 336
I followed the document. All the env vars are fine as well. Can someone help me out?
Hello, Currently I am using package laravel-keycloak-web-gaurd with front-end, and it's working fine.
Now can I use this api gaurd along with web gaurd.
When I tried it with sending token: getting resource_access exception.
How should I configure this ??
I've installed the laravel-keycloak-guard like instructed, but I am getting the error.
Do I need to do something that is not documented to make this work?
API works well without keycloak-guard
Thanks in advance.
my configuration:
"php": "^7.1.3",
"fideloper/proxy": "^4.0",
"laravel/framework": "5.8.*",
"laravel/tinker": "^1.0",
"robsontenorio/laravel-keycloak-guard": "^1.3"
error stack trace.
InvalidArgumentException thrown with message "Route [login] not defined."
Stacktrace:
#35 InvalidArgumentException in /home/ostri/sites/l2/vendor/laravel/framework/src/Illuminate/Routing/UrlGenerator.php:388
#34 Illuminate\Routing\UrlGenerator:route in /home/ostri/sites/l2/vendor/laravel/framework/src/Illuminate/Foundation/helpers.php:782
#33 route in /home/ostri/sites/l2/app/Http/Middleware/Authenticate.php:18
#32 App\Http\Middleware\Authenticate:redirectTo in /home/ostri/sites/l2/vendor/laravel/framework/src/Illuminate/Auth/Middleware/Authenticate.php:68
#31 Illuminate\Auth\Middleware\Authenticate:authenticate in /home/ostri/sites/l2/vendor/laravel/framework/src/Illuminate/Auth/Middleware/Authenticate.php:41
#30 Illuminate\Auth\Middleware\Authenticate:handle in /home/ostri/sites/l2/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:163
#29 Illuminate\Pipeline\Pipeline:Illuminate\Pipeline{closure} in /home/ostri/sites/l2/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53
#28 Illuminate\Routing\Pipeline:Illuminate\Routing{closure} in /home/ostri/sites/l2/vendor/laravel/framework/src/Illuminate/Routing/Middleware/ThrottleRequests.php:58
#27 Illuminate\Routing\Middleware\ThrottleRequests:handle in /home/ostri/sites/l2/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:163
#26 Illuminate\Pipeline\Pipeline:Illuminate\Pipeline{closure} in /home/ostri/sites/l2/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53
#25 Illuminate\Routing\Pipeline:Illuminate\Routing{closure} in /home/ostri/sites/l2/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:104
#24 Illuminate\Pipeline\Pipeline:then in /home/ostri/sites/l2/vendor/laravel/framework/src/Illuminate/Routing/Router.php:682
#23 Illuminate\Routing\Router:runRouteWithinStack in /home/ostri/sites/l2/vendor/laravel/framework/src/Illuminate/Routing/Router.php:657
#22 Illuminate\Routing\Router:runRoute in /home/ostri/sites/l2/vendor/laravel/framework/src/Illuminate/Routing/Router.php:623
#21 Illuminate\Routing\Router:dispatchToRoute in /home/ostri/sites/l2/vendor/laravel/framework/src/Illuminate/Routing/Router.php:612
#20 Illuminate\Routing\Router:dispatch in /home/ostri/sites/l2/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php:176
#19 Illuminate\Foundation\Http\Kernel:Illuminate\Foundation\Http{closure} in /home/ostri/sites/l2/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:30
#18 Illuminate\Routing\Pipeline:Illuminate\Routing{closure} in /home/ostri/sites/l2/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php:21
#17 Illuminate\Foundation\Http\Middleware\TransformsRequest:handle in /home/ostri/sites/l2/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:163
#16 Illuminate\Pipeline\Pipeline:Illuminate\Pipeline{closure} in /home/ostri/sites/l2/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53
#15 Illuminate\Routing\Pipeline:Illuminate\Routing{closure} in /home/ostri/sites/l2/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php:21
#14 Illuminate\Foundation\Http\Middleware\TransformsRequest:handle in /home/ostri/sites/l2/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:163
#13 Illuminate\Pipeline\Pipeline:Illuminate\Pipeline{closure} in /home/ostri/sites/l2/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53
#12 Illuminate\Routing\Pipeline:Illuminate\Routing{closure} in /home/ostri/sites/l2/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php:27
#11 Illuminate\Foundation\Http\Middleware\ValidatePostSize:handle in /home/ostri/sites/l2/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:163
#10 Illuminate\Pipeline\Pipeline:Illuminate\Pipeline{closure} in /home/ostri/sites/l2/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53
#9 Illuminate\Routing\Pipeline:Illuminate\Routing{closure} in /home/ostri/sites/l2/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/CheckForMaintenanceMode.php:62
#8 Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode:handle in /home/ostri/sites/l2/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:163
#7 Illuminate\Pipeline\Pipeline:Illuminate\Pipeline{closure} in /home/ostri/sites/l2/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53
#6 Illuminate\Routing\Pipeline:Illuminate\Routing{closure} in /home/ostri/sites/l2/vendor/fideloper/proxy/src/TrustProxies.php:57
#5 Fideloper\Proxy\TrustProxies:handle in /home/ostri/sites/l2/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:163
#4 Illuminate\Pipeline\Pipeline:Illuminate\Pipeline{closure} in /home/ostri/sites/l2/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53
#3 Illuminate\Routing\Pipeline:Illuminate\Routing{closure} in /home/ostri/sites/l2/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:104
#2 Illuminate\Pipeline\Pipeline:then in /home/ostri/sites/l2/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php:151
#1 Illuminate\Foundation\Http\Kernel:sendRequestThroughRouter in /home/ostri/sites/l2/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php:116
#0 Illuminate\Foundation\Http\Kernel:handle in /home/ostri/sites/l2/public/index.php:55
Hi, i have a trouble with Token Expired Exception. the vendor/robsontenorio/laravel-keycloak-guard/src/KeycloakGuard.php
call a $this-autenticate() on class construction, and if a token was expired launch a catch block on line 41 casting a new TokenException($e->getMessage());
The problem are on my middleware for autenticate. He not catch a any exception of expired token, this cause a problem can not be a json response, returning a 500 status and laravel html message instead of json
Hello,
It looks like your package is going to work great for my needs, but I'm really confused by how the resource_access
check is supposed to work. Please note that I'm very new to keycloak and this terminology, but I'll do my best to describe my issue.
In Keycloak I created a client test-app-js
and have added the client roles "user", "manager", and "superuser".
I've set up a mapper to add the users client roles to the token. The default Token Claim Name for the mapper is resource_access.${client_id}.roles
. When I inspect the token, I can see the role is getting added in this format:
Initially I was trying to set the allowed_resources
to my roles, like "allowed_resources" => "user,manager,superuser"
, but I always get the error:
The decoded JWT token has not a valid
resource_access
allowed by API.
After some digging I found this is the part of the code that checks the resource access:
laravel-keycloak-guard/src/KeycloakGuard.php
Lines 160 to 168 in 310d628
The line that confuses me is:
$token_resource_access = array_keys((array)($this->decodedToken->resource_access ?? []));
So my question is: is the intention with allowed_resources
to restrict clients? Because the only way I've been able to get it to work is to set "allowed_resources" => "test-app-js"
(my client name), which works because that is the key of the first array inside resource_access
. I guess I was just confused if this was the intended functionality, or if I'm doing something wrong.
Thanks!
When I disable KEYCLOAK_LOAD_USER_FROM_DATABASE, this error will appear:
Error: Call to undefined method Illuminate\Auth\DatabaseUserProvider::getModel()
I want to load the user from keycloak first, because I'm not sure if it exists in the DB.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.