happyr / auth0-bundle

Symfony与Auth0集成

维护者

详细信息

github.com/Happyr/auth0-bundle

源代码

问题

资助包维护!
Nyholm

安装次数: 19,444

依赖项: 0

建议者: 0

安全性: 0

星标: 17

关注者: 2

分支: 9

开放问题: 5

类型:symfony-bundle

0.8.1 2021-09-25 01:38 UTC

Requires

Requires (Dev)

MIT 14ba11a1a6d366db25ec4f502bc9c0d02ccc6cec

  • Tobias Nyholm <tobias.nyholm.woop@gmail.com>

This package is auto-updated.

Last update: 2024-08-25 08:01:38 UTC

README

Latest Version Software License Total Downloads

将Symfony 5.2的新认证系统与Auth0集成。

安装

使用Composer安装

composer require happyr/auth0-bundle

在bundles.php中启用此包

return [
    // ...
    Happyr\Auth0Bundle\HappyrAuth0Bundle::class => ['all' => true],
];

添加您的凭据和基本设置。

// config/packages/happyr_auth0.yaml
happyr_auth0:
    # In the sdk node, you can provide every settings provided by the auth0/auth0-PHP library
    # (https://github.com/auth0/auth0-PHP#configuration-options).
    # Only the "configuration" argument is not authorized.
    # For every parameter that reference an object, you must provide a service name.
    sdk:
        domain: '%env(AUTH0_DOMAIN)%'
        clientId: '%env(AUTH0_CLIENT_ID)%'
        clientSecret: '%env(AUTH0_SECRET)%'
        tokenCache: 'cache.app' # will reference the @cache.app service automatically
        managementTokenCache: 'cache.app'
        cookieSecret: '%kernel.secret%' # To encrypt cookie values
        scope:
          - openid # "openid" is required.
          - profile
          - email

现在您已启动并运行,可以使用服务Auth0\SDK\Auth0Auth0\SDK\API\AuthenticationAuth0\SDK\API\ManagementAuth0\SDK\Configuration\SdkConfiguration

如果您想与认证系统集成,可能需要进行更多配置。

认证

首先告诉Symfony我们使用哪个入口点,并将auth0.authenticator添加为“自定义认证器”。这将使Symfony了解Auth0Bundle及其使用方法。

// config/packages/security.yml
security:
    enable_authenticator_manager: true # Use the new authentication system

    # Example user provider
    providers:
        users:
            entity:
                class: 'App\Entity\User'
                property: 'auth0Id'

    firewalls:
        default:
            pattern:  ^/.*

            # Specify the entrypoint
            entry_point: auth0.entry_point

            # Add custom authenticator
            custom_authenticators:
                - auth0.authenticator

            # Example logout path
            logout:
                path: default_logout
                target: _user_logout
                invalidate_session: true

接下来我们需要配置包的行为。

// config/packages/happyr_auth0.yaml
happyr_auth0:
    # ...

    firewall:
        # If a request comes into route default_login_check, we will intercept
        # it and redirect the user to auth0.
        check_route: default_login_check

        # The path or route where to redirect users on failure
        failure_path: default_logout

        # The default path or route to redirect users after login
        default_target_path: user_dashboard

failure_pathdefault_target_path将使用Symfony\Component\Security\Http\Authentication\DefaultAuthenticationFailureHandlerSymfony\Component\Security\Http\Authentication\DefaultAuthenticationSuccessHandler来处理重定向。

您可以通过指定服务ID使用自己的处理程序

// config/packages/happyr_auth0.yaml
happyr_auth0:
   # ...

   firewall:
       # If a request comes into route default_login_check, we will intercept
       # it and redirect the user to auth0.
       check_route: default_login_check

       failure_handler: App\Security\AuthenticationHandler\MyFailureHandler
       success_handler: App\Security\AuthenticationHandler\MySuccessHandler

自定义用户提供者

如果您想使用一个自定义UserProvider,该提供者可以获取比Auth0 ID更多的用户数据,那么您可以创建一个实现Happyr\Auth0Bundle\Security\Auth0UserProviderInterface的服务。

然后配置包以使用该服务

// config/packages/happyr_auth0.yaml
happyr_auth0:
    # ...

    firewall:
        # ..
        user_provider: App\UserProvider\Auth0UserProvider

故障排除

确保您已启用csrf_protection。

framework:
    csrf_protection:
        enabled: true

示例配置

下面是一个示例配置。我们使用Psr6Store将所有数据存储在Redis中,并将会话密钥存储在cookies中。我们还定义在测试时使用MemoryStore

happyr_auth0:
    sdk:
        domain: '%env(AUTH0_DOMAIN)%'
        clientId: '%env(AUTH0_CLIENT_ID)%'
        clientSecret: '%env(AUTH0_SECRET)%'
        # Use custom domain for universal login
        customDomain: '%env(AUTH0_LOGIN_DOMAIN)%'
        cookieSecret: '%kernel.secret%'
        tokenCache: 'cache.redis'
        managementTokenCache: 'cache.redis'
        transientStorage: 'auth0.storage.transient'
        sessionStorage: 'auth0.storage.session'
        scope:
            - openid # "openid" is required.
            - profile
            - email
    firewall:
        check_route: default_login_check
        failure_path: default_logout
        default_target_path: startpage

services:
    # Create a new SdkConfiguration service to be able to create
    # auth0.storage.cookie_* services without circular references

    auth0.sdk_cookie_config:
        class: Auth0\SDK\Configuration\SdkConfiguration
        arguments:
            - domain: '%env(AUTH0_DOMAIN)%'
              clientId: '%env(AUTH0_CLIENT_ID)%'
              clientSecret: '%env(AUTH0_SECRET)%'
              customDomain: '%env(AUTH0_LOGIN_DOMAIN)%'
              cookieSecret: '%kernel.secret%'

    auth0.storage.cookie_transient:
        class: Auth0\SDK\Store\CookieStore
        factory: ['@auth0.sdk_cookie_config', 'getTransientStorage']

    auth0.storage.cookie_session:
        class: Auth0\SDK\Store\CookieStore
        factory: ['@auth0.sdk_cookie_config', 'getSessionStorage']

    auth0.storage.transient:
        class: Auth0\SDK\Store\Psr6Store
        arguments: ['@auth0.storage.cookie_transient', '@cache.redis']

    auth0.storage.session:
        class: Auth0\SDK\Store\Psr6Store
        arguments: ['@auth0.storage.cookie_session', '@cache.redis']

when@test:
    services:
        test.auth0.session_storage:
            class: Auth0\SDK\Store\MemoryStore

        test.auth0.transient_storage:
            class: Auth0\SDK\Store\MemoryStore

    happyr_auth0:
        sdk:
            transientStorage: test.auth0.transient_storage
            sessionStorage: test.auth0.session_storage