{"id":44487139,"url":"https://github.com/apacheborys/symfony-keycloak-bundle","last_synced_at":"2026-04-01T23:16:53.444Z","repository":{"id":335749487,"uuid":"1146851774","full_name":"apacheborys/symfony-keycloak-bundle","owner":"apacheborys","description":null,"archived":false,"fork":false,"pushed_at":"2026-03-22T09:49:21.000Z","size":45,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-03-23T00:45:35.931Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/apacheborys.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-01-31T19:32:40.000Z","updated_at":"2026-03-22T09:47:02.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/apacheborys/symfony-keycloak-bundle","commit_stats":null,"previous_names":["apacheborys/symfony-keycloak-bundle"],"tags_count":6,"template":false,"template_full_name":null,"purl":"pkg:github/apacheborys/symfony-keycloak-bundle","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apacheborys%2Fsymfony-keycloak-bundle","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apacheborys%2Fsymfony-keycloak-bundle/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apacheborys%2Fsymfony-keycloak-bundle/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apacheborys%2Fsymfony-keycloak-bundle/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/apacheborys","download_url":"https://codeload.github.com/apacheborys/symfony-keycloak-bundle/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apacheborys%2Fsymfony-keycloak-bundle/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31292866,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-01T21:15:39.731Z","status":"ssl_error","status_checked_at":"2026-04-01T21:15:34.046Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-02-13T02:07:52.823Z","updated_at":"2026-04-01T23:16:53.430Z","avatar_url":"https://github.com/apacheborys.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Symfony Keycloak Bridge Bundle\n\nThis bundle wires `apacheborys/keycloak-php-client` into Symfony and exposes its services via DI.\n\n## Install (local dev)\n\n```bash\ncomposer require apacheborys/symfony-keycloak-bundle\n```\n\n## Enable the bundle\n\n```php\n// config/bundles.php\nreturn [\n    Apacheborys\\SymfonyKeycloakBridgeBundle\\KeycloakBridgeBundle::class =\u003e ['all' =\u003e true],\n];\n```\n\n## Configuration\n\n```yaml\n# config/packages/keycloak_bridge.yaml\nkeycloak_bridge:\n  base_url: '%env(KEYCLOAK_BASE_URL)%'\n  client_realm: '%env(KEYCLOAK_CLIENT_REALM)%'\n  client_id: '%env(KEYCLOAK_CLIENT_ID)%'\n  client_secret: '%env(KEYCLOAK_CLIENT_SECRET)%'\n  http_client_service: 'http_client' # PSR-18 client service id\n  request_factory_service: 'psr17.request_factory' # PSR-17 request factory id\n  stream_factory_service: 'psr17.stream_factory' # PSR-17 stream factory id\n  cache_pool: 'cache.app' # optional PSR-6 cache pool id\n  logger_service: 'logger' # optional PSR-3 logger service id\n  allow_role_creation: false # allow creating missing roles in Keycloak during sync\n  realm_list_ttl: 3600\n  user_entities:\n    App\\Entity\\User:\n      realm: '%env(KEYCLOAK_USERS_REALM)%'\n      role_prefix: 'payment.' # optional\n      role_suffix: '.svc' # optional\n      mapper: Apacheborys\\SymfonyKeycloakBridgeBundle\\Mapper\\LocalEntityMapper # optional\n```\n\nIf you omit any of the service IDs, the bundle will rely on container aliases for the corresponding PSR interfaces.\nMake sure your app provides PSR-18 + PSR-17 implementations (and PSR-6 cache if you enable caching).\n\n## Services\n\nYou can autowire these interfaces:\n\n- `Apacheborys\\KeycloakPhpClient\\Http\\KeycloakHttpClientInterface`\n- `Apacheborys\\KeycloakPhpClient\\Service\\KeycloakServiceInterface`\n- `Apacheborys\\KeycloakPhpClient\\Service\\KeycloakJwtVerificationServiceInterface`\n- `Apacheborys\\KeycloakPhpClient\\Service\\KeycloakOidcAuthenticationServiceInterface`\n- `Apacheborys\\KeycloakPhpClient\\Service\\KeycloakUserManagementServiceInterface`\n- `Apacheborys\\KeycloakPhpClient\\Service\\KeycloakRealmServiceInterface`\n- `Apacheborys\\SymfonyKeycloakBridgeBundle\\Security\\KeycloakJwtAuthenticator`\n\nUser mappers must implement `Apacheborys\\KeycloakPhpClient\\Mapper\\LocalKeycloakUserBridgeMapperInterface`\nand are tagged as `keycloak.local_user_mapper`. The bundled `LocalEntityMapper` is wired when\n`user_entities` is configured.\n\nPer-entity mapper selection is supported via `user_entities.\u003cEntity\u003e.mapper`:\n- defaults to `Apacheborys\\SymfonyKeycloakBridgeBundle\\Mapper\\LocalEntityMapper`\n- can point to your custom mapper service class for specific entities\n\n`LocalEntityMapper` supports:\n- `getRealm`\n- `prepareLocalUserForKeycloakUserCreation`\n- `prepareLocalUserForKeycloakLoginUser`\n- `prepareLocalUserForKeycloakUserDeletion`\n- `prepareLocalUserDiffForKeycloakUserUpdate`\n\n`prepareLocalUserForKeycloakLoginUser` builds `OidcTokenRequestDto` using:\n- entity realm from `user_entities`\n- `client_id` and `client_secret` from bundle config\n- local user username + provided plain password\n\nRole synchronization mapping is also built in:\n- local Symfony role names are projected to `RoleDto`\n- optional `role_prefix` and `role_suffix` are applied before projecting roles to Keycloak\n- existing Keycloak roles are reused by name\n- unknown roles become lightweight `RoleDto` objects and can be auto-created when\n  `allow_role_creation: true`\n\nIf your login flow needs custom fields/scope/grant behavior, point `user_entities.\u003cEntity\u003e.mapper`\nto your mapper class. The bundle will tag it as `keycloak.local_user_mapper` automatically.\nIf your mapper needs custom constructor arguments, define it as a Symfony service explicitly.\n\n## Security Authenticator\n\nThe bundle provides `Apacheborys\\SymfonyKeycloakBridgeBundle\\Security\\KeycloakJwtAuthenticator`.\nIt:\n\n- reads bearer JWT from `Authorization` header\n- checks token `iss` matches configured Keycloak `base_url`\n- verifies signature and temporal claims via `KeycloakJwtVerificationServiceInterface`\n- converts Keycloak realm/resource roles into Symfony user roles\n\nExample firewall setup:\n\n```yaml\n# config/packages/security.yaml\nsecurity:\n  firewalls:\n    api:\n      stateless: true\n      custom_authenticators:\n        - Apacheborys\\SymfonyKeycloakBridgeBundle\\Security\\KeycloakJwtAuthenticator\n```\n\n## Development\n\n```bash\ncomposer install\ncomposer check\n```\n\nTo enable git hooks:\n\n```bash\ngit config core.hooksPath .githooks\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fapacheborys%2Fsymfony-keycloak-bundle","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fapacheborys%2Fsymfony-keycloak-bundle","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fapacheborys%2Fsymfony-keycloak-bundle/lists"}