https://github.com/ekapusta/oauth2-esia-bundle
Configuration and symfony services for ekapusta/oauth2-esia.
https://github.com/ekapusta/oauth2-esia-bundle
esia oauth2 oauth2-provider openid-connect symfony symfoy-bundle
Last synced: 2 months ago
JSON representation
Configuration and symfony services for ekapusta/oauth2-esia.
- Host: GitHub
- URL: https://github.com/ekapusta/oauth2-esia-bundle
- Owner: ekapusta
- License: mit
- Created: 2018-05-22T07:36:00.000Z (almost 8 years ago)
- Default Branch: develop
- Last Pushed: 2020-09-29T18:59:46.000Z (over 5 years ago)
- Last Synced: 2025-10-11T03:41:28.563Z (6 months ago)
- Topics: esia, oauth2, oauth2-provider, openid-connect, symfony, symfoy-bundle
- Language: PHP
- Size: 59.6 KB
- Stars: 7
- Watchers: 4
- Forks: 3
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE.md
Awesome Lists containing this project
README
OAuth2 ESIA bundle
==================
[](https://travis-ci.org/ekapusta/oauth2-esia-bundle)
[](https://github.com/ekapusta/oauth2-esia-bundle/blob/develop/LICENSE.md)
Configuration and symfony services for [ekapusta/oauth2-esia](https://github.com/ekapusta/oauth2-esia).
Install
-------
`composer require ekapusta/oauth2-esia-bundle`
In your kernell add to other bundles:
`new Ekapusta\OAuth2EsiaBundle\EkapustaOAuth2EsiaBundle(),`
Configuration
-------------
### Signer
Decide [which signer to use](https://github.com/ekapusta/oauth2-esia#which-signer-to-use) and
set these params in your config:
```yaml
ekapusta_oauth2_esia.signer.class_name: Ekapusta\OAuth2Esia\Security\Signer\OpensslCli
ekapusta_oauth2_esia.signer.certificate_path: /path/to/your/certificate/with/public-key-inside.cer
ekapusta_oauth2_esia.signer.private_key_path: /path/to/your/certificates/private.key
ekapusta_oauth2_esia.signer.private_key_password: 'some password'
ekapusta_oauth2_esia.signer.tool_path: /path/to/your/openssl
```
### Provider
You must configure your `client_id` and `redirect_uri`.
```yaml
ekapusta_oauth2_esia.client_id: SOMESYSTEM
ekapusta_oauth2_esia.redirect_uri: https://your-system.domain/auth/finish
```
Scopes should be configured if you need more info from authorized user.
Please note, that you should set here only scopes, for which you have permission to use.
Full list of scopes are at [methodical recommendations](http://minsvyaz.ru/ru/documents/?type=50&directions=13).
```yaml
ekapusta_oauth2_esia.default_scopes: ['openid', 'fullname', '...']
```
### Test mode
To use test mode put your provider to test portal as:
```yaml
ekapusta_oauth2_esia.remote_url: 'https://esia-portal1.test.gosuslugi.ru'
ekapusta_oauth2_esia.remote_public_key: '%ekapusta_oauth2_esia.vendor.resources_path%/esia.test.public.key'
```
### RS256 algo
By default we now use GOST algo for remote verification. To use RSA RS256:
```yaml
ekapusta_oauth2_esia.remote_public_key: '%ekapusta_oauth2_esia.vendor.resources_path%/esia.prod.public.key'
ekapusta_oauth2_esia.remote_signer.algorytm: 'RS256'
```
### Logging
Currently logger is used only at transport level: injected into guzzle http client.
You can configure your own logger class by `ekapusta_oauth2_esia.logger.class` param.
Or just redefine at your config service `ekapusta_oauth2_esia.logger`.
Usage
-----
There are two DI-services available: `ekapusta_oauth2_esia.provider` and `ekapusta_oauth2_esia.service`.
When you need just authorize user and get information, then you could use `ekapusta_oauth2_esia.service`.
In other cases use `ekapusta_oauth2_esia.provider`. 2nd is just a simplified facade for 1st.