wip: working oidc login

2025-07-11 11:27:34 -05:00
parent db521ad9a9
commit 04993ebb27
10 changed files with 726 additions and 17 deletions
--- a/config/bundles.php
+++ b/config/bundles.php
@@ -21,4 +21,5 @@ return [
    Stof\DoctrineExtensionsBundle\StofDoctrineExtensionsBundle::class => ['all' => true],
    Symfony\UX\Autocomplete\AutocompleteBundle::class => ['all' => true],
    SymfonyCasts\Bundle\ResetPassword\SymfonyCastsResetPasswordBundle::class => ['all' => true],
+    Drenso\OidcBundle\DrensoOidcBundle::class => ['all' => true],
 ];
--- a/config/packages/drenso_oidc.yaml
+++ b/config/packages/drenso_oidc.yaml
@@ -0,0 +1,19 @@
+drenso_oidc:
+    #default_client: default # The default client, will be aliased to OidcClientInterface
+    clients:
+        default: # The client name, each client will be aliased to its name (for example, $defaultOidcClient)
+            # Required OIDC client configuration
+            well_known_url: '%env(OIDC_WELL_KNOWN_URL)%'
+            client_id: '%env(OIDC_CLIENT_ID)%'
+            client_secret: '%env(OIDC_CLIENT_SECRET)%'
+            redirect_route: '/login/oidc/auth'
+
+            # Extra configuration options
+            #redirect_route: '/login_check'
+            #custom_client_headers: []
+
+        # Add any extra client
+        #link: # Will be accessible using $linkOidcClient
+            #well_known_url: '%env(LINK_WELL_KNOWN_URL)%'
+            #client_id: '%env(LINK_CLIENT_ID)%'
+            #client_secret: '%env(LINK_CLIENT_SECRET)%'
--- a/config/packages/security.yaml
+++ b/config/packages/security.yaml
@@ -10,6 +10,9 @@ security:
                class: App\User\Framework\Entity\User
                property: email

+        app_oidc:
+            id: App\User\Framework\Security\OidcUserProvider
+
        app_ldap:
            id: App\User\Framework\Security\LdapUserProvider

@@ -18,14 +21,12 @@ security:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        main:
-            lazy: true
-            provider: app_local
-            form_login:
-                login_path: app_login
-                check_path: app_login
-                enable_csrf: true
            logout:
-                path: app_logout
+                path: /logout
+            provider: app_oidc
+            oidc:
+                login_path: '/login/oidc'
+                check_path: '/login/oidc/auth'

            # activate different ways to authenticate
            # https://symfony.com/doc/current/security.html#the-firewall