For the Symfony Bundle see the package: gwsn/bizhost-auth-bundle
You can install the package via composer:
composer require gwsn/bizhost-auth-bundle
You need to request a new clientId and clientSecret for the application
-
Go to
bizhost auth portal
https://auth.bizhost.nl/ -
Go to
Applications
https://auth.bizhost.nl/admin/clients -
Go to
Register new application
and follow the wizard.
(give it a name like mine is 'example-app-authentication') -
When created the application is created write down the following details
-
'Application Identifier', this will be your
$clientId
-
'Application Secret', this will be your
$clientSecret
(Make sure you write this one down as it will be only shown once)Example:
- Auth meta url:
https://auth.bizhost.nl/.well-known/oauth-authorization-server
- Auth meta url:
Add the bundle to your config/bundles.php
file:
...
Bizhost\Authentication\Bundle\AuthenticateBundle::class => ['all' => true],
...
In case you want full authentication where the application is redirected to bizhost auth with code flow.
Add Providers, custom_authenticators and access_control to your config/packages/security.yaml
file:
security:
enable_authenticator_manager: true
providers:
authenticated_account_provider:
id: Bizhost\Authentication\Bundle\Authenticate\AuthenticatedAccountProvider
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/(account|auth)
stateless: false
custom_authenticators:
- Bizhost\Authentication\Bundle\Authenticate\BizhostAuthAuthenticator
entry_point: Bizhost\Authentication\Bundle\Authenticate\BizhostAuthAuthenticator
logout:
path: app_logout
access_control:
- { path: ^/account, roles: ROLE_USER }
- { path: ^/profile, roles: ROLE_USER }
In case you want full authentication where the application is redirected to bizhost auth with code flow.
Add Providers, custom_authenticators and access_control to your config/packages/security.yaml
file:
security:
enable_authenticator_manager: true
firewalls:
api:
pattern: ^/api
stateless: true
access_token:
token_handler: Bizhost\Authentication\Bundle\Authenticate\BizhostAuthAccessTokenAuthenticator
access_control:
- { path: ^/api, roles: ROLE_USER }
To start authentication the entry_point is used to redirect the user to the bizhost auth server. So every route behind access_control should trigger the redirect.
When authentication is successful it will redirect the user to /auth/success,
you should add route to handle this in your config/routes.yaml
or in one of config/routes/*.yaml
files:
It is also good practice to add a logout route to handle the logout of the user.
auth.callback:
path: /auth/callback
controller: App\Authentication\Controller\AuthController::handleCallback
methods: [ GET ]
auth.login.success:
path: /auth/success
controller: App\Authentication\Controller\AuthController::handleSuccess
methods: [ GET ]
Create a controller that will handle the callback and success route.
<?php
class AuthController extends AbstractController
{
public function handleSuccess(): Response
{
return new RedirectResponse('/home');
}
public function handleCallback(): Response
{
return new RedirectResponse('/home');
}
}
The bundle expect the following environment variables to be set with the correct values:
BIZHOST_AUTH_CLIENT_ID
and BIZHOST_AUTH_CLIENT_SECRET
are the values you get from the bizhost auth portal.
BIZHOST_AUTH_REDIRECT_URL
is the url where the user is redirected to after successful authentication and should point
to your application and path that is in the scope of the firewall.
BIZHOST_AUTH_API_URL
is the url to the bizhost auth server. for test we use https://auth-test.bizhost.nl
BIZHOST_AUTH_ISSUER_META_DATA_PATH
if the path is different then the default /.well-known/oauth-authorization-server
. You can change the path over here.
Example of the environment variables in your .env
file:
###> bizhost/auth-bundle ###
BIZHOST_AUTH_API_URL='https://auth.bizhost.nl'
BIZHOST_AUTH_CLIENT_ID='client_id_value'
BIZHOST_AUTH_CLIENT_SECRET='client_secret_value'
BIZHOST_AUTH_REDIRECT_URL='http://url-to-redirect-to-after-authentication'
# Optional
BIZHOST_AUTH_ISSUER_META_DATA_PATH='/.well-known/oauth-authorization-server'
###< bizhost/auth-bundle ###
The AccountService is a service that can be used to get the authenticated user, you can update the user and update the following properties
- firstname
- insertion
- lastname
- userMetadata
- appMetadata
The roles can be set in Bizhost Auth, if you need custom roles you can set them in the appMetadata.
To fetch the current account that is logged in you can use the Bizhost\Authentication\Bundle\Service\AccountService
service and call the getAuthorizedAccount()
.
Make sure you use the correct AccountService the one from the Bundle and not the one from the SDK!
use Bizhost\Authentication\Bundle\Service\AccountService;
class Example ;
{
public function __construct(
private AccountService $accountService
) {
}
publi function exampleMethod() {
$authenticatedAccount = $this->accountService->getAuthorizedAccount();
# To get the account
$account = $authenticatedAccount->getAccount();
# To get the token and if you need the AccessToken:
$token = $authenticatedAccount->getToken();
}
}
$ composer run-script test
If you discover any security related issues, please email [email protected] instead of using the issue tracker.
The MIT License (MIT). Please see License File for more information.