hawk-hhg / auth-client
A wrapper around the keycloak authentication service to provide a fully fledged authentication and authorization system
Installs: 3
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Type:project
Requires
- php: ^8.3
- ext-ctype: *
- league/oauth2-client: ^2.8
- psr/clock: ^1.0
- psr/log: ^3.0
Requires (Dev)
- phpunit/phpunit: ^11.5.6
- psr/simple-cache: ^3.0
- roave/security-advisories: dev-latest
README
A comprehensive authentication and authorization library that wraps around the Keycloak REST API ( using hawk-keycloak-auth-server for additional features). The library provides a sophisticated way to build microservices with secure authentication, authorization, and user management.
Core Components
- Authentication Layer: Handles both stateful (session-based) and stateless (token-based) authentication
- User Management Layer: Manages users, groups, and roles with efficient caching
- Permission Layer: Provides fine-grained access control through resource scopes
- Profile Layer: Manages flexible user profile structures with validation
- Frontend Integration: TypeScript companion library for seamless client-side integration
Features
Authentication
The library provides two authentication approaches:
-
Stateful Authentication (Session-based)
- Ideal for server-rendered websites
- Automatic session management
- Built-in token refresh handling
- See stateful-auth example
-
Stateless Authentication (Token-based)
- Perfect for API implementations
- No session state required
- Token validation and verification
- See stateless-auth example
Permission System
The Guard system provides sophisticated access control:
- Resource-based permissions with scopes
- Role-based access control
- Group hierarchy support
- Fine-grained permission checks
// Example permission checks $guard->hasAnyRole('admin', 'editor'); $guard->hasAnyGroupOrHasChildOfAny('organization.managers'); $guard->hasAnyResourceScope('document-123', 'read', 'write');
Profile Management
Flexible user profile system with:
- Structured field definitions
- Field type validation
- Admin/User view modes
- Grouped fields
- Custom field types
See the user-profile example for implementation details.
Frontend Integration
TypeScript companion library (@hawk-hhg/auth-client) providing:
- Event-driven authentication state management
- Profile access
- Permission checking
- Automatic token refresh
See the frontend-api example for implementation details.
Installation
PHP Library
composer require hawk-hhg/auth-client
JavaScript Companion (Optional)
npm install @hawk-hhg/auth-client
Basic Configuration
$client = new AuthClient( redirectUrl: 'https://your-app.com/callback', publicKeycloakUrl: 'https://keycloak.example.com', realm: 'your-realm', clientId: 'your-client-id', clientSecret: 'your-client-secret', // Optional: internal Keycloak URL for Docker environments internalKeycloakUrl: 'http://keycloak:8080' );
Examples
The library includes several example implementations:
- stateful-auth: Session-based authentication
- stateful-auth-force-login: Force login with session-based authentication
- stateless-auth: Token-based API authentication
- user-reading: Options for reading users
- user-profile: Profile management
- frontend-api: Frontend integration
- oauth-flow: OAuth authentication flow using the League OAuth2 client
- manage-resources: Resource management
Each example demonstrates a specific use case with detailed comments and working code.
The examples come with their own docker-compose.yml file you can use to start them locally.
Just run docker-compose up in the example directory and open the http://localhost:8099 URL in your browser.
Note, that you must modify the environment variables in the docker-compose.yml file to match your Keycloak setup.
Alternatively, if you are using
the HAWK Keycloak Infrastructure,
you can copy the docker-compose.keycloak.yml file to docker-compose.override.yml and start the environment with
docker compose up.
Development Setup
CLI Interface
The library comes with a powerful CLI interface (bin/env) built with bashly, providing commands for development and
testing:
# Start the environment bin/env up # Starts containers in daemon mode bin/env up -f # Starts containers with attached output # Container management bin/env stop # Stop containers bin/env restart # Restart containers bin/env down # Remove containers bin/env clean # Remove container images # Development tools bin/env logs [service] # View container logs bin/env ssh [service] # SSH into a container bin/env composer [...args] # Run composer commands # Testing bin/env test unit # Run unit tests bin/env test unit -c # Generate coverage report # Frontend bin/env frontend build # Build TypeScript library bin/env frontend watch # Watch TypeScript files
Docker Setup
The library includes Docker support for development and testing. To use the demo environment:
- Clone the HAWK Keycloak Infrastructure
- Copy
docker-compose.keycloak.ymltodocker-compose.override.yml - Start the environment:
bin/env up
The demo environment automatically starts the examples for you which you can access at http://localhost:8099.
Testing
# Run unit tests bin/env test unit # Generate coverage report bin/env test unit -c
Postcardware
You're free to use this package, but if it makes it to your production environment we highly appreciate you sending us a postcard from your hometown, mentioning which of our package(s) you are using.
HAWK Fakultät Gestaltung
Interaction Design Lab
Renatastraße 11
31134 Hildesheim
Thank you :D