我有一个 keycloak 服务器和使用自定义 KeycloakProvider 的 Laravel 应用程序:
public function loginByEmail(string $email, string $password): SsoTokens
{
try {
$data = $this->realmEndpoint->makeRequest(
HttpClientProvider::METHOD_POST,
self::KEYCLOAK_AUTH_URL,
[
'client_id' => config('services.keycloak.realm_client'),
'client_secret' => config('services.keycloak.realm_secret'),
'grant_type' => 'password',
'username' => $email,
'password' => $password,
'scope' => 'openid'
]
);
} catch (TransportUnauthorizedException $e) {
throw new UnauthorizedException($e);
} catch (HttpClientException $e) {
throw new TransportException($e);
}
return $this->extractTokens($data);
}
现在我的目标是通过用户的手机号码设置基本的短信验证。我找到了一些工具(1 https://github.com/UKGovernmentBEIS/keycloak-sms-authenticator-sns, 2 https://github.com/gwallet/keycloak-sms-authenticator),但他们不提供 API,只提供 HTML 页面。
有解决办法吗?
我找到了解决方案。
在不知道某人密码的情况下登录:
- 发简讯;
- 通过代码确认电话号码;
- 获取目标用户的keycloak ID;
- 以有权的用户身份登录模仿 https://blog.softwaremill.com/who-am-i-keycloak-impersonation-api-bfe7acaf051a;
- 与目标用户交换令牌。
TOKEN_EXCHANGE
需要钥匙斗篷功能。
步骤 1-3 我使用 Laravel 实现,步骤 4-5 使用 Keycloak API 实现:
public function loginByUserId(string $userId): SsoTokens
{
try {
$impersonatorData = $this->realmEndpoint->makeRequest(
HttpClientProvider::METHOD_POST,
self::KEYCLOAK_AUTH_URL,
[
'client_id' => config('services.keycloak.realm_client'),
'client_secret' => config('services.keycloak.realm_secret'),
'grant_type' => 'password',
'username' => config('services.keycloak.admin_username'),
'password' => config('services.keycloak.admin_password'),
'scope' => 'openid',
]
);
$data = $this->realmEndpoint->makeRequest(
HttpClientProvider::METHOD_POST,
self::KEYCLOAK_AUTH_URL,
[
'client_id' => config('services.keycloak.realm_client'),
'client_secret' => config('services.keycloak.realm_secret'),
'grant_type' => 'urn:ietf:params:oauth:grant-type:token-exchange',
'requested_subject' => $userId,
'subject_token' => $impersonatorData['access_token'],
'scope' => 'openid',
]
);
} catch (TransportUnauthorizedException $e) {
throw new UnauthorizedException($e);
} catch (HttpClientException $e) {
throw new TransportException($e);
}
return $this->extractTokens($data);
}
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)