Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature request: Multiple authenticator keys #79

Open
welcoMattic opened this issue Jan 7, 2025 · 3 comments
Open

Feature request: Multiple authenticator keys #79

welcoMattic opened this issue Jan 7, 2025 · 3 comments

Comments

@welcoMattic
Copy link

As described here, #29 (comment), it could be helpful to provide multiple authenticator keys to implement login from different services.

Let's get an exemple:

I need to secure a part of my app behind a firewall named bunker. To access this part, I provide the users 2 different ways to login (let's say Keycloak and MS EntraID).

        keycloak:
            pattern: ^/bunker
            provider: users
            logout: true
            oidc:
                client: keycloak
                login_path: /keycloak_login
                check_path: /keycloak_login_check
                failure_path: /keycloak_login_failure
                enable_end_session_listener: true
                user_identifier_from_idtoken: false

        entra:
            pattern: ^/bunker
            provider: agents
            logout: true
            oidc:
                client: entra
                login_path: /entra_login
                check_path: /entra_login_check
                failure_path: /entra_login_failure
                enable_end_session_listener: true               
                user_identifier_from_idtoken: true

The problem here, is I have 2 firewalls, and Symfony can not decide which one to use, so it uses the first one by default.

The solution could be something like in https://github.com/hwi/HWIOAuthBundle/blob/master/docs/3-configuring_the_security_layer.md#b-configure-the-oauth-firewall

        bunker:
            pattern: ^/bunker
            provider: users
            logout: true
            oidc:
                providers:
                    keycloak:
                        client: keycloak
                        login_path: /keycloak_login
                        check_path: /keycloak_login_check
                        failure_path: /keycloak_login_failure
                        enable_end_session_listener: true
                        user_identifier_from_idtoken: false
                    entra:
                        client: entra
                        login_path: /entra_login
                        check_path: /entra_login_check
                        failure_path: /entra_login_failure
                        enable_end_session_listener: true               
                        user_identifier_from_idtoken: true

Let me know if this is something you want to add in the bundle or not. I would be happy to help to contribute.
@bobvandevijver
Copy link
Member

As we already support multiple clients, your best bet to get started quickly is to extend the OidcFactory and override the getKey method. Register it similar as done in DrensoOidcBundle within your own application and you should be done.

@welcoMattic
Copy link
Author

Yes, that is what I do in my own app. But is there any desire to add it directly to the bundle to make it easy it for everyone?

@bobvandevijver
Copy link
Member

Feel free to create a PR

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@welcoMattic @bobvandevijver