0
require '../../../lampp/htdocs/app';
session_start();

$provider = new Stevenmaguire\OAuth2\Client\Provider\Keycloak([
    'authServerUrl'             => 'http://localhost:8080/auth',
    'realm'                     => 'simple',
    'clientId'                  => 'demo_one',
    'clientSecret'              => '0f076fd9-6c3b-493d-942c-7b964bd7ca0d',
    'redirectUri'               => 'http://localhost/app',
    'encryptionAlgorithm'       => 'RS256',     //optional
    'encryptionKey'             => null,     //optional
    'encryptionKeyPath'         => null      //optional
]);

if(!isset($_GET['code']) || !isset($_SESSION['oauth2state'])) {
    // If we don't have an authorization code then get one
    
    $authUrl = $provider->getAuthorizationUrl();
    $_SESSION['oauth2state'] = $provider->getState();
    header('Location: '.$authUrl);
    exit;

// Check given state against previously stored one to mitigate CSRF attack
} elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) {
    unset($_SESSION['oauth2state']);
    exit('Invalid state, make sure HTTP sessions are enabled.');
} else {
    // Try to get an access token (using the authorization coe grant)
    try {
        $token = $provider->getAccessToken('authorization_code', [
            'code' => $_GET['code']
        ]);
    } catch (Exception $e) {
        exit('Failed to get access token: '.$e->getMessage());
    }

    // Optional: Now you have a token you can look up a users profile data
    try {

        // We got an access token, let's now get the user's details
        $user = $provider->getResourceOwner($token);
        // Use these details to create a new profile
        printf('Hello %s <br><br>', $user->getName());

    } catch (Exception $e) {
        exit('Failed to get resource owner: '.$e->getMessage());
    }

    // Use this to interact with an API on the users behalf
//    echo $token->getToken();
}


// comment out the following two lines when deployed to production
// defined('YII_DEBUG') or define('YII_DEBUG', true);
// defined('YII_ENV') or define('YII_ENV', 'dev');

//require(__DIR__ . '/vendor/autoload.php');
require (__DIR__. '/vendor/autoload.php');
require(__DIR__ . '/vendor/yiisoft/yii2/Yii.php');
//require (__DIR__. '/data.php');
$config = require(__DIR__ . '/config/web.php');

(new yii\web\Application($config))->run();

how to solve it for integrating with it. have use stevenmaguire outh2-keycloak plugins.gives some problem to run this project.I am completely new to this area and prefer number 2,3. I have set up an Keycloak server and wrote a) for my User DB in the Keycloak server.

dash_d
  • 1
  • 3
  • You have not given the full, minimalistic code to reproduce the problem. `Undefined index` means that you're trying to get a value, via a key, that is not yet set. In this example, you only set the value. – Jaquarh Dec 06 '21 at 04:44
  • i have write whole code please suggest any solution. – dash_d Dec 06 '21 at 04:57
  • Does this answer your question? ["Notice: Undefined variable", "Notice: Undefined index", and "Notice: Undefined offset" using PHP](https://stackoverflow.com/questions/4261133/notice-undefined-variable-notice-undefined-index-and-notice-undefined) – Nico Haase Dec 06 '21 at 05:40

1 Answers1

1

You're checking if there is a request parameter code. If there isn't, you instantly assume the session oauth2state is set.

if(!isset($_GET['code']) || !isset($_SESSION['oauth2state']))

Check both keys are set before using them.

Jaquarh
  • 6,493
  • 7
  • 34
  • 86