KeycloakClientBundle/src/DependencyInjection/Configuration.php at main · mainick/KeycloakClientBundle · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
<?php

declare(strict_types=1);

namespace Mainick\KeycloakClientBundle\DependencyInjection;

use Symfony\Component\Config\Definition\Builder\TreeBuilder;
use Symfony\Component\Config\Definition\ConfigurationInterface;

class Configuration implements ConfigurationInterface
{
    public function getConfigTreeBuilder(): TreeBuilder
    {
        $treeBuilder = new TreeBuilder('mainick_keycloak_client');
        $rootNode = $treeBuilder->getRootNode();
        $adminCliChildren = $rootNode->children()->arrayNode('admin_cli')->children();

        $rootNode
            ->children()
                ->arrayNode('keycloak')
                    ->children()
                        ->booleanNode('verify_ssl')->defaultTrue()->end()
                        ->scalarNode('base_url')->isRequired()->cannotBeEmpty()->end()
                        ->scalarNode('realm')->isRequired()->cannotBeEmpty()->end()
                        ->scalarNode('client_id')->isRequired()->cannotBeEmpty()->end()
                        ->scalarNode('client_secret')->defaultNull()->end()
                        ->scalarNode('redirect_uri')->defaultNull()->end()
                        ->scalarNode('encryption_algorithm')->defaultNull()->end()
                        ->scalarNode('encryption_key')->defaultNull()->end()
                        ->scalarNode('encryption_key_path')->defaultNull()->end()
                        ->scalarNode('encryption_key_passphrase')->defaultNull()->end()
                        ->scalarNode('version')->defaultNull()->end()
                        ->arrayNode('allowed_jwks_domains')
                            ->info('Whitelist of allowed domains for JWKS endpoint requests. If empty, only the base_url domain is allowed.')
                            ->scalarPrototype()->end()
                        ->end()
                    ->end()
                    ->validate()
                        ->ifTrue(function ($v) {
                            return empty($v['encryption_key']) && empty($v['encryption_key_path']);
                        })
                        ->thenInvalid('At least one of "encryption_key" or "encryption_key_path" must be provided.')
                    ->end()
                ->end()
                ->arrayNode('security')
                    ->info('Enable this if you want to use the Keycloak security layer. This will protect your application with Keycloak.')
                    ->canBeEnabled()
                    ->children()
                        ->scalarNode('default_target_route_name')->defaultNull()->end()
                    ->end()
                ->end()
                ->arrayNode('admin_cli')
                    ->info('Enable this if you want to use the admin-cli client to authenticate with Keycloak. This is useful if you want to use the Keycloak Admin REST API.')
                    ->canBeEnabled()
                    ->children()
                        ->scalarNode('realm')->isRequired()->cannotBeEmpty()->end()
                        ->scalarNode('client_id')->isRequired()->cannotBeEmpty()->end()
                        ->scalarNode('username')->isRequired()->cannotBeEmpty()->end()
                        ->scalarNode('password')->isRequired()->cannotBeEmpty()->end()
                    ->end()
                ->end()
            ->end();

        return $treeBuilder;
    }
}