src/EventListener/KeycloakRefreshTokenListener.php line 48

Open in your IDE?
  1. <?php
  3. namespace App\EventListener;
  5. use App\Security\Dto\TokensBag;
  6. use App\Service\KeycloakApiService;
  7. use App\Specification\KeycloakModeUsed;
  8. use Psr\Log\LoggerInterface;
  9. use RuntimeException;
  10. use Symfony\Component\DependencyInjection\ParameterBag\ParameterBagInterface;
  11. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  12. use Symfony\Component\HttpFoundation\RedirectResponse;
  13. use Symfony\Component\HttpKernel\Event\RequestEvent;
  14. use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
  15. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  16. use Symfony\Component\Security\Core\User\UserProviderInterface;
  17. use Symfony\Contracts\HttpClient\Exception\HttpExceptionInterface;
  19. class KeycloakRefreshTokenListener implements EventSubscriberInterface
  20. {
  21.     private LoggerInterface $logger;
  22.     private UserProviderInterface $userProvider;
  23.     private TokenStorageInterface $tokenStorage;
  24.     private UrlGeneratorInterface $urlGenerator;
  25.     private KeycloakApiService $keycloakApiService;
  26.     private ParameterBagInterface $param;
  27.     private string|bool $vistoryRedirect;
  28.     private string $mcotPortailRedirect;
  30.     public function __construct(
  31.         LoggerInterface $logger,
  32.         UserProviderInterface $userProvider,
  33.         TokenStorageInterface $tokenStorage,
  34.         UrlGeneratorInterface $urlGenerator,
  35.         KeycloakApiService $keycloakApiService,
  36.         ParameterBagInterface $param,
  37.     ) {
  38.         $this->logger $logger;
  39.         $this->userProvider $userProvider;
  40.         $this->tokenStorage $tokenStorage;
  41.         $this->urlGenerator $urlGenerator;
  42.         $this->keycloakApiService $keycloakApiService;
  43.         $this->param $param;
  44.         $this->vistoryRedirect $this->param->get('vistory_redirect');
  45.         $this->mcotPortailRedirect $this->param->get('mcot_portail_domain_name');
  46.     }
  48.     public function onKernelRequest(RequestEvent $event): void
  49.     {
  50.         $request $event->getRequest();
  51.         $session $request->getSession();
  53.         if (KeycloakModeUsed::isSatisfiedBy($this->param)) {
  54.             $token $this->tokenStorage->getToken();
  55.             if (null === $token) {
  56.                 return;
  57.             }
  59.             $tokens $token->getAttribute(TokensBag::class);
  60.             if (null === $tokens) {
  61.                 throw new \LogicException(sprintf('%s token attribute is empty'TokensBag::class));
  62.             }
  64.             if (time() < $tokens->getJwtExpires()) {
  65.                 return;
  66.             }
  68.             $refreshToken $session->get('oidc_refresh_token');
  69.             try {
  71.                 $response $this->keycloakApiService->getTokenFromRefreshToken($refreshToken);
  72.             } catch (HttpExceptionInterface $e) {
  73.                 $response $e->getResponse();
  74.                 if (400 === $response->getStatusCode() && 'invalid_grant' === ($response->toArray(false)['error'] ?? null)) {
  75.                     // Logout when SSO session idle is reached
  76.                     $this->tokenStorage->setToken(null);
  78.                     $redirect $this->vistoryRedirect == 'true' $this->urlGenerator->generate('login') : $this->mcotPortailRedirect;
  79.                     $event->setResponse(new RedirectResponse($redirect));
  80.                     return;
  81.                 }
  83.                 throw new RuntimeException(
  84.                     sprintf('Bad status code returned by openID server (%s)'$e->getResponse()->getStatusCode()),
  85.                     previous$e,
  86.                 );
  87.             }
  89.             $responseData json_decode($responsetrue);
  90.             if (false === $responseData) {
  91.                 throw new RuntimeException(sprintf('Can\'t parse json in response: %s'$response));
  92.             }
  94.             $jwtToken $responseData['id_token'] ?? null;
  95.             if (null === $jwtToken) {
  96.                 throw new RuntimeException(sprintf('No access token found in response %s'$response));
  97.             }
  99.             $refreshToken $responseData['refresh_token'] ?? null;
  100.             if (null === $refreshToken) {
  101.                 throw new RuntimeException(sprintf('No refresh token found in response %s'$response));
  102.             }
  104.             $this->logger->info(">>>>>>>>>>>>>>>>>> DEBUT REFRESH TOKEN >>>>>>>>>>>>>>>>>>");
  105.             $this->logger->debug($responseData['refresh_token']);
  106.             $this->logger->info("<<<<<<<<<<<<<<<<<< FIN REFRESH TOKEN <<<<<<<<<<<<<<<<<<");
  108.             $session->remove('oidc_access_token');
  109.             $session->remove('oidc_refresh_token');
  110.             $session->remove('oidc_expires_token');
  111.             $session->remove('oidc_expires_refresh_token');
  112.             $session->set('oidc_access_token'$responseData['access_token']);
  113.             $session->set('oidc_refresh_token'$responseData['refresh_token']);
  114.             $session->set('oidc_expires_token'$responseData['expires_in']);
  115.             $session->set('oidc_expires_refresh_token'$responseData['refresh_expires_in']);
  116.         }
  117.     }
  119.     public static function getSubscribedEvents(): array
  120.     {
  121.         return [RequestEvent::class => 'onKernelRequest'];
  122.     }
  123. }