src/EventListener/KeycloakRefreshTokenListener.php line 43

Open in your IDE?
  1. <?php
  3. namespace App\EventListener;
  5. use App\Security\Dto\TokensBag;
  6. use App\Service\KeycloakApiService;
  7. use Psr\Log\LoggerInterface;
  8. use RuntimeException;
  9. use Symfony\Component\DependencyInjection\ParameterBag\ParameterBagInterface;
  10. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  11. use Symfony\Component\HttpFoundation\RedirectResponse;
  12. use Symfony\Component\HttpKernel\Event\RequestEvent;
  13. use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
  14. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  15. use Symfony\Component\Security\Core\User\UserProviderInterface;
  16. use Symfony\Contracts\HttpClient\Exception\HttpExceptionInterface;
  18. class KeycloakRefreshTokenListener implements EventSubscriberInterface
  19. {
  20.     private LoggerInterface $logger;
  21.     private UserProviderInterface $userProvider;
  22.     private TokenStorageInterface $tokenStorage;
  23.     private UrlGeneratorInterface $urlGenerator;
  24.     private KeycloakApiService $keycloakApiService;
  25.     private ParameterBagInterface $param;
  27.     public function __construct(
  28.         LoggerInterface $logger,
  29.         UserProviderInterface $userProvider,
  30.         TokenStorageInterface $tokenStorage,
  31.         UrlGeneratorInterface $urlGenerator,
  32.         KeycloakApiService $keycloakApiService,
  33.         ParameterBagInterface $param,
  34.     ) {
  35.         $this->logger $logger;
  36.         $this->userProvider $userProvider;
  37.         $this->tokenStorage $tokenStorage;
  38.         $this->urlGenerator $urlGenerator;
  39.         $this->keycloakApiService $keycloakApiService;
  40.         $this->param $param;
  41.     }
  43.     public function onKernelRequest(RequestEvent $event): void
  44.     {
  45.         $request $event->getRequest();
  46.         $session $request->getSession();
  48.         $token $this->tokenStorage->getToken();
  49.         if (null === $token) {
  50.             return;
  51.         }
  53.         $tokens $token->getAttribute(TokensBag::class);
  54.         if (null === $tokens) {
  55.             throw new \LogicException(sprintf('%s token attribute is empty'TokensBag::class));
  56.         }
  58.         if (time() < $tokens->getJwtExpires()) {
  59.             return;
  60.         }
  62.         $refreshToken $session->get('oidc_refresh_token');
  63.         try {
  65.             $response $this->keycloakApiService->getTokenFromRefreshToken($refreshToken);
  66.         } catch (HttpExceptionInterface $e) {
  67.             $response $e->getResponse();
  68.             if (400 === $response->getStatusCode() && 'invalid_grant' === ($response->toArray(false)['error'] ?? null)) {
  69.                 // Logout when SSO session idle is reached
  70.                 $this->tokenStorage->setToken(null);
  72.                 $redirect $this->urlGenerator->generate('login');
  73.                 $event->setResponse(new RedirectResponse($redirect));
  74.                 return;
  75.             }
  77.             throw new RuntimeException(
  78.                 sprintf('Bad status code returned by openID server (%s)'$e->getResponse()->getStatusCode()),
  79.                 previous$e,
  80.             );
  81.         }
  83.         $responseData json_decode($responsetrue);
  84.         if (false === $responseData) {
  85.             throw new RuntimeException(sprintf('Can\'t parse json in response: %s'$response));
  86.         }
  88.         $jwtToken $responseData['id_token'] ?? null;
  89.         if (null === $jwtToken) {
  90.             throw new RuntimeException(sprintf('No access token found in response %s'$response));
  91.         }
  93.         $refreshToken $responseData['refresh_token'] ?? null;
  94.         if (null === $refreshToken) {
  95.             throw new RuntimeException(sprintf('No refresh token found in response %s'$response));
  96.         }
  98.         $this->logger->info(">>>>>>>>>>>>>>>>>> DEBUT REFRESH TOKEN >>>>>>>>>>>>>>>>>>");
  99.         $this->logger->debug($responseData['refresh_token']);
  100.         $this->logger->info("<<<<<<<<<<<<<<<<<< FIN REFRESH TOKEN <<<<<<<<<<<<<<<<<<");
  102.         $session->remove('oidc_access_token');
  103.         $session->remove('oidc_refresh_token');
  104.         $session->remove('oidc_expires_token');
  105.         $session->remove('oidc_expires_refresh_token');
  106.         $session->set('oidc_access_token'$responseData['access_token']);
  107.         $session->set('oidc_refresh_token'$responseData['refresh_token']);
  108.         $session->set('oidc_expires_token'$responseData['expires_in']);
  109.         $session->set('oidc_expires_refresh_token'$responseData['refresh_expires_in']);
  111.         setcookie("celaneo_access_token"""time() - 3600);
  112.         setcookie("celaneo_refresh_token"""time() - 3600);
  114.         setcookie("celaneo_access_token"$responseData['access_token'], time() + $responseData['expires_in']);
  115.         setcookie("celaneo_refresh_token"$responseData['refresh_token'], time() + $responseData['refresh_expires_in']);
  117.     }
  119.     public static function getSubscribedEvents(): array
  120.     {
  121.         return [RequestEvent::class => 'onKernelRequest'];
  122.     }
  123. }