Authenticate feeds with Keycloak/OpenID connect?

Created on 8 July 2021, over 3 years ago
Updated 21 December 2023, about 1 year ago

Problem/Motivation

I need to authenticate to feeds with a token I get from the same IDP that I use to log in to Drupal itself. In this case, it is Keycloak, but more generally it could be OpenID connect.

So in order to get the token I need to do something like

    $keycloak_configuration = \Drupal::config('openid_connect.settings.keycloak');

    $keycloak_settings = $keycloak_configuration->get('settings');
    $keycloak_base = $keycloak_settings['keycloak_base'];
    $keycloak_realm = $keycloak_settings['keycloak_realm'];
    $client_id = $keycloak_settings['client_id'];
    $client_secret = $keycloak_settings['client_secret'];


    $token_url = $keycloak_base . '/realms/' . $keycloak_realm . '/protocol/openid-connect/token';

    $payload['grant_type'] = 'client_credentials';
    $payload['client_id'] = $client_id;
    $payload['client_secret'] = $client_secret;

    $json = json_encode($payload);
    $response = \Drupal::httpClient()->request(
        'POST', $token_url, [ 'form_params' => $payload ]
    );
 

In other words: Instead of assuming the auth token is constant, the module would look at the OpenID Connect (or maybe just Keycloak) settings to obtain the token on each request/as often as needed.

Do you think this makes sense to include in this module? Would the maintainer accept a patch if one came?

User interface changes

An option for supported OpenID Connect methods would be provided when configuring a feed.

API changes

None.

Data model changes

None.

Feature request
Status

Closed: works as designed

Version

1.0

Component

Code

Created by

🇩🇰Denmark agger

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Production build 0.71.5 2024