'https://id.testing.aiacademy.tw/auth/realms/aiacademy/account', 'authServerUrl' => 'https://id.testing.aiacademy.tw/auth', 'realm' => 'aiacademy', 'clientId' => $KEYCLOAK_CLIENT_ID, 'clientSecret' => '8117f3e6-8ff8-4ccb-8fe4-03c32cdac02a', 'redirectUri' => 'http://testteststudents.aiacademy.tw/test_oauth2/1220/1.php', ]); #print_r($_SESSION); echo'

---

'; if(isset($_GET['student_logout'])){ unset($_SESSION['keycloak_user']); } if(isset($_GET['student_login'])){ if(isset($_SESSION['keycloak_user']) and $_SESSION['keycloak_user']){ $user = unserialize($_SESSION['keycloak_user']); if($user){header('location:/?logined_before');exit();} } if(!$user){ header('location: https://id.testing.aiacademy.tw/auth/realms/aiacademy/protocol/openid-connect/auth?client_id='.$KEYCLOAK_CLIENT_ID.'&response_type=code&aia_debug=1'); exit(); } } if(isset($_GET['code'])){ $keycloak_code = isset($_GET['code'])&&$_GET['code'] ? $_GET['code'] : ''; if(!$keycloak_code){ header('location: https://id.testing.aiacademy.tw/auth/realms/aiacademy/protocol/openid-connect/auth?client_id='.$KEYCLOAK_CLIENT_ID.'&response_type=code&aia_debug=2'); exit(); } try { $token = $provider->getAccessToken('authorization_code', [ 'code' => $keycloak_code ]); $user = $provider->getResourceOwner($token); } catch (Exception $e) { //pass } if(!$token or !$user){ header('location: https://id.testing.aiacademy.tw/auth/realms/aiacademy/protocol/openid-connect/auth?client_id='.$KEYCLOAK_CLIENT_ID.'&response_type=code&aia_debug=3'); exit(); }else{ $_SESSION['keycloak_user'] = serialize($user); header('location:/?logined_just_now'); exit(); } } $KEYCLOAK_USER = isset($_SESSION['keycloak_user']) && $_SESSION['keycloak_user'] ? unserialize($_SESSION['keycloak_user']) : null; if(0){ echo('the following is modified from github.com/stevenmaguire/oauth2-keycloak/'); if (!isset($_GET['code'])) { // If we don't have an authorization code then get one $authUrl = $provider->getAuthorizationUrl(); $_SESSION['oauth2state'] = $provider->getState(); header('Location: '.$authUrl); exit; /* // Check given state against previously stored one to mitigate CSRF attack } elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) { unset($_SESSION['oauth2state']); exit('Invalid state, make sure HTTP sessions are enabled.'); */ } else { // Try to get an access token (using the authorization coe grant) try { $token = $provider->getAccessToken('authorization_code', [ 'code' => $_GET['code'] ]); } catch (Exception $e) { exit('Failed to get access token: '.$e->getMessage()); } // Optional: Now you have a token you can look up a users profile data try { // We got an access token, let's now get the user's details $user = $provider->getResourceOwner($token); // Use these details to create a new profile printf('Hello %s!', $user->getName()); } catch (Exception $e) { exit('Failed to get resource owner: '.$e->getMessage()); } // Use this to interact with an API on the users behalf $token_value = $token->getToken(); echo '

---

'.$token_value; if(isset($user)){ echo'

---

'; echo $user->getId(); echo'

---

'; echo $user->getEmail(); echo'

---

'; echo $user->getName(); echo '

---

'; echo $_SESSION['keycloak_token'] = $token_value; } echo '

---

'; } }//end of if(0)