Configuration

Environment Variables

Variable	Type	Required	Default	Description
`KEYCLOAK_URL`	string	Yes	-	Keycloak server URL
`KEYCLOAK_CLIENT_ID`	string	Yes	-	OAuth2 client ID
`KEYCLOAK_CLIENT_SECRET`	string	Yes	-	OAuth2 client secret
`KEYCLOAK_REDIRECT_URI`	string	Yes	-	OAuth2 redirect URI
`KEYCLOAK_REALM`	string	No	`master`	Keycloak realm
`KEYCLOAK_SCOPES`	json	No	`["openid", "profile", "email"]`	OAuth2 scopes
`KEYCLOAK_PROTECTED_ROUTES`	json	No	`["/dashboard", "/profile", "/admin"]`	Protected routes
`KEYCLOAK_CALLBACK_ROUTE`	string	No	`/auth/callback`	Callback route
`KEYCLOAK_LOGOUT_ROUTE`	string	No	`/auth/logout`	Logout route
`KEYCLOAK_SESSION_LIFETIME`	int	No	`3600`	Session lifetime
`KEYCLOAK_SECURE_COOKIES`	bool	No	`false`	Secure cookies
`KEYCLOAK_HTTP_TIMEOUT`	int	No	`30`	HTTP timeout
`KEYCLOAK_HTTP_CONNECT_TIMEOUT`	int	No	`30`	HTTP connect timeout
`KEYCLOAK_HTTP_VERIFY`	bool	No	`false`	SSL verification

Required Configuration

The following parameters are mandatory and must be provided:

# Keycloak server configuration.
KEYCLOAK_URL=https://<YOUR_KEYCLOAK_SERVER>

# OAuth2 client credentials.
KEYCLOAK_CLIENT_ID=your-client-id
KEYCLOAK_CLIENT_SECRET=your-client-secret

# OAuth2 redirect URI.
KEYCLOAK_REDIRECT_URI=https://<YOUR_APP_URL>/auth/callback

Routes Configuration

auth_callback:
    path: /auth/callback
    handler: Derafu\Auth\Controller\CallbackController::handle

Services Configuration

services:

    _defaults:
        autowire: true
        autoconfigure: true
        public: false

    Derafu\Auth\Contract\AuthConfigurationInterface:
        class: Derafu\Auth\Configuration\AuthConfiguration
        arguments:
            $config:
                keycloak_url: '%env(default::string:KEYCLOAK_URL)%'
                realm: '%env(default::string:KEYCLOAK_REALM)%'
                client_id: '%env(default::string:KEYCLOAK_CLIENT_ID)%'
                client_secret: '%env(default::string:KEYCLOAK_CLIENT_SECRET)%'
                redirect_uri: '%env(default::string:KEYCLOAK_REDIRECT_URI)%'
                scopes: '%env(default::json:KEYCLOAK_SCOPES)%'
                protected_routes: '%env(default::json:KEYCLOAK_PROTECTED_ROUTES)%'
                callback_route: '%env(default::string:KEYCLOAK_CALLBACK_ROUTE)%'
                logout_route: '%env(default::string:KEYCLOAK_LOGOUT_ROUTE)%'
                session_lifetime: '%env(default::int:KEYCLOAK_SESSION_LIFETIME)%'
                secure_cookies: '%env(default::bool:KEYCLOAK_SECURE_COOKIES)%'
                http_client_options:
                    timeout: '%env(default::int:KEYCLOAK_HTTP_TIMEOUT)%'
                    connect_timeout: '%env(default::int:KEYCLOAK_HTTP_CONNECT_TIMEOUT)%'
                    verify: '%env(default::bool:KEYCLOAK_HTTP_VERIFY)%'

    Derafu\Auth\Contract\AuthenticationProviderInterface:
        class: Derafu\Auth\Service\KeycloakAuthenticationService

    Derafu\Auth\Contract\SessionManagerInterface:
        class: Derafu\Auth\Service\SessionService

    Derafu\Auth\Contract\RouteValidatorInterface:
        class: Derafu\Auth\Validator\RouteValidator

    Derafu\Auth\Middleware\AuthenticationMiddleware: ~

    Derafu\Auth\Controller\CallbackController:
        public: true

On this page

Last updated on 29/07/2025 by Anonymous

Introduction

Route Protection

Base for Applications

Data Handling

Views and Templates

Utils

Standards and Rules

System Administration

Configuration

Environment Variables

Required Configuration

Routes Configuration

Services Configuration