Skip to content

Latest commit

 

History

History
87 lines (56 loc) · 2.91 KB

README.md

File metadata and controls

87 lines (56 loc) · 2.91 KB

OAuth2 ESIA bundle

Build Status Software License

Configuration and symfony services for ekapusta/oauth2-esia.

Install

composer require ekapusta/oauth2-esia-bundle

In your kernell add to other bundles:

new Ekapusta\OAuth2EsiaBundle\EkapustaOAuth2EsiaBundle(),

Configuration

Signer

Decide which signer to use and set these params in your config:

ekapusta_oauth2_esia.signer.class_name: Ekapusta\OAuth2Esia\Security\Signer\OpensslCli
ekapusta_oauth2_esia.signer.certificate_path: /path/to/your/certificate/with/public-key-inside.cer
ekapusta_oauth2_esia.signer.private_key_path: /path/to/your/certificates/private.key
ekapusta_oauth2_esia.signer.private_key_password: 'some password'
ekapusta_oauth2_esia.signer.tool_path: /path/to/your/openssl

Provider

You must configure your client_id and redirect_uri.

ekapusta_oauth2_esia.client_id: SOMESYSTEM
ekapusta_oauth2_esia.redirect_uri: https://your-system.domain/auth/finish

Scopes should be configured if you need more info from authorized user. Please note, that you should set here only scopes, for which you have permission to use. Full list of scopes are at methodical recommendations.

ekapusta_oauth2_esia.default_scopes: ['openid', 'fullname', '...']

Test mode

To use test mode put your provider to test portal as:

ekapusta_oauth2_esia.remote_url: 'https://esia-portal1.test.gosuslugi.ru'
ekapusta_oauth2_esia.remote_public_key: '%ekapusta_oauth2_esia.vendor.resources_path%/esia.test.public.key'

RS256 algo

By default we now use GOST algo for remote verification. To use RSA RS256:

ekapusta_oauth2_esia.remote_public_key: '%ekapusta_oauth2_esia.vendor.resources_path%/esia.prod.public.key'
ekapusta_oauth2_esia.remote_signer.algorytm: 'RS256'

Logging

Currently logger is used only at transport level: injected into guzzle http client. You can configure your own logger class by ekapusta_oauth2_esia.logger.class param. Or just redefine at your config service ekapusta_oauth2_esia.logger.

Usage

There are two DI-services available: ekapusta_oauth2_esia.provider and ekapusta_oauth2_esia.service. When you need just authorize user and get information, then you could use ekapusta_oauth2_esia.service. In other cases use ekapusta_oauth2_esia.provider. 2nd is just a simplified facade for 1st.