Home » Php » KeyCloak Authentication Flow with jumbojett/OpenID-Connect-PHP Library

KeyCloak Authentication Flow with jumbojett/OpenID-Connect-PHP Library

Posted by: admin February 25, 2020 Leave a comment

Questions:

I‘m struggling setting up a secured application with an OpenID provider.

What I have done:

  • Set up KeyCloak Server
  • Created simple php Application
  • Loaded jumbojett library
  • Configured client

What am I doing:

  • Try to access my application
  • Get redirected to my KeyCloak instance
  • Log in successfully
  • Get redirected to my application

What the problem is:

The redirect url to my application contains some get parameters as code and so on. The problem is, when I refresh the page, I get an error message: the code can only be used once.

My question is, how can I provide a proper url, which the user can refresh?

How to&Answers:

I did some research and discovered that I didn’t really understand the flow of authentication.

So after the user is redirected to my application, I had to store the Refresh Token in a Session Variable. Afterwards, I was able to redirect the user to the new page.

On the new page I had to check, if a Refresh Token has been stored and if it was valid. If so, I can show the user the content, otherwise, I have to redirect the user to the login page.