# Connecting with PHP

This guide explains how to establish a connection between a PHP application and a Keycloak identity provider using the <span class="s2">jumbojett/openid-connect-php</span> library. It walks through the necessary setup, configuration, and execution of a protected login route using OpenID Connect (OIDC).

## **Variables**

Certain parameters must be provided to integrate a PHP application with Keycloak. Below is a breakdown of each required variable, its purpose, and where to find it. Here’s what each variable represents:

<table border="1" id="bkmrk-variable-description" style="border-collapse: collapse; border-color: rgb(0, 0, 0); width: 100%; height: 275.766px;"><thead><tr style="height: 29.7969px;"><th style="border-color: rgb(0, 0, 0); width: 16.209%; height: 29.7969px;">**Variable**

</th><th style="border-color: rgb(0, 0, 0); width: 45.2995%; height: 29.7969px;">**Description**

</th><th style="border-color: rgb(0, 0, 0); width: 38.3724%; height: 29.7969px;">**Purpose**

</th></tr></thead><tbody><tr style="height: 29.7969px;"><td style="border-color: rgb(0, 0, 0); width: 16.209%; height: 29.7969px;">`CLIENT_ID`

</td><td style="border-color: rgb(0, 0, 0); width: 45.2995%; height: 29.7969px;">Client ID from the Keycloak Admin Console

</td><td style="border-color: rgb(0, 0, 0); width: 38.3724%; height: 29.7969px;">Identifies the PHP app in the Keycloak realm

</td></tr><tr style="height: 29.7969px;"><td style="border-color: rgb(0, 0, 0); width: 16.209%; height: 29.7969px;">`CLIENT_SECRET`

</td><td style="border-color: rgb(0, 0, 0); width: 45.2995%; height: 29.7969px;">Secret from the Client &gt; Credentials tab

</td><td style="border-color: rgb(0, 0, 0); width: 38.3724%; height: 29.7969px;">Authenticates the PHP app with Keycloak

</td></tr><tr style="height: 46.5938px;"><td style="border-color: rgb(0, 0, 0); width: 16.209%; height: 46.5938px;">`ISSUER`

</td><td style="border-color: rgb(0, 0, 0); width: 45.2995%; height: 46.5938px;"><span class="s1">The Keycloak realm URL (e.g., </span>https://your-domain/realms/your-realm<span class="s1">)</span>

</td><td style="border-color: rgb(0, 0, 0); width: 38.3724%; height: 46.5938px;">Acts as the OIDC issuer and discovery endpoint

</td></tr><tr style="height: 46.5938px;"><td style="border-color: rgb(0, 0, 0); width: 16.209%; height: 46.5938px;">`REDIRECT_URI`

</td><td style="border-color: rgb(0, 0, 0); width: 45.2995%; height: 46.5938px;">The URI that Keycloak will redirect to after login

</td><td style="border-color: rgb(0, 0, 0); width: 38.3724%; height: 46.5938px;">Where the user will be sent after successful authentication

</td></tr><tr style="height: 46.5938px;"><td style="border-color: rgb(0, 0, 0); width: 16.209%; height: 46.5938px;">`TOKEN_ENDPOINT`

</td><td style="border-color: rgb(0, 0, 0); width: 45.2995%; height: 46.5938px;">Token URL under the selected realm

</td><td style="border-color: rgb(0, 0, 0); width: 38.3724%; height: 46.5938px;">Used to retrieve access/ID tokens

</td></tr><tr style="height: 46.5938px;"><td style="border-color: rgb(0, 0, 0); width: 16.209%; height: 46.5938px;">`USERINFO_ENDPOINT`

</td><td style="border-color: rgb(0, 0, 0); width: 45.2995%; height: 46.5938px;">URL to fetch user profile information

</td><td style="border-color: rgb(0, 0, 0); width: 38.3724%; height: 46.5938px;">Used to retrieve authenticated user details

</td></tr></tbody></table>

These values can be copied from the Keycloak Admin Console under <span class="s1">**Clients &gt; \[Your Client\] &gt; Endpoints**</span>.

## **Prerequisites**

#### **Install PHP and Composer**

Ensure PHP is installed:

```
php -v
```

Install Composer (PHP dependency manager) if not already installed:

```
composer --version
```

If not installed, visit [https://getcomposer.org](https://getcomposer.org) and follow the install instructions

#### **Install Required Package**

Install the <span class="s2">jumbojett/openid-connect-php</span> package using Composer:

```
composer require jumbojett/openid-connect-php
```

## **Code**

Once all prerequisites are set up, create a file named <span class="s2">keycloak.php</span> and add the following code:

```php
<?php
require_once __DIR__ . '/vendor/autoload.php';

use Jumbojett\OpenIDConnectClient;

$oidc = new OpenIDConnectClient(
    'https://your-keycloak-domain/realms/your-realm',
    'CLIENT_ID',
    'CLIENT_SECRET'
);

// Optional config
$oidc->setRedirectURL('http://localhost:8000/keycloak.php');
$oidc->setProviderConfigParams([
    'token_endpoint' => 'https://your-keycloak-domain/realms/your-realm/protocol/openid-connect/token',
    'userinfo_endpoint' => 'https://your-keycloak-domain/realms/your-realm/protocol/openid-connect/userinfo'
]);

// Start login flow
$oidc->authenticate();

// Show user info
$userInfo = $oidc->requestUserInfo();

echo "<h1>Welcome, " . htmlspecialchars($userInfo->preferred_username) . "</h1>";
echo "";
print_r($userInfo);
echo "";
?>
```

Replace:

- https://your-keycloak-domain/realms/your-realm<span class="s1"> with your actual realm URL</span>
- <span class="s1">CLIENT\_ID</span> and <span class="s1">CLIENT\_SECRET</span> with credentials from the Keycloak client settings
- <span class="s1">http://localhost:8000/keycloak.php</span> with your desired callback/redirect URI

Ensure the <span class="s2">**Valid Redirect URIs**</span> field in Keycloak matches the above redirect URI.

## **Execution**

Start a PHP development server in the directory containing <span class="s3">keycloak.php</span>:

```
php -S localhost:8000
```

Open your browser and navigate to:

```
http://localhost:8000/keycloak.php
```

If the connection is successful:

1. You’ll be redirected to the Keycloak login page.
2. After authentication, you’ll be redirected back to the PHP script.
3. The user profile will be displayed using data returned from Keycloak.