Feature token introspection

README.md

@@ -72,6 +72,11 @@ if (!isset($_GET['code'])) {
         // Use these details to create a new profile
         printf('Hello %s!', $user->getName());
 
+        // Or get more information with token Introspection
+        $user = $provider->getResourceOwnerFromIntrospectedToken($token);
+        // Use these details for user roles
+        echo '<pre>'. var_export($user->toArray()["realm_access"]).'</pre>';
+
     } catch (Exception $e) {
         exit('Failed to get resource owner: '.$e->getMessage());
     }

examples/index.php

@@ -43,6 +43,11 @@
         $user = $provider->getResourceOwner($token);
         // Use these details to create a new profile
         printf('Hello %s!\n<br>', $user->getName());
+
+        // Or get more information with token Introspection
+        $user = $provider->getResourceOwnerFromIntrospectedToken($token);
+        // Use these details for user roles
+        echo '<pre>'. var_export($user->toArray()["realm_access"]).'</pre>';
 
     } catch (Exception $e) {
         exit('Failed to get resource owner: '.$e->getMessage());

src/Provider/Keycloak.php

@@ -4,6 +4,8 @@
 
 use Exception;
 use Firebase\JWT\JWT;
+use GuzzleHttp\Client;
+use GuzzleHttp\RequestOptions;
 use League\OAuth2\Client\Provider\AbstractProvider;
 use League\OAuth2\Client\Provider\Exception\IdentityProviderException;
 use League\OAuth2\Client\Token\AccessToken;
@@ -130,6 +132,18 @@ public function getResourceOwnerDetailsUrl(AccessToken $token)
         return $this->getBaseUrlWithRealm().'/protocol/openid-connect/userinfo';
     }
 
+    /**
+     * Get provider url to fetch introspect token
+     *
+     * @param  AccessToken $token
+     *
+     * @return string
+     */
+    public function getIntrospectTokenUrl(AccessToken $token)
+    {
+        return $this->getBaseUrlWithRealm() . '/protocol/openid-connect/token/introspect';
+    }
+
     /**
      * Builds the logout URL.
      *
@@ -154,6 +168,23 @@ private function getBaseLogoutUrl()
         return $this->getBaseUrlWithRealm() . '/protocol/openid-connect/logout';
     }
 
+    private function fetchIntrospectToken(AccessToken $token) {
+        $data = array(
+            'form_params' => array(
+                "token" => $token->getToken(),
+                "client_id" => $this->clientId,
+                "client_secret" => $this->clientSecret ),
+            RequestOptions::SYNCHRONOUS => true
+        );
+
+        $url = $this->getIntrospectTokenUrl($token);
+
+        $client = new Client();
+        $response = $client->requestAsync(self::METHOD_POST, $url, $data)->wait();
+        $parsed = $this->parseResponse($response);
+        return $parsed;
+    }
+
     /**
      * Creates base url from provider configuration.
      *
@@ -220,6 +251,21 @@ public function getResourceOwner(AccessToken $token)
         return $this->createResourceOwner($response, $token);
     }
 
+    /**
+     * Requests and returns the resource owner of given access token introspection.
+     *
+     * @param  AccessToken $token
+     * @return KeycloakResourceOwner
+     */
+    public function getResourceOwnerFromIntrospectedToken(AccessToken $token)
+    {
+        $parsed = $this->fetchIntrospectToken($token);
+
+        $response = $this->decryptResponse($parsed);
+
+        return $this->createResourceOwner($response, $token);
+    }
+
     /**
      * Updates expected encryption algorithm of Keycloak instance.
      *