true, CURLOPT_HTTPHEADER => ['Authorization: Bearer ' . $accTok], CURLOPT_TIMEOUT => 6, ]); $resp = curl_exec($ch); $code = curl_getinfo($ch, CURLINFO_HTTP_CODE); curl_close($ch); if ($resp !== false && $code === 200) { $tmp = json_decode((string)$resp, true); if (is_array($tmp)) $claims = $tmp; } } // Extraire rôles groupés (Keycloak) $roles = []; if (isset($claims['realm_access']['roles']) && is_array($claims['realm_access']['roles'])) { $roles = array_merge($roles, $claims['realm_access']['roles']); } if (isset($claims['resource_access']) && is_array($claims['resource_access'])) { foreach ($claims['resource_access'] as $clientId => $data) { if (!empty($data['roles']) && is_array($data['roles'])) { foreach ($data['roles'] as $r) { $roles[] = $clientId . ':' . $r; } } } } $roles = array_values(array_unique($roles)); ?> OIDC • Profil

Profil A5L

Aucune session A5L. Connecte-toi via A5L d'abord.

Session / Jetons

Issuer
Subject (sub)
ID Token
Access Token
Expire à
Temps restant

Voir jetons non masqués (danger)

ID Token

Access Token

Claims

Email

Preferred username

Given name

Family name

Name

Locale

Rôles

—

Claims (JSON complet)

Aucun claim reçu. Vérifie que ton callback remplit bien $_SESSION['oidc_userinfo'] ou que l’ID Token contient les champs.

Retour