Can I use this bundle directly in a Laravel project?

No, this is a Symfony bundle and won’t work natively in Laravel. You’d need to either port its core logic (e.g., `BearerTokenAuthenticator`) into a Laravel Middleware or Service Provider, or use it in a Symfony microservice that your Laravel app proxies to via HTTP calls.

What Laravel alternatives exist for Keycloak Bearer-Only authentication?

For Laravel, consider `spatie/laravel-keycloak` for broader Keycloak integration or `php-keycloak/connect` for a more active, Laravel-friendly solution. Alternatively, use `league/oauth2-server` for generic OAuth2 validation with Keycloak’s introspection endpoint.

How do I configure this bundle for Keycloak’s newer Quarkus distribution (without `/auth`)?

For Keycloak 17+ (Quarkus), omit `/auth` from the `OAUTH_KEYCLOAK_ISSUER` in your `.env` or YAML config. Legacy WildFly versions still require `/auth` (e.g., `keycloak:8080/auth`). The bundle explicitly handles this difference.

Will this bundle work with Laravel Sanctum or Passport for hybrid auth?

Not directly. You’d need to integrate its token validation logic into your existing Laravel auth flow. For example, create a custom middleware that uses the bundle’s `BearerTokenAuthenticator` logic to validate tokens before Sanctum/Passport processes them.

How do I disable SSL verification for local Keycloak development?

Set `ssl_verification: false` in your `abel_keycloak_bearer_only_adapter.yaml` config. This is disabled by default, but you can override it for local Docker or self-signed cert environments. Ensure you re-enable it for production.

Does this bundle support token introspection or refresh flows?

This bundle focuses on bearer-only token validation (issuer/realm/client checks) but doesn’t handle introspection or refresh flows. For those, you’d need to extend it or use Keycloak’s introspection endpoint directly via Laravel’s HTTP client.

How do I integrate this with Laravel’s environment variables (`.env`)?

The bundle expects Symfony’s `%env()` syntax, but you can map Laravel’s `.env` variables by creating a wrapper class or using Symfony’s `ParameterBag` in a Laravel Service Provider. Example: `OAUTH_KEYCLOAK_ISSUER` in `.env` maps to `%env(OAUTH_KEYCLOAK_ISSUER)%` in YAML.

What Laravel versions does this bundle support indirectly?

Since this is a Symfony bundle, Laravel version compatibility depends on your adaptation layer. If you port the logic to a Laravel Middleware, it’ll work with Laravel 8+ (PHP 7.4+). For Symfony microservice integration, Laravel 7+ is viable.

How do I test token validation in a Laravel unit test?

Mock the bundle’s `BearerTokenAuthenticator` or its underlying HTTP client calls. For a middleware port, use Laravel’s `actingAs()` with a valid Keycloak token in the `Authorization` header. Test edge cases like expired tokens or malformed headers.

Is this bundle actively maintained? Should I use it for production?

The last release was in February 2023, and it has minimal adoption. For production, evaluate alternatives like `php-keycloak/connect` or assess the risk of maintaining a custom Laravel adaptation. Monitor GitHub issues for critical updates.

Weave Code

Code Weaver

Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.

Keycloak Bearer Only Adapter Bundle Laravel Package

abel/keycloak-bearer-only-adapter-bundle

Symfony bundle to secure APIs with Keycloak Bearer-Only clients. Provides adapter and configuration (issuer, realm, client id/secret) via Symfony Flex recipe or manual YAML/.env setup. Supports Keycloak distribution differences (e.g., /auth removal).

View on GitHub

Deep Wiki

Context7

Keycloak security adapter for bearer only clients

Frequently asked questions about Keycloak Bearer Only Adapter Bundle

Can I use this bundle directly in a Laravel project?: No, this is a Symfony bundle and won’t work natively in Laravel. You’d need to either port its core logic (e.g., `BearerTokenAuthenticator`) into a Laravel Middleware or Service Provider, or use it in a Symfony microservice that your Laravel app proxies to via HTTP calls.
What Laravel alternatives exist for Keycloak Bearer-Only authentication?: For Laravel, consider `spatie/laravel-keycloak` for broader Keycloak integration or `php-keycloak/connect` for a more active, Laravel-friendly solution. Alternatively, use `league/oauth2-server` for generic OAuth2 validation with Keycloak’s introspection endpoint.
How do I configure this bundle for Keycloak’s newer Quarkus distribution (without `/auth`)?: For Keycloak 17+ (Quarkus), omit `/auth` from the `OAUTH_KEYCLOAK_ISSUER` in your `.env` or YAML config. Legacy WildFly versions still require `/auth` (e.g., `keycloak:8080/auth`). The bundle explicitly handles this difference.
Will this bundle work with Laravel Sanctum or Passport for hybrid auth?: Not directly. You’d need to integrate its token validation logic into your existing Laravel auth flow. For example, create a custom middleware that uses the bundle’s `BearerTokenAuthenticator` logic to validate tokens before Sanctum/Passport processes them.
How do I disable SSL verification for local Keycloak development?: Set `ssl_verification: false` in your `abel_keycloak_bearer_only_adapter.yaml` config. This is disabled by default, but you can override it for local Docker or self-signed cert environments. Ensure you re-enable it for production.
Does this bundle support token introspection or refresh flows?: This bundle focuses on bearer-only token validation (issuer/realm/client checks) but doesn’t handle introspection or refresh flows. For those, you’d need to extend it or use Keycloak’s introspection endpoint directly via Laravel’s HTTP client.
How do I integrate this with Laravel’s environment variables (`.env`)?: The bundle expects Symfony’s `%env()` syntax, but you can map Laravel’s `.env` variables by creating a wrapper class or using Symfony’s `ParameterBag` in a Laravel Service Provider. Example: `OAUTH_KEYCLOAK_ISSUER` in `.env` maps to `%env(OAUTH_KEYCLOAK_ISSUER)%` in YAML.
What Laravel versions does this bundle support indirectly?: Since this is a Symfony bundle, Laravel version compatibility depends on your adaptation layer. If you port the logic to a Laravel Middleware, it’ll work with Laravel 8+ (PHP 7.4+). For Symfony microservice integration, Laravel 7+ is viable.
How do I test token validation in a Laravel unit test?: Mock the bundle’s `BearerTokenAuthenticator` or its underlying HTTP client calls. For a middleware port, use Laravel’s `actingAs()` with a valid Keycloak token in the `Authorization` header. Test edge cases like expired tokens or malformed headers.
Is this bundle actively maintained? Should I use it for production?: The last release was in February 2023, and it has minimal adoption. For production, evaluate alternatives like `php-keycloak/connect` or assess the risk of maintaining a custom Laravel adaptation. Monitor GitHub issues for critical updates.

Popularity trends

Recorded values over time (once-a-day snapshots). May 8, 2026 – Jun 6, 2026

GitHub · stars

GitHub · forks

GitHub · watchers

Packagist · monthly downloads

View on GitHub

Stars

Favorites

Forks

Score

3.5

Score breakdown

Sum of components, capped 0–100. Halved if archived.

Stars

input: 4

+0.0
Forks

input: 3

+0.1
Open issues + PRs

input: 2

+0.2
Releases

input: 10

+3.0
Recency

input: 1201

+0.0
Issue opportunity

input: 2

+0.2
Laravel News mentions

input: 0

+0.0
Dependents

input: 0

+0.0

Total 3.5

Opportunity

4.7

Opportunity score breakdown

Hidden gem signal × 0.65 + contribution need × 0.35, scaled by health factor.

Hidden gem

log(monthly_downloads / (stars + 1)) × 25

8.6
Contribution need

open_issues + open_prs: 2

0.0
Health factor

archived + recency + open issues

×0.85

Total 4.7

License

MIT

Last release

Feb 20, 2023

Watchers

Downloads

6/mo

Dependents

Open issues

Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.

Add packages to context

No packages found.

hamzi/corewatch

minionfactory/raw-hydrator

hexters/coinpayment

rjcodes/rjcms

act-training/laravel-permissions-manager

alimarchal/laravel-chart-of-accounts

babenkoivan/elastic-scout-driver

mkwebdesign/filament-watchdog-v5

renatomarinho/laravel-page-speed

zedmagdy/filament-business-hours

renatovdemoura/blade-elements-ui

devgeek/beacon-admin

benjamin-rqt/data-watcher-bundle

atriumphp/atrium

sandermuller/package-boost-laravel

sandermuller/boost-skills

redaxo/core

yusufgenc/filament-api-forge

l3aro/rating-star-for-filament

leek/filament-subtenant-scope