newridetech/laroak

The Laroak (Laravel + Keycloak) Framework.

Silicon Framework

In the era of growing number of regulations, privacy awareness and security restrictions we felt like it was a good time to introduce the new and responsible approach to handle sensible data while developing custom tailored solutions. Our goal is to handle good security and privacy management practices and to do it in a way the will make app development and maintenance simpler instead of making it harder or more complicated., _(*1)

Silicon can be viewed as a glue layer between Laravel and Keycloak. Those technologies combined provide every required aspect to handle application security, identity management and ease of development. It is simple to develop new features and maintain the app and most probably Silicon will boost your performance but it's not aimed at everyone, especially not at coding beginners., _(*2)

Silicon does not reinvent concepts, it just stands on shoulders of giants. What it provides is the separation of concerns and modular Laravel code divided into bundles with security and identity management concepts included by design. It would probably require some effort (although it's possible) to include Silicon into an existing project but if you are thinking about creating a fresh codebase or new API / webapp version it may be a choice worth considering., _(*3)

Core benefits

• GDPR friendly (and probably other regulations also)
• when used correctly is simplifies user, roles and identities management by offloading everything to Keycloak and providing full integration with Laravel helpers and features
• does not reinvent the wheel, it uses existing technologies and adds minimal required code to make them work together and give bigger benefits (we believe that 2 + 2 = 5 when combining good solutions)

Caveats

• requires senior / upper-mid skills to understand and use Silicon correctly, although with guidance it's possible to introduce junior level programmer to develop features
• cannot be integrated into an existing Laravel project without refactoring (although it can be easily removed and leave modular code behind)

How it works

Silicon provides several built-in services that introduce security oriented code bundles into Laravel. Concept is somewhat similar to the Symfony bundle system. In Symfony world those are considered a legacy feature (for a good reason), but in Silicon they play different role than just separation of concerns thus they are still relevant and innovative., _(*4)

Each bundle (or extensions - as they are called in Silicon world) besides a service provider provide entry point class that extends base Newride\Silicon\bundles\extensions\Extension. In their essence, bundles are automatically registered Laravel packages with built-in additional Silicon features. Extension is the place to register Laravel policies and provide simple entry point to check if user has sufficient permissions to use the entire bundle. Users are not stored in the application database, they are retrieved by using Keycloak's OAuth access token., _(*5)

Good practice is to assign a different role to each bundle to easily build and maintain modular application. For example if your app consist of blog and shop you can have two extensions: shop and blog and view-shop, view-blog roles respectively. Extension entry point should make one or two generic checks to cut off access to the extension completely. More specific permissions, access control lists etc should be moved to Laravel's security policies., _(*6)

Given such basic code organisation, your application would not store any personal data and be divided into modules with several layers of flexible security checks., _(*7)