5

Currently my project works very well. I use FOSUserBundle for the management of my users. Now, I want to implement OAuth, so I'm using FOSOAuthServerBundle. Most of developers recommend this bundle for implement OAuth.

I followed the documentation of FOSOAuthServerBundle. Normally, I have to add more information in my security.yml but I don't know exactly what I have to do ...

Here is my security.yml :

security:
    encoders:
       Symfony\Component\Security\Core\User\User: plaintext
       Moodress\Bundle\UserBundle\Entity\User: sha512

    role_hierarchy:
       ROLE_ADMIN:       ROLE_USER
       ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

    providers:
       main:
           id: fos_user.user_provider.username

    firewalls:
        dev:
            pattern:  ^/(_(profiler|wdt)|css|images|js)/
            security: false
        oauth_token:
            pattern:    ^/oauth/v2/token
            security:   false

        oauth_authorize:
            pattern:    ^/oauth/v2/auth

        main:
            pattern: ^/
            fos_oauth:  true
            stateless:  true
            anonymous: true

I guess that there are some information to add in firewalls maybe ??

I really don't know how to make works FOSOAuthServerBundle with FOSUserBundle. Before, with just FOSUserBundle, I used the login form and the login check of FOSUserBundle. Now that I put all the basic configuration of FOSOAuthServerBundle, what I have to do next ? Which form should I use? Which login check? The token is created automatically by FOSOAuthServerBundle ? In the documentation, they show how to create a client... Am I supposed to add this code in my project ? If yes... where ? :/

I found this article on the web : http://blog.logicexception.com/2012/04/securing-syfmony2-rest-service-wiith.html

I tried to implement this, but I can't believe that we need to add all this files to make it work...

If someone knows how to make works FOSOAuthServerBundle with FOSUserBundle, it would be very helpful.

manonthemoon
  • 2,611
  • 8
  • 26
  • 40
  • 1
    could you make it work ? can you please post working configuration, it might help me and others ? Thanks – vishal Nov 10 '14 at 09:40
  • @manonthemoon can you plase provide you configuration so others can use it? It would be very helpfully for me as well. – breq Nov 25 '16 at 08:16

1 Answers1

7

I've just installed this bundle and started playing with it.

I think you need to learn first more about how OAuth authentication works.

This way you will understand that the FOSUserBundle mechanisms are not exactly the same as OAuth.

Your link is the best piece of information to setup correctly the bundle.

I'm using MongoDB to store all the 4 required documents : Client, AuthCode, RefreshToken and AccessToken

The step called "Create a new client" is basically the "register" process of FOSUserBundle for OAuth.

OAuth will use the client to give permission to access.

The main idea of OAuth is to secure an API, therefore I suggest you switch your config to anonymous: false

Then you'll see the message :

{"error":"access_denied","error_description":"OAuth2 authentication required"}

when you call your API

The idea of OAuth is to get an Access Token to call your API. Read this : http://blog.tankist.de/blog/2013/07/16/oauth2-explained-part-1-principles-and-terminology/

This is when the OAuth authentication process needs to be followed.

There are 5 basic methods to use :

const GRANT_TYPE_AUTH_CODE = 'authorization_code';
const GRANT_TYPE_IMPLICIT = 'token';
const GRANT_TYPE_USER_CREDENTIALS = 'password';
const GRANT_TYPE_CLIENT_CREDENTIALS = 'client_credentials';
const GRANT_TYPE_REFRESH_TOKEN = 'refresh_token';

To learn about each, go find more documentation about OAuth RFC.

Each of them correspond to a specific call to : /oauth/v2/token?client_id=[CLIENT_ID]&response_type=code&redirect_uri=URL&grant_type=token

Cf: https://github.com/FriendsOfSymfony/oauth2-php/blob/master/lib/OAuth2/OAuth2.php#L182

Also read this link : blog.tankist.de/blog/2013/08/20/oauth2-explained-part-4-implementing-custom-grant-type-symfony2-fosoauthserverbundle/

The part "Time to test" explains how to use OAuth.

I'm still working on it.

Hope it helps.

Also this link indicates how to use FOSUserBundle User & UserManager probably to use the password grant_type : If you're authenticating users, don't forget to set the user provider.

Here's an example using the FOSUserBundle user provider: https://github.com/FriendsOfSymfony/FOSOAuthServerBundle/blob/master/Resources/doc/index.md

# app/config/config.yml
fos_oauth_server:
    ...

    service:
        user_provider: fos_user.user_manager
Wes H
  • 587
  • 3
  • 7
  • 16
Thommas
  • 124
  • 1
  • 8
  • See also : https://developers.google.com/accounts/docs/OAuth2WebServer for OAuth flow, there's a nice draw to explain Also another perfect link to explain the 4 different methods : http://aaronparecki.com/articles/2012/07/29/1/oauth2-simplified – Thommas Feb 05 '14 at 13:03
  • "The step called "Create a new client" is basically the "register" process of FOSUserBundle for OAuth." It's not supposed to be "last step after login_check ??? If the login is registered... I allow him access, so I create a new client, and it creates a new access token... No ? – manonthemoon Feb 10 '14 at 19:31
  • So far everything is working perfectly now on my project. Well technically you can create the client object anytime, it's not linked to the user as long as you don't use the client to generate a token, once the token is created with client credential, the client will be generating FOSUser token linked to the user. – Thommas Feb 13 '14 at 22:26
  • I've seen on your profile that you are from Paris. I'm french and from Paris too. Do you think that we can discuss about FOSOAuthServerBundle by mail or by Skype please ? Because I still have difficulties to integrate this bundle. Thanks – manonthemoon Feb 16 '14 at 00:22