Stack Overflow
Stack Overflow

Questions tagged [fosoauthserverbundle]

124 questions
36
votes
1 answer

How to implement FosOAuthServerBundle to secure a REST API?

I would like to provide a RESTful API secured with OAuth2 using FOSOAuthServerBundle and I'm not really sure about what I have to do. I followed basic steps from the documentation but some things are missing and I can't find a complete example of…
maphe
  • 1,904
  • 3
  • 20
  • 26
5
votes
4 answers

How to deal with ROLES and FOSOAuthServerBundle scopes

I have a basic api that authenticates users using FOSOAuthServerBundle. Users can have ROLE_USER and ROLE_ADMIN roles. Based on FOSOAuthServerBundle docs, the default behavior is to use scopes as roles, so I've thought that when I have a regular…
Hugo Nogueira
  • 1,298
  • 1
  • 12
  • 24
5
votes
1 answer

FOSOAuthServerBundle with FOSUserBundle - How to make it works?

Currently my project works very well. I use FOSUserBundle for the management of my users. Now, I want to implement OAuth, so I'm using FOSOAuthServerBundle. Most of developers recommend this bundle for implement OAuth. I followed the documentation…
manonthemoon
  • 2,611
  • 8
  • 26
  • 40
5
votes
1 answer

How to use varnish with RESTful Api using Oauth2 protocol?

I have a RESTful Api written in Symfony2 using FosOauth2Serverbundle, FosRestBundle and FosUserBundle. I am planing to bring varnish in front of my api as reverse proxy. Since my app using my api always send access_token as parameter or header…
Omer Temel
  • 804
  • 1
  • 7
  • 18
4
votes
0 answers

FOSOAuthServerBundle and custom authentication provider

Edit: Found the error. There is a tiny little peace of code in \vendor\friendsofsymfony\oauth-server-bundle\FOS\OAuthServerBundle\Resources\config\oauth.xml which says:
Chris
  • 799
  • 6
  • 15
4
votes
2 answers

FOSOAuthServerBundle: Embed the access_token in the Authorization header

From what I can see here, it isn't a good idea to hold sensitive data (like an access_token) in querystring parameters. i.e: I am trying to avoid this: http://localhost.dev/web/app_dev.php/api/articles?access_token=NzJhNz..... Therefore, I tried to…
Mick
  • 30,759
  • 16
  • 111
  • 130
3
votes
1 answer

Does ".default" have any special significance in Symfony service IDs?

I'm looking at some service definitions in FriendsOfSymfony/FOSOAuthServerBundle and it stood out to me that there's a definition for fos_oauth_server.storage.default, but another service in the same file lists fos_oauth_server.storage, without the…
user2752467
  • 864
  • 5
  • 16
3
votes
1 answer

Shouldn't the old access token be invalidated by a refresh call?

When I refresh an OAuth access token A, I get an new access token B. But A is still valid, I can still use it. Shouldn't the old access token be invalidated by the refresh operation? If not, if it's "by design", could someone give me details about…
marcv
  • 1,874
  • 4
  • 24
  • 45
3
votes
1 answer

Symfony FOSOAuthServerBundle: access token not detected

I'm using FOSOAuthServerBundle as my oauth endpoint. I succesfully generated a token using the Resource Owner Password Credentials grant method: { "access_token": "MY-FOO-TOKEN", "expires_in": ​3600, "token_type": "bearer", "scope":…
Nicorr
  • 724
  • 6
  • 22
3
votes
1 answer

Skip authorization page with oAuth 2 and FOSOAuthServerBundle

I've successfully installed and tested the OAuth 2 workflow with Symfony 2 and FOSOAuthServerBundle. I can request a code, and get a pair of access/refresh token successfully from a "login with" button on a third party test page i've set up and…
Romain Bruckert
  • 2,546
  • 31
  • 50
3
votes
1 answer

Symfony2 two authentication methods for one API

Is there a possibility to make two factor authentication in Symfony 2 for REST API? I would like to achieve sth like this: User in end point (mobile app) prepares dynamically login and password (based on some algorithm) User in end point requests…
Tom
  • 1,203
  • 3
  • 15
  • 35
3
votes
0 answers

FOSOAuthServerBundle with multiple user providers

I have several Entities implementing UserInterface on a project (applications and their users) but seems FOSOAuthServerBundle can be instantiated with only user_provider, but I need to have opportunity to extract from token different Entities of a…
htochko
  • 441
  • 1
  • 4
  • 6
3
votes
2 answers

Get refresh token with FOSOAuthServerBundle

When asking for the access token using a url like this (client credentials as grant type): http://api.local/app_dev.php/oauth/v2/token?client_id=&client_secret=&grant_type=client_credentials I get the following json…
rfc1484
  • 9,441
  • 16
  • 72
  • 123
3
votes
1 answer

Integrate FOSOAuthServerBundle with FOSUserBundle

I try to add FOSOAuthServerBundle in my Symfony project to protect my API, with FOSUserBundle. This link is helpful but I don't sure about the workflow to replace his user provider with FOSUser, in addition I don't have the same result like him. Do…
Maxime Picard
  • 603
  • 5
  • 17
3
votes
2 answers

FOSRestBundle, FOSOAuthServerBundle, FOSUserBundler - how to integrate them?

On my symfony2 project, I'm using FOSUSerBundle for login, register, etc on a Website. Works fine, as I expected. But now I'd like to build a REST API, so that a android app can act as client to and work with the data. I found FOSRestBundle to…
user3460622
  • 165
  • 1
  • 11
1
2 3
8 9