Search code examples

FOSUserBundle and HWIOAuthBundle registration

I am trying to combine FOSUserBundle and HWIOAuthBundle following articles like However, I do not want the automatic registration of OAuth2 authenticated new users: additional information should be provided by the user.

Desired result

I would for example want the following information for a registered user:

  • (Username, although I'd rather just use e-mail)
  • Display name (required)
  • Profile picture (required)
  • Email address (required if no Facebook-id)
  • Password (required if no Facebook-id)
  • Facebook-id (required if no email address)

Now, when a user authenticates through Facebook and the user does not exist yet, I want a registration form to fill out the missing information (display name and profile picture). Only after this, the new FOSUser should be created. In most tutorials, fields like Profile picture and Email address are automatically populated with the Facebook information. This is not always desirable nor possible.

Also, think of things like accepting Terms of Agreement and rules you wish to show before the user is created.

Possible approaches

A solution would be, I think, to create a new sort-of AnonymousToken, the OAuthenticatedToken, which holds the relevant OAuth2 information but does not count an authenticaton. Then, make all pages check for this kind of authentication and let other pages redirect to OAuth-registration-page. However, this seems an unnecessarily complicated solution to me.

Another solution would probably be to write the code from scratch and not use the two bundles mentioned. I really hope this is not necessary.

Q: How can I insert the registration-completion-code in the rest of the login flow?

(I'd love to share some code, but since it's the very concept I need help at, I don't have a lot to show.)

Edit: Solution

Following Derick's adivce, I got the basics working like this:

The Custom user provider saves the information (sadly, no access to the raw token so I cannot yet log the user in after registering):

class UserProvider extends FOSUBUserProvider {

    protected $session;

    public function __construct(Session $session, UserManagerInterface $userManager, array $properties) {
        $this->session = $session;
        parent::__construct( $userManager, $properties );

    public function loadUserByOAuthUserResponse(UserResponseInterface $response)
        try {
            return parent::loadUserByOAuthUserResponse($response);
        catch ( AccountNotLinkedException $e ) {
            $this->session->set( 'oauth.resource', $response->getResourceOwner()->getName() );
            $this->session->set( '', $response->getResponse()['id'] );
            throw $e;


Custom failure handler:

// OAuthFailureHandler.php
class OAuthFailureHandler implements AuthenticationFailureHandlerInterface {

    public function onAuthenticationFailure( Request $request, AuthenticationException $exception) {

        if ( !$exception instanceof AccountNotLinkedException ) {
            throw $exception;

        return new RedirectResponse( 'fb-register' );



Both are registered as a service:

# services.yml
        class: AppBundle\Security\Core\User\UserProvider
        arguments: [ "@session", "@fos_user.user_manager", {facebook: facebookID} ]
        class: AppBundle\Security\Handler\OAuthFailureHandler
        arguments: ["@security.http_utils", {}, "@service_container"]

And configured in security config:

# security.yml
            id: fos_user.user_provider.username_email
                provider:            fos_userbundle
                csrf_provider:       form.csrf_provider
                login_path:          /login
                check_path:          /login_check
                default_target_path: /profile
                login_path:          /login
                check_path:          /login_check
                    facebook:        hwi_facebook_login
                    service:         app.userprovider
                failure_handler:     app.oauthfailurehandler
            anonymous:    true
                path:           /logout
                target:         /login

At /fb-register, I let the user enter a username and save the user myself:

 * @Route("/fb-register", name="hwi_oauth_register")
public function registerOAuthAction(Request $request) {

    $session = $request->getSession();

    $resource = $session->get('oauth.resource');
    if ( $resource !== 'facebook' ) {
        return $this->redirectToRoute('home');

    $userManager = $this->get('fos_user.user_manager');
    $newUser = $userManager->createUser();

    $form = $this->createForm(new RegisterOAuthFormType(), $newUser);

    if ( $form->isValid() ) {

        $newUser->setFacebookId( $session->get('') );

        $userManager->updateUser( $newUser );

        try {
        } catch (AccountStatusException $e) {
            // Don't authenticate locked, disabled or expired users

            ->add('success', 'You\'re succesfully registered!' );

        return $this->redirectToRoute('home');

    return $this->render( 'default/register-oauth.html.twig', array(
        'form' => $form->createView()
    ) );


The user is not logged in afterwards, which is too bad. Also, the normal fosub functionality (editing profile, changing password) does not work out of the box anymore.

I'm simply using the username as the displayname, not sure why I didn't see that before.


  • Step 1: Create your own user provider. Extend the OAuthUserProvider and customize to your needs. If the user successfully oauthed in, throw a specific exception (probably the accountnotlinkedException) and toss all relevant data about the login somewhere

    Step 2: Create your own authentication failure handler. Check to make sure the error being thrown is the specific one you threw in step 1. In here you will redirect to your fill in additional info page.

    This is how to register you custom handlers:

                success_handler: authentication_handler
                failure_handler: social_auth_failure_handler
    #user bundle services.yml (or some other project services.yml)
            class: ProjectName\UserBundle\Handler\AuthenticationHandler
            arguments:  ["@security.http_utils", {}, "@service_container"]
                - { name: 'monolog.logger', channel: 'security' }
            class: ProjectName\UserBundle\Handler\SocialAuthFailureHandler
            arguments:  ["@security.http_utils", {}, "@service_container"]
                - { name: 'monolog.logger', channel: 'security' }

    Step 3: Create your fill in additional info page. Pull all relevant data that you stored back in step 1 and create the user if everything checks out.