Search code examples
symfonyauthenticationoauth-2.0fosuserbundlefosoauthserverbundle

Symfony2 oauth2 server

I want to create a oauth2 server for my websites (3 websites, 1 login). I created the server, I used FOSUserBundle and FOSOAuthServerBundle, I followed the instructions.

But I have 1 problem. I can create token through /oauth/v2/token this is fine. I can go to /oauth/v2/oauth, but when I'm redirected to the website, I have examle.com?error=invalid_request&error_description=Invalid+response+type.

And if I login at /login, I will be logged in, but no token is created. This would be fine if I only had 1 website, but I would like to make something more like Google (if you are on maps, youtube... if you want to log in, you are redirected to accounts.google.com, login, then back to the website), but I can't see how to do that right now. I guess I need to do more work, but where exactly ?

My security.yml right now:

security:
encoders:
    FOS\UserBundle\Model\UserInterface: sha512

role_hierarchy:
    ROLE_ADMIN:       ROLE_USER
    ROLE_SUPER_ADMIN: ROLE_ADMIN

providers:
    fos_userbundle:
        id: fos_user.user_provider.username

firewalls:
    main:
        pattern: ^/
        form_login:
            provider: fos_userbundle
            csrf_provider: form.csrf_provider
        logout:       true
        anonymous:    true

    oauth_token:
        pattern:    ^/oauth/v2/token
        security:   false

    oauth_authorize:
        pattern:    ^/oauth/v2/auth
        anonymous: true

    api:
        pattern:    ^/api
        fos_oauth:  true
        stateless:  true
        anonymous:  false # can be omitted as its default value

access_control:
    - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/admin/, role: ROLE_ADMIN }
    - { path: ^/api, roles: [ IS_AUTHENTICATED_FULLY ] }

Should I create a new login page, or user provider? Thanks :)

Solution

  • You didn't specify a response type. You should use this request :

    PROVIDER_HOST/oauth/v2/auth?client_id=CLIENT_ID&response_type=code&redirect_uri=CLIENT_HOST

    Then get access with code :

    CLIENT_HOST/?code=Yjk2MWU5YjVhODBiN2I0ZDRkYmQ1OGM0NGY4MmUyOGM2NDQ2MmY2ZDg2YjUxYjRiMzAwZTY2MDQxZmUzODg2YQ

    Then ask for the token :

    PROVIDER_HOST/oauth/v2/token?client_id=CLIENT_ID&client_secret=CLIENT_SECRET&grant_type=authorization_code&redirect_uri=http%3A%2F%2Fclinet.local%2F&code=CODE

    More info here : http://blog.tankist.de/blog/2013/07/18/oauth2-explained-part-3-using-oauth2-with-your-bare-hands/