I'm defining a new Controller to act as a proxy between a JS app and the OAuth server. The code is below:
namespace Acme\SecurityBundle\Controller;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\HttpFoundation\Request;
class ProxyController extends Controller
{
public function forwardTokenRequestAction(Request $request)
{
if( ! $request->isXmlHttpRequest() )
{
throw WhateverException();
}
$request->request->add( array(
'client_id'=>'...',
'client_secret'=>'...'
));
return $this->forward('FOSOAuthServerBundle:Token:token');
}
}
But I get the following error since the TokenController I'm forwarding to has a contructor expecting an OAuth server as a parameter:
Catchable Fatal Error: Argument 1 passed to FOS\\OAuthServerBundle\\Controller\\TokenController::__construct() must be an instance of OAuth2\\OAuth2, none given
I do not know:
I'd go with something like $this->get('fos_oauth_server.controller.token')->tokenAction($request)
(not tried but should work)
See https://github.com/FriendsOfSymfony/FOSOAuthServerBundle/blob/master/Resources/config/oauth.xml for services definition and the in the DependencyInjection folder too for aliases. Xdebug is your friend.
If in this proxy you are pre-setting the client_secret/client_id you are bypassing the authentication, so probably you can skip the auth at all.
You could use the token auth (which redirect the user to the login page) and gives you back an access token for further requests.
This helped me a lot while deciding which type of auth mechanism to use https://aaronparecki.com/articles/2012/07/29/1/oauth2-simplified