I looked through several solutions with the centralised login service.
My Situation is as following:
I set up the friends of Symfony oauth server with the correct routing as mentioned in the configs including tables etc.
I also added and oauth login token etc. for backend.domain.tld
as far as I could see, everything is setup the way it is ment to be. (not that much to be configured)
On the Backend I installed hwi_oauth bundle in Version 0.6.x
These are the configuration files:
httplug.yaml:
httplug:
plugins:
redirect:
preserve_header: true
discovery:
client: 'auto'
clients:
default:
factory: 'httplug.factory.curl'
app:
http_methods_client: true
plugins:
- 'httplug.plugin.content_length'
- 'httplug.plugin.redirect'
hwi_special:
factory: 'httplug.factory.guzzle6'
config: # You pass here the Guzzle configuration, exactly like before.
timeout: 10
verify: false
max_redirects: 1
ignore_errors: false
HWI_oauth.yaml
hwi_oauth:
http:
client: httplug.client.hwi_special
firewall_names: [ main ]
resource_owners:
domain_oauth:
type: oauth2
client_id: '%env(OAUTH_CLIENT_ID)%'
client_secret: '%env(OAUTH_CLIENT_TOKEN)%'
access_token_url: '%env(OAUTH_PROVIDER)%'
authorization_url: '%env(OAUTH_AUTHORISATION)%'
options:
csrf: true
infos_url: '%env(OAUTH_USERINFO)%'
scope: "read"
user_response_class: HWI\Bundle\OAuthBundle\OAuth\Response\PathUserResponse
paths:
identifier: id
nickname: username
realname: fullname
the env files are required as I need to replace dev system urls (xxx.domain.test with its productive counterpart)
the security.yaml
security:
access_control:
- path: ^/login
roles: [ IS_AUTHENTICATED_ANONYMOUSLY ]
requires_channel: https
- path: ^/
roles: ROLE_STAFF
requires_channel: https
providers:
domain_provider:
entity:
class: Domain\Library\EntitiesBundle\Entities\User\User
property: email
# - { path: ^/admin, roles: ROLE_ADMIN }
# - { path: ^/profile, roles: ROLE_USER }
# https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
anonymous: ~
oauth:
resource_owners:
domain_oauth: "/login/domainLogin"
login_path: "/login"
use_forward: true
failure_path: "/login"
oauth_user_provider:
service: Domain\Library\ClientAuthBundle\Authorisation\HwiOAuthProvider
# Easy way to control access for large sections of your site
# Note: Only the *first* access control that matches will be used
role_hierarchy:
ROLE_GUEST:
ROLE_USER: [ ROLE_GUEST ]
ROLE_STAFF: [ ROLE_USER ]
The Bundle Domain\Library\EntitiesBundle\Entities\User\User is an private Bundle the contains all Migration Data and Entity Tables.
and last but not least the twi_oauth_routing.yaml
# app/config/routing.yml
hwi_oauth_redirect:
resource: "@HWIOAuthBundle/Resources/config/routing/redirect_41.xml"
prefix: /connect
hwi_oauth_connect:
resource: "@HWIOAuthBundle/Resources/config/routing/connect_41.xml"
prefix: /connect
hwi_oauth_login:
resource: "@HWIOAuthBundle/Resources/config/routing/login_41.xml"
prefix: /login
domain_oauth_login:
path: /login/domainLogin
The Difficulty that I'm currently facing is, that I can't see an connection attempt on the login system when I call backend.domain.test/login I see an link that points to /connect/domain-oauth (which I never configured anywhere). If I click on that, it redirects me to /login But I don't see an connection in the logs.
Any clues what I oversaw? I am trying to get this to work for about a week. Worked through several examples but I can't get it to work properly.
Any Help is appreciated.
Software: Symfony 4.2, PHP7.3 MySQL 8, Redis as Cache
Update: I was able to get it to work so far. I was missing an access_control rule for the path to /connect/.... path.
Now I can see an allow / deny buttons.
But as soon as I cluck allow I get in the profiler the following url bevor it is redirected to the login page:
What did I miss out? I don't know what this error is trying to tell me.
Problem was solved.
Issues where related to problems in the firewall settings and due to an missing scope for authorisation.