AlbOAuth2ServerBundle
, (*1)
Installation
Installation is a quick 6 step process:, (*2)
- Download AlbOAuth2ServerBundle
- Configure the Autoloader
- Enable the Bundle
- Create your User class
- Configure your application's security.yml
- Configure the AlbOAuth2ServerBundle
Step 1: Download AlbOAuth2ServerBundle and oauth2-php
Ultimately, the AlbOAuth2ServerBundle files should be downloaded to the
vendor/bundles/Alb/OAuth2ServerBundle directory and the oauth2-php files to
the vendor/oauth2-php directory., (*3)
This can be done in several ways, depending on your preference. The first
method is the standard Symfony2 method., (*4)
Using the vendors script, (*5)
Add the following lines in your deps file:, (*6)
[AlbOAuth2ServerBundle]
git=git://github.com/arnaud-lb/AlbOAuth2ServerBundle.git
target=bundles/Alb/OAuth2ServerBundle
[oauth2-php]
git=git://github.com/arnaud-lb/oauth2-php.git
Now, run the vendors script to download the bundle:, (*7)
``` bash
$ php bin/vendors install, (*8)
**Using submodules**
If you prefer instead to use git submodules, then run the following:
``` bash
$ git submodule add git://github.com/arnaud-lb/AlbOAuth2ServerBundle.git vendor/bundles/Alb/OAuth2ServerBundle
$ git submodule add git://github.com/arnaud-lb/oauth2-php.git vendor/oauth2-php
$ git submodule update --init
Add the Alb and OAuth2 namespaces to your autoloader:, (*9)
``` php
<?php
// app/autoload.php, (*10)
$loader->registerNamespaces(array(
// ...
'Alb' => DIR.'/../vendor/bundles',
'OAuth2' => DIR.'/../vendor/oauth2-php/lib',
));, (*11)
### Step 3: Enable the bundle
Finally, enable the bundle in the kernel:
``` php
<?php
// app/AppKernel.php
public function registerBundles()
{
$bundles = array(
// ...
new Alb\OAuth2ServerBundle\AlbOAuth2ServerBundle(),
);
}
Step 4: Create model classes
This bundle needs to persist some classes to a database:, (*12)
-
OAuth2Client (OAuth2 consumers)
OAuth2AccessTokenOAuth2AuthCode
Your first job, then, is to create these classes for your application.
These classes can look and act however you want: add any
properties or methods you find useful., (*13)
These classes have just a few requirements:, (*14)
- They must extend one of the base classes from the bundle
- They must have an
id field
In the following sections, you'll see examples of how your classes should
look, depending on how you're storing your data., (*15)
Your classes can live inside any bundle in your application. For example,
if you work at "Acme" company, then you might create a bundle called AcmeApiBundle
and place your classes in it., (*16)
Warning:, (*17)
If you override the __construct() method in your classs, be sure
to call parent::__construct(), as the base class depends on
this to initialize some fields., (*18)
a) Doctrine ORM classes, (*19)
If you're persisting your data via the Doctrine ORM, then your classes
should live in the Entity namespace of your bundle and look like this to
start:, (*20)
``` php
<?php
// src/Acme/ApiBundle/Entity/OAuth2Client.php, (*21)
namespace Acme\ApiBundle\Entity;, (*22)
use Alb\OAuth2Server\Entity\OAuth2Client as BaseOAuth2Client;
use Doctrine\ORM\Mapping as ORM;, (*23)
/**
* @ORM\Entity
*/
class OAuth2Client extends BaseOAuth2Client
{
/**
* @ORM\Id
* @ORM\Column(type="integer")
* @ORM\GeneratedValue(strategy="AUTO")
*/
protected $id;, (*24)
public function __construct()
{
parent::__construct();
// your own logic
}
}, (*25)
``` php
<?php
// src/Acme/ApiBundle/Entity/OAuth2AccessToken.php
namespace Acme\ApiBundle\Entity;
use Alb\OAuth2Server\Entity\OAuth2AccessToken as BaseOAuth2AccessToken;
use Doctrine\ORM\Mapping as ORM;
/**
* @ORM\Entity
*/
class OAuth2AccessToken extends BaseOAuth2AccessToken
{
/**
* @ORM\Id
* @ORM\Column(type="integer")
* @ORM\GeneratedValue(strategy="AUTO")
*/
protected $id;
/**
* @ORM\ManyToOne(targetEntity="OAuth2Client")
* @ORM\JoinColumn(nullable=false)
*/
protected $client;
public function __construct()
{
parent::__construct();
// your own logic
}
}
``` php
<?php
// src/Acme/ApiBundle/Entity/OAuth2AuthCode.php, (*26)
namespace Acme\ApiBundle\Entity;, (*27)
use Alb\OAuth2Server\Entity\OAuth2AuthCode as BaseOAuth2AuthCode;
use Doctrine\ORM\Mapping as ORM;, (*28)
/**
* @ORM\Entity
*/
class OAuth2AuthCode extends BaseOAuth2AuthCode
{
/**
* @ORM\Id
* @ORM\Column(type="integer")
* @ORM\GeneratedValue(strategy="AUTO")
*/
protected $id;, (*29)
/**
* @ORM\ManyToOne(targetEntity="OAuth2Client")
* @ORM\JoinColumn(nullable=false)
*/
protected $client;
public function __construct()
{
parent::__construct();
// your own logic
}
}, (*30)
### Step 5: Configure your application's security.yml
In order for Symfony's security component to use the AlbOAuth2ServerBundle, you must
tell it to do so in the `security.yml` file. The `security.yml` file is where the
basic configuration for the security for your application is contained.
Below is a minimal example of the configuration necessary to use the AlbOAuth2ServerBundle
in your application:
``` yaml
# app/config/security.yml
security:
firewalls:
api:
pattern: ^/api
alb_oauth2: true
stateless: true
access_control:
# You can omit this if /api can be accessed both authenticated and anonymously
- { path: ^/api, roles: [IS_AUTHENTICATED_FULLY] }
The URLs under /api will use OAuth2 to authenticate users., (*31)
Import the routing.yml configuration file in app/config/routing.yml:, (*32)
``` yaml, (*33)
app/config/routing.yml
alb_oauth2:
resource: "@AlbOAuth2ServerBundle/Resources/config/routing.yml", (*34)
Add AlbOAuth2ServerBundle settings in app/config/config.yml:
``` yaml
# app/config/config.yml
alb_o_auth2_server:
db_driver: orm
oauth2_client_class: Acme\ApiBundle\Entity\OAuth2Client
oauth2_access_token_class: Acme\ApiBundle\Entity\OAuth2AccessToken
oauth2_auth_code_class: Acme\ApiBundle\Entity\OAuth2AuthCode
Symfony 2.0.x only
Import the security.yml configuration file in app/config/config.yml:, (*35)
``` yaml, (*36)
app/config/config.yml
imports:
# Symfony 2.0.x only
- { resource: "@AlbOAuth2ServerBundle/Resources/config/security.yml" }, (*37)
## Usage
The `token` endpoint is at `/oauth/v2/token` by default (see Resources/config/routing.yml).
An `authorize` endpoint can be implemented with the `finishClientAuthorization` method on
the `alb.oauth2.server.server_service` service:
``` php
<?php
if ($form->isValid()) {
try {
$response = $service->finishClientAuthorization(true, $currentUser, $request, $scope);
return $response;
} catch(\OAuth2\OAuth2ServerException $e) {
return $e->getHttpResponse();
}
}
TODO
- More tests
- Add model classes for OAuth2RefreshToken
- Add methods for refresh_token authorization types in the default storage adapter
- Add a default controler for the /authorize endpoint
Credits
Wallogit.com
