jdelaune/oauth2-client-bundle

Symfony OAuth2ClientBundle

OAuth2 Client Bundle

OAuth2 Client Bundle for Symfony 2., _(*1)

Overview

Allow for the protection of resources via OAuth2. Provides two Symfony firewalls. One for checking bearer access tokens for securing API application. The access tokens can be provided via a header (recommended) or query e.g. Authorization: Bearer {Access Token} or http://example.com/resource?access_token={Access Token}. The other firewall is for securing web applications via the authorization code grant type., _(*2)

Installation

Step 1: Add package to Composer

Add the bundle to your composer.json:, _(*3)

``` js { "require": { "jdelaune/oauth2-client-bundle": "dev-master" } }, <sub>(*4)</sub>

Now tell composer to download the bundle by running the command:

``` bash
$ php composer.phar update jdelaune/oauth2-client-bundle

Composer will install the bundle to your project's vendor/jdelaune directory., <sub>(*5)</sub>

Step 2: Enable the bundle

Enable the bundle in the kernel:, <sub>(*6)</sub>

``` php <?php // app/AppKernel.php, <sub>(*7)</sub>

public function registerBundles() { $bundles = array( // ... new OAuth2\ClientBundle\OAuth2ClientBundle(), ); }, <sub>(*8)</sub>

### Step 3: Add parameters

You'll need add your OAuth2 Server URIs as parameters to your `parameters.yml`

``` yaml
# app/config/parameters.yml

parameters:
    oauth2.client.server:
        authorize_uri: 'http://example.com/authorize'
        token_uri: 'https://example.com/token'
        verify_uri: 'https://example.com/verify-token'
        validate_ssl: true

The verify uri should verify the access token on your OAuth2 Server and provide a JSON encoded array of:, <sub>(*9)</sub>

• access_token
• client_id
• expires_in
• user_id (Optional)
• scope (Optional)

Step 4a: Configure security (access token)

Access token only firewall is most often used for securing APIs where the end user won't actually be interacting with your Symfony application directly., <sub>(*10)</sub>

You'll need to setup a firewall in your security.yml, <sub>(*11)</sub>

``` yaml, <sub>(*12)</sub>

app/config/security.yml

security: encoders: OAuth2\ClientBundle\Security\User\OAuth2User: plaintext, <sub>(*13)</sub>

providers:
    oauth2_client:
        id: oauth2.client.user_provider

firewalls:
    oauth2_secured:
        pattern: ^/secured_area/
        oauth2_access_token: true
        stateless: true

### Step 4b: Configure security (authorization code)

Authorization code firewall is most often used when the end user is interacting with your Symfony application.

You'll need to setup a firewall in your `security.yml`

``` yaml
# app/config/security.yml

security:
    encoders:
        OAuth2\ClientBundle\Security\User\OAuth2User: plaintext

    providers:
        oauth2_client:
            id: oauth2.client.user_provider

    firewalls:
        oauth2_secured:
            pattern: ^/secured_area/
            oauth2_authorization_code:
                client_id: ~
                client_secret: ~
                redirect_uri: http://www.example.com/secured_area/authorized
                scope: basic

The redirect_uri needs to be a URI behind the same firewall. You can use all the usual configuration options here as well that one would use for the form firewall like use_referer and default_target_path., <sub>(*14)</sub>

Step 5: Add routing

We provide default routing for some paths needed when using the authorization code firewall. Add this to your routing.yml, <sub>(*15)</sub>

``` yaml, <sub>(*16)</sub>

app/config/routing.yml

oauth2_client: resource: "@OAuth2ClientBundle/Controller/" type: annotation prefix: /, <sub>(*17)</sub>

## The OAuth2Token

The client bundle will provide an `OAuth2Token` object for any secured path in your controllers.

There are additional getters available on the `OAuth2User` object:

``` php
$token = $this->get('security.context')->getToken();
$token->getAccessToken(); // The access token
$token->getRefreshToken(); // The refresh token
$token->getExpiresAt(); // Expiry datetime object
$token->getExpiresIn(); // Seconds until the access token expires

The OAuth2User

The client bundle will provide an OAuth2User object for any secured path in your controllers., <sub>(*18)</sub>

Scopes will be turned into roles automatically, e.g. a scope of email would result in a role of ROLE_EMAIL., <sub>(*19)</sub>

There are additional getters available on the OAuth2User object:, <sub>(*20)</sub>

php $user = $this->getUser(); $user->getClientId(); // Client ID $user->getUserId(); // User ID $user->isUser(); // True if user, false if client only $user->getUsername(); // Client ID if client only, or User ID if user $user->getScopes(); // Array of scopes $user->getAccessToken(); // The access token, <sub>(*21)</sub>