lologhi · September 23, 2025 16:12 · Nov 20, 2017 · Jan 18, 2017 · Sep 8, 2014 · Sep 3, 2014
diff --git a/2.oauth2.md b/2.oauth2.md
@@ -13,7 +13,7 @@ This `oauth_client` is created with a command line on the back. You then retriev
 
 ## You need to learn a bit of oAuth2
 
-You need to understand that there are different "ways" to "connect" with oAuth2 and retrieve an `access_token` that you will use to hit your API. They are well explained in this [Tankist blog post](http://blog.tankist.de/blog/2013/07/18/oauth2-explained-part-3-using-oauth2-with-your-bare-hands/) (read them all, they are just great).
+You need to understand that there are different "ways" to "connect" with oAuth2 and retrieve an `access_token` that you will use to hit your API. They are well explained in this [Tankist blog post](https://github.com/iamtankist/blog/blob/master/2013-07-18-oauth2-explained-part-3-using-oauth2-with-your-bare-hands.markdown) (read them all, they are just great).
 
 Whatever the way you use to retrieve the `access_token`, you want to get something like this :
 

diff --git a/1.How to easily implement a REST API with oAuth2 presentation.md b/1.How to easily implement a REST API with oAuth2 presentation.md
@@ -12,4 +12,10 @@ There are famous really good bundles a.k.a. :
 - [FOSRestBundle](https://github.com/FriendsOfSymfony/FOSRestBundle) for RESTing,
 - [FOSOAuthServerBundle](https://github.com/FriendsOfSymfony/FOSOAuthServerBundle) for security,
 - [HWIOAuthBundle](https://github.com/hwi/HWIOAuthBundle) for consuming the API,
-- and [NelmioApiDocBundle](https://github.com/nelmio/NelmioApiDocBundle) to spread the word.
+- and [NelmioApiDocBundle](https://github.com/nelmio/NelmioApiDocBundle) to spread the word.
+
+## You've asked for a project example?
+
+This Gist was made at my previous job working on a private repo, and I'm finally reusing this Gist for an open source project: the goal is to provide an API to get the church next to you. And there is also a React Native app in preparation.
+
+So, [here you are](https://github.com/carpedeum-fr/geomesse-api) for the example. At the time I'm writing the oAuth2 implementation is still in the pull request, but will soon be merged. You'll have a working example to copy and test (I'll _just_ have to improve the project Readme). And I'll also add the front views to create an account and ask for an API key.
diff --git a/1.presentation.md → ...nt a REST API with oAuth2 presentation.md b/1.presentation.md → ...nt a REST API with oAuth2 presentation.md
diff --git a/1.presentation.md b/1.presentation.md
@@ -1,4 +1,4 @@
-It's still a work in progress...
+### It's still a work in progress...
 
 ## Intro
 

diff --git a/1.presentation.md b/1.presentation.md
@@ -1,3 +1,5 @@
+It's still a work in progress...
+
 ## Intro
 
 As [William Durand](https://www.github.com/willdurand/) was recently [explaining in his SOS](http://williamdurand.fr/2014/07/02/resting-with-symfony-sos/), he "_didn't see any other interesting blog post about REST with Symfony recently unfortunately_". After spending some long hours to implement an API strongly secured with oAuth, I thought it was time for me to purpose my simple explanation of how to do it.

diff --git a/3.0.code_the_back.md b/3.0.code_the_back.md
@@ -111,6 +111,8 @@ test_api_bundle:
 
 ### `app/config/security.yml`
 
+Please remember we've put a `context` name at `test_connect`, we'll use it soon !
+
 ```yml
 security:
     encoders:
@@ -140,7 +142,7 @@ security:
                 check_path: vp_global_login_check
                 login_path: vp_global_login
             anonymous: true
-            context: vp_connect
+            context: test_connect
 
         api:
             pattern:    ^/

diff --git a/4.0.code_the_front.md b/4.0.code_the_front.md
@@ -52,6 +52,8 @@ hwi_oauth_login:
 
 ### `app/config/security.yml`
 
+Look at that ! the same `context: test_connect` so [the two firewalls can talk to each other](http://symfony.com/doc/current/reference/configuration/security.html#firewall-context) !
+
 ```yml
 security:
     encoders:

diff --git a/3.code_the_back.md → 3.0.code_the_back.md b/3.code_the_back.md → 3.0.code_the_back.md
@@ -1,4 +1,4 @@
-Let's start by adding the bundles in your `composer.json` :
+### `composer.json`
 
 
 ```json
@@ -11,7 +11,7 @@ Let's start by adding the bundles in your `composer.json` :
 }
 ```
 
-And in your `app/AppKernel.php` :
+### `app/AppKernel.php`
 
 ```php
 $bundles = array(
@@ -25,7 +25,7 @@ $bundles = array(
 );
 ```
 
-And in your `app/config/config.yml` :
+### `app/config/config.yml`
 
 ```yml
 framework:
@@ -72,7 +72,7 @@ fos_rest:
             'Symfony\Component\Routing\Exception\ResourceNotFoundException': true
 ```
 
-And in the `app/config/routing.yml` :
+### `app/config/routing.yml`
 
 ```
 # FOSUserBundle
@@ -107,4 +107,48 @@ test_api_bundle:
     type: rest
     resource: "@testApiBundle/Resources/config/routing.yml"
     prefix:   /
+```
+
+### `app/config/security.yml`
+
+```yml
+security:
+    encoders:
+        vp\GlobalBundle\Entity\User:
+            algorithm:            pbkdf2
+            hash_algorithm:       sha512
+            encode_as_base64:     true
+            iterations:           1000
+
+    role_hierarchy:
+        ROLE_ADMIN:       ROLE_USER
+        ROLE_SUPER_ADMIN: ROLE_ADMIN
+
+    providers:
+        user_provider:
+            id: vp_global_user_provider
+
+    firewalls:
+        oauth_token:
+            pattern:    ^/oauth/v2/token
+            security:   false
+
+        oauth_authorize:
+            pattern:    ^/oauth/v2/auth
+            form_login:
+                provider: user_provider
+                check_path: vp_global_login_check
+                login_path: vp_global_login
+            anonymous: true
+            context: vp_connect
+
+        api:
+            pattern:    ^/
+            fos_oauth:  true
+            stateless:  true
+            anonymous:  true # Needed to allow access to oauth pages
+
+    access_control:
+        - { path: ^/oauth/v2/, role: IS_AUTHENTICATED_ANONYMOUSLY }
+        - { path: ^/, roles: IS_AUTHENTICATED_FULLY }
 ```
diff --git a/4.code_the_front.md → 4.0.code_the_front.md b/4.code_the_front.md → 4.0.code_the_front.md
@@ -1,4 +1,4 @@
-Let's start by adding the bundles in your `composer.json` :
+### `composer.json`
 
 ```json
 {
@@ -7,7 +7,7 @@ Let's start by adding the bundles in your `composer.json` :
 }
 ```
 
-And in your `app/AppKernel.php` :
+### `app/AppKernel.php`
 
 ```php
 $bundles = array(
@@ -17,7 +17,7 @@ $bundles = array(
 );
 ```
 
-And in your `app/config/config.yml` :
+### `app/config/config.yml`
 
 ```
 hwi_oauth:
@@ -38,7 +38,7 @@ hwi_oauth:
                 realname:   username
 ```
 
-The `app/config/routing.yml` :
+### `app/config/routing.yml`
 
 ```yml
 hwi_oauth_redirect:
@@ -50,7 +50,7 @@ hwi_oauth_login:
     prefix:   /login
 ```
 
-Most important part, your `app/config/security.yml` :
+### `app/config/security.yml`
 
 ```yml
 security:

diff --git a/4.code_the_front.md b/4.code_the_front.md
@@ -21,9 +21,9 @@ And in your `app/config/config.yml` :
 
 ```
 hwi_oauth:
-    firewall_name: secured_area
+    firewall_name: oauth2_secured_api
     resource_owners:
-        vp_connect:
+        test_connect:
             type:                oauth2
             client_id:           %oauth_client%
             client_secret:       %oauth_secret%
@@ -62,11 +62,6 @@ security:
         ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
 
     providers:
-        in_memory:
-            memory:
-                users:
-                    user:  { password: userpass, roles: [ 'ROLE_USER' ] }
-                    admin: { password: adminpass, roles: [ 'ROLE_ADMIN' ] }
         hwi:
             id: hwi_oauth.user.provider
 
@@ -75,12 +70,12 @@ security:
             pattern:  ^/(_(profiler|wdt)|css|images|js)/
             security: false
 
-        secured_area:
+        oauth2_secured_api:
             anonymous: ~
-            context: vp_connect
+            context: test_connect
             oauth:
                 resource_owners:
-                    vp_connect: "/login/test-connect"
+                    test_connect: "/login/test-connect"
                 login_path:        /login
                 use_forward:       false
                 failure_path:      /login

diff --git a/4.code_the_front.md b/4.code_the_front.md
@@ -80,7 +80,7 @@ security:
             context: vp_connect
             oauth:
                 resource_owners:
-                    vp_connect: "/login/vp-connect"
+                    vp_connect: "/login/test-connect"
                 login_path:        /login
                 use_forward:       false
                 failure_path:      /login
@@ -89,13 +89,5 @@ security:
 
     access_control:
         - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
-        - { path: ^/club, roles: ROLE_USER }
-        - { path: ^/level, roles: ROLE_USER }
-        - { path: ^/place, roles: ROLE_USER }
-        - { path: ^/sport, roles: ROLE_USER }
-        - { path: ^/sport_center, roles: ROLE_USER }
-        - { path: ^/team, roles: ROLE_USER }
-        - { path: ^/video, roles: ROLE_USER }
-        - { path: ^/video_request, roles: ROLE_USER }
         - { path: ^/me, roles: ROLE_USER }
 ```
diff --git a/4.code_the_front.md b/4.code_the_front.md
@@ -36,4 +36,66 @@ hwi_oauth:
                 identifier: id
                 nickname:   username
                 realname:   username
+```
+
+The `app/config/routing.yml` :
+
+```yml
+hwi_oauth_redirect:
+    resource: "@HWIOAuthBundle/Resources/config/routing/redirect.xml"
+    prefix:   /connect
+
+hwi_oauth_login:
+    resource: "@HWIOAuthBundle/Resources/config/routing/login.xml"
+    prefix:   /login
+```
+
+Most important part, your `app/config/security.yml` :
+
+```yml
+security:
+    encoders:
+        Symfony\Component\Security\Core\User\User: plaintext
+
+    role_hierarchy:
+        ROLE_ADMIN:       ROLE_USER
+        ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
+
+    providers:
+        in_memory:
+            memory:
+                users:
+                    user:  { password: userpass, roles: [ 'ROLE_USER' ] }
+                    admin: { password: adminpass, roles: [ 'ROLE_ADMIN' ] }
+        hwi:
+            id: hwi_oauth.user.provider
+
+    firewalls:
+        dev:
+            pattern:  ^/(_(profiler|wdt)|css|images|js)/
+            security: false
+
+        secured_area:
+            anonymous: ~
+            context: vp_connect
+            oauth:
+                resource_owners:
+                    vp_connect: "/login/vp-connect"
+                login_path:        /login
+                use_forward:       false
+                failure_path:      /login
+                oauth_user_provider:
+                    service: hwi_oauth.user.provider
+
+    access_control:
+        - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
+        - { path: ^/club, roles: ROLE_USER }
+        - { path: ^/level, roles: ROLE_USER }
+        - { path: ^/place, roles: ROLE_USER }
+        - { path: ^/sport, roles: ROLE_USER }
+        - { path: ^/sport_center, roles: ROLE_USER }
+        - { path: ^/team, roles: ROLE_USER }
+        - { path: ^/video, roles: ROLE_USER }
+        - { path: ^/video_request, roles: ROLE_USER }
+        - { path: ^/me, roles: ROLE_USER }
 ```
diff --git a/4.the_oauth_security_layer.md → 3.1.the_oauth_security_layer.md b/4.the_oauth_security_layer.md → 3.1.the_oauth_security_layer.md
diff --git a/ClientCreateCommand.php → 3.2.ClientCreateCommand.php b/ClientCreateCommand.php → 3.2.ClientCreateCommand.php
diff --git a/4.code_the_front.md b/4.code_the_front.md
@@ -0,0 +1,39 @@
+Let's start by adding the bundles in your `composer.json` :
+
+```json
+{
+    "hwi/oauth-bundle": "0.4.*@dev",
+    "guzzle/guzzle": "3.8.*@dev",
+}
+```
+
+And in your `app/AppKernel.php` :
+
+```php
+$bundles = array(
+    // ...
+    new HWI\Bundle\OAuthBundle\HWIOAuthBundle(),
+    // ...
+);
+```
+
+And in your `app/config/config.yml` :
+
+```
+hwi_oauth:
+    firewall_name: secured_area
+    resource_owners:
+        vp_connect:
+            type:                oauth2
+            client_id:           %oauth_client%
+            client_secret:       %oauth_secret%
+            access_token_url:    %website_back_base_url%/oauth/v2/token
+            authorization_url:   %website_back_base_url%/oauth/v2/auth
+            infos_url:           %website_back_base_url%/me
+            scope:               "read"
+            user_response_class: HWI\Bundle\OAuthBundle\OAuth\Response\PathUserResponse
+            paths:
+                identifier: id
+                nickname:   username
+                realname:   username
+```
diff --git a/ClientCreateCommand.php b/ClientCreateCommand.php
@@ -14,9 +14,10 @@ class ClientCreateCommand extends Command
     protected function configure()
     {
         $this
-            ->setName('test:api:client-create')
+            ->setName('vp:oauth-server:client-create')
             ->setDescription('Create a new client')
             ->addArgument('name', InputArgument::REQUIRED, 'Sets the client name', null)
+            ->addOption('redirect-uri', null, InputOption::VALUE_REQUIRED | InputOption::VALUE_IS_ARRAY, 'Sets redirect uri for client. Use this option multiple times to set multiple redirect URIs.', null)
             ->addOption('grant-type', null, InputOption::VALUE_REQUIRED | InputOption::VALUE_IS_ARRAY, 'Sets allowed grant type for client. Use this option multiple times to set multiple grant types.', null)
         ;
     }
@@ -26,8 +27,9 @@ protected function execute(InputInterface $input, OutputInterface $output)
         $clientManager = $this->getApplication()->getKernel()->getContainer()->get('fos_oauth_server.client_manager.default');
         $client = $clientManager->createClient();
         $client->setName($input->getArgument('name'));
+        $client->setRedirectUris($input->getOption('redirect-uri'));
         $client->setAllowedGrantTypes($input->getOption('grant-type'));
         $clientManager->updateClient($client);
-        $output->writeln(sprintf('Added a new client, name : <info>%s</info> and public id : <info>%s</info> and secret id : <info>%s</info>', $client->getName(), $client->getPublicId(), $client->getSecret()));
+        $output->writeln(sprintf('Added a new client with name <info>%s</info> and public id <info>%s</info>.', $client->getName(), $client->getPublicId()));
     }
 }
diff --git a/ClientCreateCommand.php b/ClientCreateCommand.php
@@ -1,6 +1,6 @@
 <?php
 
-namespace vp\GlobalBundle\Command;
+namespace test\ApiBundle\Command;
 
 
 use Symfony\Component\Console\Command\Command;
@@ -14,7 +14,7 @@ class ClientCreateCommand extends Command
     protected function configure()
     {
         $this
-            ->setName('vp:oauth-server:client-create')
+            ->setName('test:api:client-create')
             ->setDescription('Create a new client')
             ->addArgument('name', InputArgument::REQUIRED, 'Sets the client name', null)
             ->addOption('grant-type', null, InputOption::VALUE_REQUIRED | InputOption::VALUE_IS_ARRAY, 'Sets allowed grant type for client. Use this option multiple times to set multiple grant types.', null)

diff --git a/4.the_oauth_security_layer.md b/4.the_oauth_security_layer.md
@@ -1 +1,3 @@
-As [explained in the step 3 of the documentation](https://github.com/FriendsOfSymfony/FOSOAuthServerBundle/blob/master/Resources/doc/index.md#step-3-create-model-classes), you'll have to create four entities : `Client`, `AccessToken`, `RefreshToken` and `AuthCode`.
+As [explained in the step 3 of the documentation](https://github.com/FriendsOfSymfony/FOSOAuthServerBundle/blob/master/Resources/doc/index.md#step-3-create-model-classes), you'll have to create four entities : `Client`, `AccessToken`, `RefreshToken` and `AuthCode`.
+
+Then to create a `Client`, you might want a command line like that :
diff --git a/ClientCreateCommand.php b/ClientCreateCommand.php
@@ -0,0 +1,33 @@
+<?php
+
+namespace vp\GlobalBundle\Command;
+
+
+use Symfony\Component\Console\Command\Command;
+use Symfony\Component\Console\Input\InputArgument;
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Input\InputOption;
+use Symfony\Component\Console\Output\OutputInterface;
+
+class ClientCreateCommand extends Command
+{
+    protected function configure()
+    {
+        $this
+            ->setName('vp:oauth-server:client-create')
+            ->setDescription('Create a new client')
+            ->addArgument('name', InputArgument::REQUIRED, 'Sets the client name', null)
+            ->addOption('grant-type', null, InputOption::VALUE_REQUIRED | InputOption::VALUE_IS_ARRAY, 'Sets allowed grant type for client. Use this option multiple times to set multiple grant types.', null)
+        ;
+    }
+
+    protected function execute(InputInterface $input, OutputInterface $output)
+    {
+        $clientManager = $this->getApplication()->getKernel()->getContainer()->get('fos_oauth_server.client_manager.default');
+        $client = $clientManager->createClient();
+        $client->setName($input->getArgument('name'));
+        $client->setAllowedGrantTypes($input->getOption('grant-type'));
+        $clientManager->updateClient($client);
+        $output->writeln(sprintf('Added a new client, name : <info>%s</info> and public id : <info>%s</info> and secret id : <info>%s</info>', $client->getName(), $client->getPublicId(), $client->getSecret()));
+    }
+}
diff --git a/3.code_the_back.md b/3.code_the_back.md
@@ -70,4 +70,41 @@ fos_rest:
             'Doctrine\ORM\OptimisticLockException': HTTP_CONFLICT
         messages:
             'Symfony\Component\Routing\Exception\ResourceNotFoundException': true
+```
+
+And in the `app/config/routing.yml` :
+
+```
+# FOSUserBundle
+fos_user_security:
+    resource: "@FOSUserBundle/Resources/config/routing/security.xml"
+
+fos_user_profile:
+    resource: "@FOSUserBundle/Resources/config/routing/profile.xml"
+    prefix: /profile
+
+fos_user_register:
+    resource: "@FOSUserBundle/Resources/config/routing/registration.xml"
+    prefix: /register
+
+fos_user_resetting:
+    resource: "@FOSUserBundle/Resources/config/routing/resetting.xml"
+    prefix: /resetting
+
+fos_user_change_password:
+    resource: "@FOSUserBundle/Resources/config/routing/change_password.xml"
+    prefix: /profile
+
+# FOSAuthServerBundle
+fos_oauth_server_token:
+    resource: "@FOSOAuthServerBundle/Resources/config/routing/token.xml"
+
+fos_oauth_server_authorize:
+    resource: "@FOSOAuthServerBundle/Resources/config/routing/authorize.xml"
+
+# testApiBundle
+test_api_bundle:
+    type: rest
+    resource: "@testApiBundle/Resources/config/routing.yml"
+    prefix:   /
 ```
diff --git a/4.the_oauth_security_layer.md b/4.the_oauth_security_layer.md
@@ -1 +1 @@
-As [explained in the documentation](https://github.com/FriendsOfSymfony/FOSOAuthServerBundle/blob/master/Resources/doc/index.md#step-3-create-model-classes), you'll have to create four entities : `Client`, `AccessToken`, `RefreshToken` and `AuthCode`.
+As [explained in the step 3 of the documentation](https://github.com/FriendsOfSymfony/FOSOAuthServerBundle/blob/master/Resources/doc/index.md#step-3-create-model-classes), you'll have to create four entities : `Client`, `AccessToken`, `RefreshToken` and `AuthCode`.
diff --git a/3.code_the_back.md b/3.code_the_back.md
@@ -31,6 +31,7 @@ And in your `app/config/config.yml` :
 framework:
     # ...
     translator:      { fallback: "%locale%" }
+    # ...
 
 fos_user:
     db_driver: orm

diff --git a/4.the_oauth_security_layer.md b/4.the_oauth_security_layer.md
@@ -1 +1 @@
-toto
+As [explained in the documentation](https://github.com/FriendsOfSymfony/FOSOAuthServerBundle/blob/master/Resources/doc/index.md#step-3-create-model-classes), you'll have to create four entities : `Client`, `AccessToken`, `RefreshToken` and `AuthCode`.
diff --git a/3.code_the_back.md b/3.code_the_back.md
@@ -28,6 +28,10 @@ $bundles = array(
 And in your `app/config/config.yml` :
 
 ```yml
+framework:
+    # ...
+    translator:      { fallback: "%locale%" }
+
 fos_user:
     db_driver: orm
     firewall_name: main

diff --git a/4.the_oauth_security_layer.md b/4.the_oauth_security_layer.md
@@ -0,0 +1 @@
+toto
diff --git a/3.code_the_back.md b/3.code_the_back.md
@@ -21,6 +21,7 @@ $bundles = array(
     new FOS\RestBundle\FOSRestBundle(),
     new FOS\OAuthServerBundle\FOSOAuthServerBundle(),
     new Nelmio\ApiDocBundle\NelmioApiDocBundle(),
+    // ...
 );
 ```
 
@@ -30,14 +31,14 @@ And in your `app/config/config.yml` :
 fos_user:
     db_driver: orm
     firewall_name: main
-    user_class: vp\GlobalBundle\Entity\User
+    user_class: test\ApiBundle\Entity\User
 
 fos_oauth_server:
     db_driver: orm
-    client_class:        vp\GlobalBundle\Entity\Client
-    access_token_class:  vp\GlobalBundle\Entity\AccessToken
-    refresh_token_class: vp\GlobalBundle\Entity\RefreshToken
-    auth_code_class:     vp\GlobalBundle\Entity\AuthCode
+    client_class:        test\ApiBundle\Entity\Client
+    access_token_class:  test\ApiBundle\Entity\AccessToken
+    refresh_token_class: test\ApiBundle\Entity\RefreshToken
+    auth_code_class:     test\ApiBundle\Entity\AuthCode
     service:
         options:
             supported_scopes: read

diff --git a/3.code_the_back.md b/3.code_the_back.md
@@ -22,4 +22,46 @@ $bundles = array(
     new FOS\OAuthServerBundle\FOSOAuthServerBundle(),
     new Nelmio\ApiDocBundle\NelmioApiDocBundle(),
 );
+```
+
+And in your `app/config/config.yml` :
+
+```yml
+fos_user:
+    db_driver: orm
+    firewall_name: main
+    user_class: vp\GlobalBundle\Entity\User
+
+fos_oauth_server:
+    db_driver: orm
+    client_class:        vp\GlobalBundle\Entity\Client
+    access_token_class:  vp\GlobalBundle\Entity\AccessToken
+    refresh_token_class: vp\GlobalBundle\Entity\RefreshToken
+    auth_code_class:     vp\GlobalBundle\Entity\AuthCode
+    service:
+        options:
+            supported_scopes: read
+
+nelmio_api_doc: ~
+
+sensio_framework_extra:
+    view:
+        annotations: false
+
+fos_rest:
+    param_fetcher_listener: true
+    body_listener: true
+    format_listener: true
+    view:
+        view_response_listener: 'force'
+    routing_loader:
+        default_format: json
+    access_denied_listener:
+        json: true
+    exception:
+        codes:
+            'Symfony\Component\Routing\Exception\ResourceNotFoundException': 404
+            'Doctrine\ORM\OptimisticLockException': HTTP_CONFLICT
+        messages:
+            'Symfony\Component\Routing\Exception\ResourceNotFoundException': true
 ```
diff --git a/3.code_the_back.md b/3.code_the_back.md
@@ -21,5 +21,5 @@ $bundles = array(
     new FOS\RestBundle\FOSRestBundle(),
     new FOS\OAuthServerBundle\FOSOAuthServerBundle(),
     new Nelmio\ApiDocBundle\NelmioApiDocBundle(),
-)
+);
 ```
diff --git a/3.code_the_back.md b/3.code_the_back.md
@@ -1,4 +1,4 @@
-Let's start by adding the bundles :
+Let's start by adding the bundles in your `composer.json` :
 
 
 ```json
@@ -9,4 +9,17 @@ Let's start by adding the bundles :
     "friendsofsymfony/oauth-server-bundle": "1.4.*@dev",
     "nelmio/api-doc-bundle": "2.5.*@dev",
 }
+```
+
+And in your `app/AppKernel.php` :
+
+```php
+$bundles = array(
+    // ...
+    new JMS\SerializerBundle\JMSSerializerBundle(),
+    new FOS\UserBundle\FOSUserBundle(),
+    new FOS\RestBundle\FOSRestBundle(),
+    new FOS\OAuthServerBundle\FOSOAuthServerBundle(),
+    new Nelmio\ApiDocBundle\NelmioApiDocBundle(),
+)
 ```
diff --git a/3.code_the_back.md b/3.code_the_back.md
@@ -1,7 +1,7 @@
 Let's start by adding the bundles :
 
 
-```
+```json
 {
     "jms/serializer-bundle": "dev-master",
     "friendsofsymfony/user-bundle": "2.0.*@dev",

diff --git a/3.code_the_back.md b/3.code_the_back.md
@@ -1 +1,12 @@
-Let's start
+Let's start by adding the bundles :
+
+
+```
+{
+    "jms/serializer-bundle": "dev-master",
+    "friendsofsymfony/user-bundle": "2.0.*@dev",
+    "friendsofsymfony/rest-bundle": "1.4.*@dev",
+    "friendsofsymfony/oauth-server-bundle": "1.4.*@dev",
+    "nelmio/api-doc-bundle": "2.5.*@dev",
+}
+```
diff --git a/3.code_the_back.md b/3.code_the_back.md
@@ -0,0 +1 @@
+Let's start
diff --git a/2.oauth2.md b/2.oauth2.md
@@ -37,6 +37,8 @@ The "usual" process you have with Facebook : login, authorize app, redirection.
 2. The user put its credentials in the form, and if it's valid, can allow the "app" (which is the `oauth_client`, _i.e._ the front) to access the back.
 3. The user is then redirected to the front, with a nice cookie (`access_token`) that allow the front to request the back API.
 
+No example here, we will come back on that process later.
+
 ### `grant_type=password`
 
 You still want an `access_token` but you get it in one request, by sending everything you have : `oauth_client` `id` and `secret`, and user credentials.

diff --git a/1.presentation.md b/1.presentation.md
@@ -5,7 +5,8 @@ As [William Durand](https://www.github.com/willdurand/) was recently [explaining
 ## Ok, you know the bundles
 
 You might have already seen some good explanation of how to easily create a REST API with Symfony2.
-There are famous really good bundles AKA
+There are famous really good bundles a.k.a. :
+
 - [FOSRestBundle](https://github.com/FriendsOfSymfony/FOSRestBundle) for RESTing,
 - [FOSOAuthServerBundle](https://github.com/FriendsOfSymfony/FOSOAuthServerBundle) for security,
 - [HWIOAuthBundle](https://github.com/hwi/HWIOAuthBundle) for consuming the API,

diff --git a/2.oauth2.md b/2.oauth2.md
@@ -62,7 +62,7 @@ This might be usefull when your back is requesting another of your API. User cre
 This one is to refresh your `access_token`. As your token will expire in one hour, you can ask to refresh it :
 
 ```
-PROVIDER_HOST/oauth/v2/token?client_id=CLIENT_ID&client_secret=CLIENT_SECRET&grant_type=refresh_token&refresh_token=REFRESH_TOKEN
+your_back/oauth/v2/token?client_id=CLIENT_ID&client_secret=CLIENT_SECRET&grant_type=refresh_token&refresh_token=REFRESH_TOKEN
 ```
 
 As you need to have the `oauth_client` `secret`, this is not usable between our front and back, where `grant_type=authorization_code` will be used.

diff --git a/2.oauth2.md b/2.oauth2.md
@@ -2,7 +2,9 @@
 
 We will imagine two Symfony projects : 
 - one back with the API and database ([FOSRestBundle](https://github.com/FriendsOfSymfony/FOSRestBundle) and [FOSOAuthServerBundle](https://github.com/FriendsOfSymfony/FOSOAuthServerBundle) with [FOSUserBundle](https://github.com/FriendsOfSymfony/FOSUserBundle)), 
-- and one front who consume the API ([HWIOAuthBundle](https://github.com/hwi/HWIOAuthBundle), no database).
+- and one front who consume the API ([HWIOAuthBundle](https://github.com/hwi/HWIOAuthBundle), no database), that one day will be replace by a JS implementation.
+
+As our users will try to connect to our front, we want a login process _à la_ Facebook, which you will see, is the oAuth `grant_type` `authorization_code` process.
 
 The front is an `oauth_client` who try to connect to the back.
 This `oauth_client` is created with a command line on the back. You then retrieve an `id` and a `secret`.

diff --git a/2.oauth2.md b/2.oauth2.md
@@ -4,7 +4,7 @@ We will imagine two Symfony projects :
 - one back with the API and database ([FOSRestBundle](https://github.com/FriendsOfSymfony/FOSRestBundle) and [FOSOAuthServerBundle](https://github.com/FriendsOfSymfony/FOSOAuthServerBundle) with [FOSUserBundle](https://github.com/FriendsOfSymfony/FOSUserBundle)), 
 - and one front who consume the API ([HWIOAuthBundle](https://github.com/hwi/HWIOAuthBundle), no database).
 
-The front is an `oauth_client` who try to connect to the back. It can be linked to `fos_user`.
+The front is an `oauth_client` who try to connect to the back.
 This `oauth_client` is created with a command line on the back. You then retrieve an `id` and a `secret`.
 
 **Warning** If you look into the database to get the `id`, it's the concatenation of the `oauth_client.id` and `oauth_client.random_id`, separated with an underscore. Something looking like `1_kj2gjhlice8wkoxwggpok80hk0wcewkwfkk4c4wocawwgc0ko`.
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		As [explained in the documentation](https://github.com/FriendsOfSymfony/FOSOAuthServerBundle/blob/master/Resources/doc/index.md#step-3-create-model-classes), you'll have to create four entities : `Client`, `AccessToken`, `RefreshToken` and `AuthCode`.
		As [explained in the step 3 of the documentation](https://github.com/FriendsOfSymfony/FOSOAuthServerBundle/blob/master/Resources/doc/index.md#step-3-create-model-classes), you'll have to create four entities : `Client`, `AccessToken`, `RefreshToken` and `AuthCode`.
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		toto
		As [explained in the documentation](https://github.com/FriendsOfSymfony/FOSOAuthServerBundle/blob/master/Resources/doc/index.md#step-3-create-model-classes), you'll have to create four entities : `Client`, `AccessToken`, `RefreshToken` and `AuthCode`.