Forked from lologhi/1.How to easily implement a REST API with oAuth2 presentation.md
Created
September 27, 2015 09:34
-
-
Save sdiaz/8d2e1745ab46c50a10de to your computer and use it in GitHub Desktop.
Revisions
-
lologhi renamed this gist
Sep 8, 2014 . 1 changed file with 0 additions and 0 deletions.There are no files selected for viewing
File renamed without changes. -
Sep 3, 2014 . No changes.There are no files selected for viewing
-
Sep 3, 2014 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,4 +1,4 @@ ### It's still a work in progress... ## Intro -
Sep 3, 2014 . 1 changed file with 2 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,3 +1,5 @@ It's still a work in progress... ## Intro As [William Durand](https://www.github.com/willdurand/) was recently [explaining in his SOS](http://williamdurand.fr/2014/07/02/resting-with-symfony-sos/), he "_didn't see any other interesting blog post about REST with Symfony recently unfortunately_". After spending some long hours to implement an API strongly secured with oAuth, I thought it was time for me to purpose my simple explanation of how to do it. -
Sep 1, 2014 . 2 changed files with 5 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -111,6 +111,8 @@ test_api_bundle: ### `app/config/security.yml` Please remember we've put a `context` name at `test_connect`, we'll use it soon ! ```yml security: encoders: @@ -140,7 +142,7 @@ security: check_path: vp_global_login_check login_path: vp_global_login anonymous: true context: test_connect api: pattern: ^/ This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -52,6 +52,8 @@ hwi_oauth_login: ### `app/config/security.yml` Look at that ! the same `context: test_connect` so [the two firewalls can talk to each other](http://symfony.com/doc/current/reference/configuration/security.html#firewall-context) ! ```yml security: encoders: -
Sep 1, 2014 . 2 changed files with 53 additions and 9 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,4 +1,4 @@ ### `composer.json` ```json @@ -11,7 +11,7 @@ Let's start by adding the bundles in your `composer.json` : } ``` ### `app/AppKernel.php` ```php $bundles = array( @@ -25,7 +25,7 @@ $bundles = array( ); ``` ### `app/config/config.yml` ```yml framework: @@ -72,7 +72,7 @@ fos_rest: 'Symfony\Component\Routing\Exception\ResourceNotFoundException': true ``` ### `app/config/routing.yml` ``` # FOSUserBundle @@ -107,4 +107,48 @@ test_api_bundle: type: rest resource: "@testApiBundle/Resources/config/routing.yml" prefix: / ``` ### `app/config/security.yml` ```yml security: encoders: vp\GlobalBundle\Entity\User: algorithm: pbkdf2 hash_algorithm: sha512 encode_as_base64: true iterations: 1000 role_hierarchy: ROLE_ADMIN: ROLE_USER ROLE_SUPER_ADMIN: ROLE_ADMIN providers: user_provider: id: vp_global_user_provider firewalls: oauth_token: pattern: ^/oauth/v2/token security: false oauth_authorize: pattern: ^/oauth/v2/auth form_login: provider: user_provider check_path: vp_global_login_check login_path: vp_global_login anonymous: true context: vp_connect api: pattern: ^/ fos_oauth: true stateless: true anonymous: true # Needed to allow access to oauth pages access_control: - { path: ^/oauth/v2/, role: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/, roles: IS_AUTHENTICATED_FULLY } ``` This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,4 +1,4 @@ ### `composer.json` ```json { @@ -7,7 +7,7 @@ Let's start by adding the bundles in your `composer.json` : } ``` ### `app/AppKernel.php` ```php $bundles = array( @@ -17,7 +17,7 @@ $bundles = array( ); ``` ### `app/config/config.yml` ``` hwi_oauth: @@ -38,7 +38,7 @@ hwi_oauth: realname: username ``` ### `app/config/routing.yml` ```yml hwi_oauth_redirect: @@ -50,7 +50,7 @@ hwi_oauth_login: prefix: /login ``` ### `app/config/security.yml` ```yml security: -
Sep 1, 2014 . 1 changed file with 5 additions and 10 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -21,9 +21,9 @@ And in your `app/config/config.yml` : ``` hwi_oauth: firewall_name: oauth2_secured_api resource_owners: test_connect: type: oauth2 client_id: %oauth_client% client_secret: %oauth_secret% @@ -62,11 +62,6 @@ security: ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH] providers: hwi: id: hwi_oauth.user.provider @@ -75,12 +70,12 @@ security: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false oauth2_secured_api: anonymous: ~ context: test_connect oauth: resource_owners: test_connect: "/login/test-connect" login_path: /login use_forward: false failure_path: /login -
Sep 1, 2014 . 1 changed file with 1 addition and 9 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -80,7 +80,7 @@ security: context: vp_connect oauth: resource_owners: vp_connect: "/login/test-connect" login_path: /login use_forward: false failure_path: /login @@ -89,13 +89,5 @@ security: access_control: - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/me, roles: ROLE_USER } ``` -
Sep 1, 2014 . 1 changed file with 62 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -36,4 +36,66 @@ hwi_oauth: identifier: id nickname: username realname: username ``` The `app/config/routing.yml` : ```yml hwi_oauth_redirect: resource: "@HWIOAuthBundle/Resources/config/routing/redirect.xml" prefix: /connect hwi_oauth_login: resource: "@HWIOAuthBundle/Resources/config/routing/login.xml" prefix: /login ``` Most important part, your `app/config/security.yml` : ```yml security: encoders: Symfony\Component\Security\Core\User\User: plaintext role_hierarchy: ROLE_ADMIN: ROLE_USER ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH] providers: in_memory: memory: users: user: { password: userpass, roles: [ 'ROLE_USER' ] } admin: { password: adminpass, roles: [ 'ROLE_ADMIN' ] } hwi: id: hwi_oauth.user.provider firewalls: dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false secured_area: anonymous: ~ context: vp_connect oauth: resource_owners: vp_connect: "/login/vp-connect" login_path: /login use_forward: false failure_path: /login oauth_user_provider: service: hwi_oauth.user.provider access_control: - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/club, roles: ROLE_USER } - { path: ^/level, roles: ROLE_USER } - { path: ^/place, roles: ROLE_USER } - { path: ^/sport, roles: ROLE_USER } - { path: ^/sport_center, roles: ROLE_USER } - { path: ^/team, roles: ROLE_USER } - { path: ^/video, roles: ROLE_USER } - { path: ^/video_request, roles: ROLE_USER } - { path: ^/me, roles: ROLE_USER } ``` -
Sep 1, 2014 . 3 changed files with 39 additions and 0 deletions.There are no files selected for viewing
File renamed without changes.File renamed without changes.This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,39 @@ Let's start by adding the bundles in your `composer.json` : ```json { "hwi/oauth-bundle": "0.4.*@dev", "guzzle/guzzle": "3.8.*@dev", } ``` And in your `app/AppKernel.php` : ```php $bundles = array( // ... new HWI\Bundle\OAuthBundle\HWIOAuthBundle(), // ... ); ``` And in your `app/config/config.yml` : ``` hwi_oauth: firewall_name: secured_area resource_owners: vp_connect: type: oauth2 client_id: %oauth_client% client_secret: %oauth_secret% access_token_url: %website_back_base_url%/oauth/v2/token authorization_url: %website_back_base_url%/oauth/v2/auth infos_url: %website_back_base_url%/me scope: "read" user_response_class: HWI\Bundle\OAuthBundle\OAuth\Response\PathUserResponse paths: identifier: id nickname: username realname: username ``` -
Sep 1, 2014 . 1 changed file with 4 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -14,9 +14,10 @@ class ClientCreateCommand extends Command protected function configure() { $this ->setName('vp:oauth-server:client-create') ->setDescription('Create a new client') ->addArgument('name', InputArgument::REQUIRED, 'Sets the client name', null) ->addOption('redirect-uri', null, InputOption::VALUE_REQUIRED | InputOption::VALUE_IS_ARRAY, 'Sets redirect uri for client. Use this option multiple times to set multiple redirect URIs.', null) ->addOption('grant-type', null, InputOption::VALUE_REQUIRED | InputOption::VALUE_IS_ARRAY, 'Sets allowed grant type for client. Use this option multiple times to set multiple grant types.', null) ; } @@ -26,8 +27,9 @@ protected function execute(InputInterface $input, OutputInterface $output) $clientManager = $this->getApplication()->getKernel()->getContainer()->get('fos_oauth_server.client_manager.default'); $client = $clientManager->createClient(); $client->setName($input->getArgument('name')); $client->setRedirectUris($input->getOption('redirect-uri')); $client->setAllowedGrantTypes($input->getOption('grant-type')); $clientManager->updateClient($client); $output->writeln(sprintf('Added a new client with name <info>%s</info> and public id <info>%s</info>.', $client->getName(), $client->getPublicId())); } } -
Sep 1, 2014 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,6 +1,6 @@ <?php namespace test\ApiBundle\Command; use Symfony\Component\Console\Command\Command; @@ -14,7 +14,7 @@ class ClientCreateCommand extends Command protected function configure() { $this ->setName('test:api:client-create') ->setDescription('Create a new client') ->addArgument('name', InputArgument::REQUIRED, 'Sets the client name', null) ->addOption('grant-type', null, InputOption::VALUE_REQUIRED | InputOption::VALUE_IS_ARRAY, 'Sets allowed grant type for client. Use this option multiple times to set multiple grant types.', null) -
Sep 1, 2014 . 2 changed files with 36 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1 +1,3 @@ As [explained in the step 3 of the documentation](https://github.com/FriendsOfSymfony/FOSOAuthServerBundle/blob/master/Resources/doc/index.md#step-3-create-model-classes), you'll have to create four entities : `Client`, `AccessToken`, `RefreshToken` and `AuthCode`. Then to create a `Client`, you might want a command line like that : This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,33 @@ <?php namespace vp\GlobalBundle\Command; use Symfony\Component\Console\Command\Command; use Symfony\Component\Console\Input\InputArgument; use Symfony\Component\Console\Input\InputInterface; use Symfony\Component\Console\Input\InputOption; use Symfony\Component\Console\Output\OutputInterface; class ClientCreateCommand extends Command { protected function configure() { $this ->setName('vp:oauth-server:client-create') ->setDescription('Create a new client') ->addArgument('name', InputArgument::REQUIRED, 'Sets the client name', null) ->addOption('grant-type', null, InputOption::VALUE_REQUIRED | InputOption::VALUE_IS_ARRAY, 'Sets allowed grant type for client. Use this option multiple times to set multiple grant types.', null) ; } protected function execute(InputInterface $input, OutputInterface $output) { $clientManager = $this->getApplication()->getKernel()->getContainer()->get('fos_oauth_server.client_manager.default'); $client = $clientManager->createClient(); $client->setName($input->getArgument('name')); $client->setAllowedGrantTypes($input->getOption('grant-type')); $clientManager->updateClient($client); $output->writeln(sprintf('Added a new client, name : <info>%s</info> and public id : <info>%s</info> and secret id : <info>%s</info>', $client->getName(), $client->getPublicId(), $client->getSecret())); } } -
Sep 1, 2014 . 2 changed files with 38 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -70,4 +70,41 @@ fos_rest: 'Doctrine\ORM\OptimisticLockException': HTTP_CONFLICT messages: 'Symfony\Component\Routing\Exception\ResourceNotFoundException': true ``` And in the `app/config/routing.yml` : ``` # FOSUserBundle fos_user_security: resource: "@FOSUserBundle/Resources/config/routing/security.xml" fos_user_profile: resource: "@FOSUserBundle/Resources/config/routing/profile.xml" prefix: /profile fos_user_register: resource: "@FOSUserBundle/Resources/config/routing/registration.xml" prefix: /register fos_user_resetting: resource: "@FOSUserBundle/Resources/config/routing/resetting.xml" prefix: /resetting fos_user_change_password: resource: "@FOSUserBundle/Resources/config/routing/change_password.xml" prefix: /profile # FOSAuthServerBundle fos_oauth_server_token: resource: "@FOSOAuthServerBundle/Resources/config/routing/token.xml" fos_oauth_server_authorize: resource: "@FOSOAuthServerBundle/Resources/config/routing/authorize.xml" # testApiBundle test_api_bundle: type: rest resource: "@testApiBundle/Resources/config/routing.yml" prefix: / ``` This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1 +1 @@ As [explained in the step 3 of the documentation](https://github.com/FriendsOfSymfony/FOSOAuthServerBundle/blob/master/Resources/doc/index.md#step-3-create-model-classes), you'll have to create four entities : `Client`, `AccessToken`, `RefreshToken` and `AuthCode`. -
Sep 1, 2014 . 2 changed files with 2 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -31,6 +31,7 @@ And in your `app/config/config.yml` : framework: # ... translator: { fallback: "%locale%" } # ... fos_user: db_driver: orm This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1 +1 @@ As [explained in the documentation](https://github.com/FriendsOfSymfony/FOSOAuthServerBundle/blob/master/Resources/doc/index.md#step-3-create-model-classes), you'll have to create four entities : `Client`, `AccessToken`, `RefreshToken` and `AuthCode`. -
Sep 1, 2014 . 2 changed files with 5 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -28,6 +28,10 @@ $bundles = array( And in your `app/config/config.yml` : ```yml framework: # ... translator: { fallback: "%locale%" } fos_user: db_driver: orm firewall_name: main This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1 @@ toto -
Aug 29, 2014 . 1 changed file with 6 additions and 5 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -21,6 +21,7 @@ $bundles = array( new FOS\RestBundle\FOSRestBundle(), new FOS\OAuthServerBundle\FOSOAuthServerBundle(), new Nelmio\ApiDocBundle\NelmioApiDocBundle(), // ... ); ``` @@ -30,14 +31,14 @@ And in your `app/config/config.yml` : fos_user: db_driver: orm firewall_name: main user_class: test\ApiBundle\Entity\User fos_oauth_server: db_driver: orm client_class: test\ApiBundle\Entity\Client access_token_class: test\ApiBundle\Entity\AccessToken refresh_token_class: test\ApiBundle\Entity\RefreshToken auth_code_class: test\ApiBundle\Entity\AuthCode service: options: supported_scopes: read -
Aug 29, 2014 . 1 changed file with 42 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -22,4 +22,46 @@ $bundles = array( new FOS\OAuthServerBundle\FOSOAuthServerBundle(), new Nelmio\ApiDocBundle\NelmioApiDocBundle(), ); ``` And in your `app/config/config.yml` : ```yml fos_user: db_driver: orm firewall_name: main user_class: vp\GlobalBundle\Entity\User fos_oauth_server: db_driver: orm client_class: vp\GlobalBundle\Entity\Client access_token_class: vp\GlobalBundle\Entity\AccessToken refresh_token_class: vp\GlobalBundle\Entity\RefreshToken auth_code_class: vp\GlobalBundle\Entity\AuthCode service: options: supported_scopes: read nelmio_api_doc: ~ sensio_framework_extra: view: annotations: false fos_rest: param_fetcher_listener: true body_listener: true format_listener: true view: view_response_listener: 'force' routing_loader: default_format: json access_denied_listener: json: true exception: codes: 'Symfony\Component\Routing\Exception\ResourceNotFoundException': 404 'Doctrine\ORM\OptimisticLockException': HTTP_CONFLICT messages: 'Symfony\Component\Routing\Exception\ResourceNotFoundException': true ``` -
Aug 29, 2014 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -21,5 +21,5 @@ $bundles = array( new FOS\RestBundle\FOSRestBundle(), new FOS\OAuthServerBundle\FOSOAuthServerBundle(), new Nelmio\ApiDocBundle\NelmioApiDocBundle(), ); ``` -
Aug 29, 2014 . 1 changed file with 14 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,4 +1,4 @@ Let's start by adding the bundles in your `composer.json` : ```json @@ -9,4 +9,17 @@ Let's start by adding the bundles : "friendsofsymfony/oauth-server-bundle": "1.4.*@dev", "nelmio/api-doc-bundle": "2.5.*@dev", } ``` And in your `app/AppKernel.php` : ```php $bundles = array( // ... new JMS\SerializerBundle\JMSSerializerBundle(), new FOS\UserBundle\FOSUserBundle(), new FOS\RestBundle\FOSRestBundle(), new FOS\OAuthServerBundle\FOSOAuthServerBundle(), new Nelmio\ApiDocBundle\NelmioApiDocBundle(), ) ``` -
Aug 29, 2014 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,7 +1,7 @@ Let's start by adding the bundles : ```json { "jms/serializer-bundle": "dev-master", "friendsofsymfony/user-bundle": "2.0.*@dev", -
Aug 29, 2014 . 1 changed file with 12 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1 +1,12 @@ Let's start by adding the bundles : ``` { "jms/serializer-bundle": "dev-master", "friendsofsymfony/user-bundle": "2.0.*@dev", "friendsofsymfony/rest-bundle": "1.4.*@dev", "friendsofsymfony/oauth-server-bundle": "1.4.*@dev", "nelmio/api-doc-bundle": "2.5.*@dev", } ``` -
Aug 29, 2014 . 1 changed file with 1 addition and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1 @@ Let's start -
Aug 29, 2014 . 1 changed file with 2 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -37,6 +37,8 @@ The "usual" process you have with Facebook : login, authorize app, redirection. 2. The user put its credentials in the form, and if it's valid, can allow the "app" (which is the `oauth_client`, _i.e._ the front) to access the back. 3. The user is then redirected to the front, with a nice cookie (`access_token`) that allow the front to request the back API. No example here, we will come back on that process later. ### `grant_type=password` You still want an `access_token` but you get it in one request, by sending everything you have : `oauth_client` `id` and `secret`, and user credentials. -
Aug 29, 2014 . 1 changed file with 2 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -5,7 +5,8 @@ As [William Durand](https://www.github.com/willdurand/) was recently [explaining ## Ok, you know the bundles You might have already seen some good explanation of how to easily create a REST API with Symfony2. There are famous really good bundles a.k.a. : - [FOSRestBundle](https://github.com/FriendsOfSymfony/FOSRestBundle) for RESTing, - [FOSOAuthServerBundle](https://github.com/FriendsOfSymfony/FOSOAuthServerBundle) for security, - [HWIOAuthBundle](https://github.com/hwi/HWIOAuthBundle) for consuming the API, -
Aug 29, 2014 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -62,7 +62,7 @@ This might be usefull when your back is requesting another of your API. User cre This one is to refresh your `access_token`. As your token will expire in one hour, you can ask to refresh it : ``` your_back/oauth/v2/token?client_id=CLIENT_ID&client_secret=CLIENT_SECRET&grant_type=refresh_token&refresh_token=REFRESH_TOKEN ``` As you need to have the `oauth_client` `secret`, this is not usable between our front and back, where `grant_type=authorization_code` will be used. -
Aug 29, 2014 . 1 changed file with 3 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -2,7 +2,9 @@ We will imagine two Symfony projects : - one back with the API and database ([FOSRestBundle](https://github.com/FriendsOfSymfony/FOSRestBundle) and [FOSOAuthServerBundle](https://github.com/FriendsOfSymfony/FOSOAuthServerBundle) with [FOSUserBundle](https://github.com/FriendsOfSymfony/FOSUserBundle)), - and one front who consume the API ([HWIOAuthBundle](https://github.com/hwi/HWIOAuthBundle), no database), that one day will be replace by a JS implementation. As our users will try to connect to our front, we want a login process _à la_ Facebook, which you will see, is the oAuth `grant_type` `authorization_code` process. The front is an `oauth_client` who try to connect to the back. This `oauth_client` is created with a command line on the back. You then retrieve an `id` and a `secret`. -
Aug 29, 2014 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -4,7 +4,7 @@ We will imagine two Symfony projects : - one back with the API and database ([FOSRestBundle](https://github.com/FriendsOfSymfony/FOSRestBundle) and [FOSOAuthServerBundle](https://github.com/FriendsOfSymfony/FOSOAuthServerBundle) with [FOSUserBundle](https://github.com/FriendsOfSymfony/FOSUserBundle)), - and one front who consume the API ([HWIOAuthBundle](https://github.com/hwi/HWIOAuthBundle), no database). The front is an `oauth_client` who try to connect to the back. This `oauth_client` is created with a command line on the back. You then retrieve an `id` and a `secret`. **Warning** If you look into the database to get the `id`, it's the concatenation of the `oauth_client.id` and `oauth_client.random_id`, separated with an underscore. Something looking like `1_kj2gjhlice8wkoxwggpok80hk0wcewkwfkk4c4wocawwgc0ko`. -
Aug 29, 2014 . 1 changed file with 7 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -57,7 +57,13 @@ This might be usefull when your back is requesting another of your API. User cre ### `grant_type=refresh_token` This one is to refresh your `access_token`. As your token will expire in one hour, you can ask to refresh it : ``` PROVIDER_HOST/oauth/v2/token?client_id=CLIENT_ID&client_secret=CLIENT_SECRET&grant_type=refresh_token&refresh_token=REFRESH_TOKEN ``` As you need to have the `oauth_client` `secret`, this is not usable between our front and back, where `grant_type=authorization_code` will be used. ## Bonus RFC-6749 -
Aug 29, 2014 . 1 changed file with 19 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -11,7 +11,19 @@ This `oauth_client` is created with a command line on the back. You then retriev ## You need to learn a bit of oAuth2 You need to understand that there are different "ways" to "connect" with oAuth2 and retrieve an `access_token` that you will use to hit your API. They are well explained in this [Tankist blog post](http://blog.tankist.de/blog/2013/07/18/oauth2-explained-part-3-using-oauth2-with-your-bare-hands/) (read them all, they are just great). Whatever the way you use to retrieve the `access_token`, you want to get something like this : ``` { access_token: "NGM3NDI2OGQ0MTRjMjhkYzY5ZGQ1YjViODhmYzNlZmRiNGI3YjIxN2IxZDcxY2ZjMDI3MmY3NjI2N2ZhODJjYQ" expires_in: 3600 token_type: "bearer" scope: null refresh_token: "MjQyNTM0NjBiMmZlYjY3MGM2OGJmMDllZjE0ZjNhYTMxZmIyN2ZmMGRlOGJlOGUwYjRkZmJkMWU4NmY5NDVlYQ" } ``` These ways are defined by a `grant_type` that you set to an `oauth_client` (multiple `grant_type` is possible) (it might be specific to [FOSOAuthServerBundle](https://github.com/FriendsOfSymfony/FOSOAuthServerBundle), but I presume you will not use something else) : @@ -31,6 +43,8 @@ You still want an `access_token` but you get it in one request, by sending every your_back/oauth/v2/token?client_id=CLIENT_ID&client_secret=CLIENT_SECRET&grant_type=password&username=USERNAME&password=PASSWORD ``` The process is of course simpler, but your front is storing the `oauth_client` `secret`. It might be ok because our front is in PHP, but if it's one day in Javascript, it might not be good. Also the process is not as cool as the real "Facebook/Google/GitHub" one :) ### `grant_type=client_credentials` Simplest request, no user credential, you only send `oauth_client` `id` and `secret` : @@ -39,8 +53,12 @@ Simplest request, no user credential, you only send `oauth_client` `id` and `sec your_back/oauth/v2/token?client_id=CLIENT_ID&client_secret=CLIENT_SECRET&grant_type=client_credentials ``` This might be usefull when your back is requesting another of your API. User credential might not be needed. ### `grant_type=refresh_token` This one is ## Bonus RFC-6749 I found it was the clearest explanation of the [authorization_code](http://tools.ietf.org/html/rfc6749#section-1.3.1) :
NewerOlder