0

I've developed an APIRest service to consume data from a mobile app. I've used the Symfony2 bundles: FOSOAuthServerBundle, FOSUserBundle and FOSRestBundle and all work fine but I need to differenciate the admin panel users and the api users because now if I try to authenticate with an admin from app, I will obtain a token however I only want to get a valid one with api users.

For example, with the next users I should get a valid token with the second request and an invalid grant response with the first but I obtain a valid token with both of them:

adminuser (ROLE_ADMIN)

https://app.myweb.com/oauth/v2/token?username=adminuser&password=12345&client_id=...&client_secret=...&grant_type=password

appuser (ROLE_APP)

https://app.myweb.com/oauth/v2/token?username=appuser&password=12345&client_id=...&client_secret=...&grant_type=password

Thanks a lot for put me on the correct way to solve this and sorry for my english.

xabi82
  • 111
  • 3
  • 9

1 Answers1

0

From FOSOAuthServerBundle documentation:

https://github.com/FriendsOfSymfony/FOSOAuthServerBundle/blob/master/Resources/doc/index.md#step-5-configure-fosoauthserverbundle

Create a user provider and add it to the fos_oauth_server configuration:

fos_oauth_server:
    ...
    service:
        user_provider: my_custom_user_provider_service

Create provider extending the Symfony\Component\Security\Core\User\UserProviderInterface interface and check if user has the ROLE_APP granted. Documented here:

http://symfony.com/doc/current/cookbook/security/custom_provider.html

piotr.jura
  • 810
  • 9
  • 17