0

I want to create a oauth2 server for my websites (3 websites, 1 login). I created the server, I used FOSUserBundle and FOSOAuthServerBundle, I followed the instructions.

But I have 1 problem. I can create token through /oauth/v2/token this is fine. I can go to /oauth/v2/oauth, but when I'm redirected to the website, I have examle.com?error=invalid_request&error_description=Invalid+response+type.

And if I login at /login, I will be logged in, but no token is created. This would be fine if I only had 1 website, but I would like to make something more like Google (if you are on maps, youtube... if you want to log in, you are redirected to accounts.google.com, login, then back to the website), but I can't see how to do that right now. I guess I need to do more work, but where exactly ?

My security.yml right now:

security:
encoders:
    FOS\UserBundle\Model\UserInterface: sha512

role_hierarchy:
    ROLE_ADMIN:       ROLE_USER
    ROLE_SUPER_ADMIN: ROLE_ADMIN

providers:
    fos_userbundle:
        id: fos_user.user_provider.username

firewalls:
    main:
        pattern: ^/
        form_login:
            provider: fos_userbundle
            csrf_provider: form.csrf_provider
        logout:       true
        anonymous:    true

    oauth_token:
        pattern:    ^/oauth/v2/token
        security:   false

    oauth_authorize:
        pattern:    ^/oauth/v2/auth
        anonymous: true

    api:
        pattern:    ^/api
        fos_oauth:  true
        stateless:  true
        anonymous:  false # can be omitted as its default value

access_control:
    - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/admin/, role: ROLE_ADMIN }
    - { path: ^/api, roles: [ IS_AUTHENTICATED_FULLY ] }

Should I create a new login page, or user provider? Thanks :)

Tomasz Madeyski
  • 10,742
  • 3
  • 50
  • 62
Arvi89
  • 41
  • 8
  • It seems your request to /oauth/v2/auth is malformed. I used this article to understand the FosOauthBundle : http://blog.tankist.de/blog/2013/07/16/oauth2-explained-part-1-principles-and-terminology/. Maybe you could read it. Could you write here /oauth/v2/auth your request params ? – loicfavory Jan 20 '15 at 07:37
  • Sure, it is: /oauth/v2/auth?client_id=CLIENT_ID&redirect_uri=http://www.example.com When I go there, I have to log in (with the fosuser login page), then I arrive on the deny-allow page from fosauthserverbundle, then I'm redirected on example.com, with the error, and no token is created – Arvi89 Jan 20 '15 at 07:41

1 Answers1

1

You didn't specify a response type. You should use this request :

PROVIDER_HOST/oauth/v2/auth?client_id=CLIENT_ID&response_type=code&redirect_uri=CLIENT_HOST

Then get access with code :

CLIENT_HOST/?code=Yjk2MWU5YjVhODBiN2I0ZDRkYmQ1OGM0NGY4MmUyOGM2NDQ2MmY2ZDg2YjUxYjRiMzAwZTY2MDQxZmUzODg2YQ

Then ask for the token :

PROVIDER_HOST/oauth/v2/token?client_id=CLIENT_ID&client_secret=CLIENT_SECRET&grant_type=authorization_code&redirect_uri=http%3A%2F%2Fclinet.local%2F&code=CODE

More info here : http://blog.tankist.de/blog/2013/07/18/oauth2-explained-part-3-using-oauth2-with-your-bare-hands/

loicfavory
  • 837
  • 6
  • 14
  • Oh, last thing, if It's my website, I don't want to have the allow/deny step, should I override the controller to add exception for some uri or is there another way? edit: I'll read the page 3 of the blog first before asking other questions :) – Arvi89 Jan 20 '15 at 08:25
  • To do that, you should ask for a token without using the auth request. For exemple, you can allow your CLIENT the `client_credentials` grant_type. Read all pages of the blog, it's well documented. And valid my answer please ;) – loicfavory Jan 20 '15 at 08:39