2

I'm defining a new Controller to act as a proxy between a JS app and the OAuth server. The code is below:

namespace Acme\SecurityBundle\Controller;

use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\HttpFoundation\Request;

class ProxyController extends Controller
{
    public function forwardTokenRequestAction(Request $request)
    {
        if( ! $request->isXmlHttpRequest() )
        {
            throw WhateverException();
        }

        $request->request->add( array(
            'client_id'=>'...',
            'client_secret'=>'...'
        ));
        return $this->forward('FOSOAuthServerBundle:Token:token');

    }
}

But I get the following error since the TokenController I'm forwarding to has a contructor expecting an OAuth server as a parameter:

Catchable Fatal Error: Argument 1 passed to FOS\\OAuthServerBundle\\Controller\\TokenController::__construct() must be an instance of OAuth2\\OAuth2, none given

I do not know:

  1. where I can get this server instance
  2. how can I pass it to the TokenController
  3. if my method as a whole is correct or not
Silverspur
  • 891
  • 1
  • 12
  • 33
  • If you can access the container services of FOS OAuth2, I'd suggest you to go by that route. If you are trying to add auth to the js app, you can use an oauth2 client directly – lcapra Feb 11 '15 at 22:42
  • I'm sorry I do not understand what 'the container services of FOS OAuth2' are, could you precise a little bit? As for letting my JS App be directly a OAuth client, it is unfortunately not possible (if I understood correctly) since FOSOAuthServerBundle implementation only allows for private clients which are incompatible with JS (one do not want to have to publish client id and secret in JS code...). – Silverspur Feb 12 '15 at 00:02

1 Answers1

3

I'd go with something like $this->get('fos_oauth_server.controller.token')->tokenAction($request) (not tried but should work)

See https://github.com/FriendsOfSymfony/FOSOAuthServerBundle/blob/master/Resources/config/oauth.xml for services definition and the in the DependencyInjection folder too for aliases. Xdebug is your friend.

If in this proxy you are pre-setting the client_secret/client_id you are bypassing the authentication, so probably you can skip the auth at all.

You could use the token auth (which redirect the user to the login page) and gives you back an access token for further requests.

This helped me a lot while deciding which type of auth mechanism to use https://aaronparecki.com/articles/2012/07/29/1/oauth2-simplified

lcapra
  • 1,420
  • 16
  • 18