0

I am a fairly novice Symfony (v3) developer and try to implement a Facebook login on my web application with HWIOAuthBundle. I have already read upon OAuth2 and understand the basic workflow using Authorization Code. Furthermore I have studied Facebook's relevant on tutorial. Also I followed the complete HWIOAuthBundle tutorial. However, due to the very sparse documentation imho on HWIOAuth-side, I am still not able to grasp "all the magic" that is happening under the hood inside the bundle.

(1) I do not fully understand the example Twig Template:

(a) If I understand correctly, if response.status === 'connected' then Facebook has already returned an access token. In the template, a call is made to url("hwi_oauth_service_redirect", {service: "facebook"}). Do I assume rightly that the controller behind the service then loads the rest of the user information from Facebook and then calls the configured oauth_user_provider to start authentication process in symfony?

(b) If response.status is not equal to connected, then user is still not logged in yet (either not into Facebook or not into app). In the Twig template, again a redirect is being made to url("hwi_oauth_service_redirect", {service: "facebook"}). Why is again the same controller called and what does it do then?

(2) I do not understand all configuration parameters as shown in the HWIOAuthBundle tutorial:

(a) routing.yml:

  • What is the entry for

hwi_oauth_login: resource: "@HWIOAuthBundle/Resources/config/routing/login.xml" prefix: /login

good for?

(b) security.yml:

oauth: resource_owners: facebook: "/login/check-facebook" login_path: /login failure_path: /login

  • What is behind /login/check-facebook?
  • What is the purpose of login_path, what is behind /login?
user38931
  • 53
  • 9
  • Here you have full working example how to implement login via facebook: https://gist.github.com/danvbe/4476697 – malcolm Jan 31 '16 at 16:10
  • Thanks for posting, but I already came across this and found out this unfortunately to be just another ready-made set-up for use. However, I would like to understand the specifics of the HWIOAuthBundle (see questions above), and just by looking at ready-to-use configurations is not completely answering my open questions. – user38931 Jan 31 '16 at 16:38
  • So if you cannot understand what's going on in that link, you should learn symfony/PHP basics first. – malcolm Jan 31 '16 at 16:59
  • @malcolm Ok, so in above gist, inside _security.yml_, `security.firewalls.main.resource_owners.facebook` is declared with `/login/check-facebook`. So which part of Symfony or PHP basic tells me what logic is behind `login/check-facebook`? Thanks. – user38931 Jan 31 '16 at 17:58
  • I suppose router component tell you that. It's looks like path isn't? So the path can be what you like, just you must set it in router and name it `facebook_login`. – malcolm Jan 31 '16 at 18:49
  • I saw that, too, aready in routing.yml. But still: **What is the logic behind the route `login/check-facebook`?** What is it that happens exactly if a request is sent to this route? Where is the code location in HWIOAuthBundle that handles requests sent to this route? – user38931 Jan 31 '16 at 18:53
  • What you try to do, make similar bundle or what? Go to source of the bundle and check the logic, use profiler to find what happen on that route. If you want to use this bundle, just implement user provider with these two methods from gist, simple as hell. – malcolm Jan 31 '16 at 19:19

1 Answers1

2

1)a) No. The controller (link) ends up redirecting the user to an authorization url It redirects the user to the authorization url

1)b) You can be logged into facebook but you might have rejected the app in the past. FB.login asks the user again for permission (that's why the scope:email is added there)

2)a) it loads the login routes under a prefix if you check that file you'll see that it adds a route under the "/" path putting the prefix helps you avoid conflicts with your other routes.

2)b) it's not a real route it gets intercepted by the firewall to check user auth. If you've implemented a normal login html form it's the same as /login_check, it's where your login html form action is but there's no controller behind it. Symfony security is extremely flexible so it can get a little bit complicated to wrap your head around it, I recommend that you see this slides from Sarah Khalil where she explains it. login_path is where your normal login form would live, in this case it's where your facebook login button, and the rest of your twig template, would be.

xocasdashdash
  • 529
  • 7
  • 16