FOSOAuthServerBundle authorization grant

Question

I'm writing a REST API in Symfony 3.1.1, and I have some problem with authentication. I'm using FOSOAuthServerBundle for this, and it's works fine. The problem is that the clients don't know client_id and client_secret, but his username and password...

I want to allow my clients to authenticante with the REST API with username and password, not client_id and client_secret.

Is it possible?

Thanks in advance. (Sorry for my English, I'm learning)

score 0 · Answer 1 · answered Aug 17 '16 at 16:25

0

I faced the same problem in two different scenarios and I solved it in these ways: - Proxy the login function with and endpoint in your frontend that knows the client_id and client_secret - Create a custom grant that doesn't need the cliend_id and client_secret. In Symfony 2.x you have to create a class implementing the GrantExtensionInterface interface and declare it as a service tagged with:

tags: - { name: fos_oauth_server.grant_extension, uri: "http://whateveryouwahtn.tld/my_custom_grant" }

The uri format is the standard for oAuth. That url doesn't need to be valid.

answered Aug 17 '16 at 16:25

Carlos

1,411
15
21

Yes, I was thinking in something like that. It seems weird that FOS does not have contemplated this situation ... Are we doing okay? – Abel Osorio Aug 17 '16 at 17:32
From my experience, I have both solutions running in prod environment. If it is correct or not... I thin it is, as FosOauthServer sticks to the oAuth standard, ant lets you the chance to build customs grant, so you can extend on demmand. The client_id and client_secret produces several troubles in mobile environmets as the should be hard_coded somewhere in the app, so if you change them you have to update the app in the market place. The usual solution is proxying the auth endpoint and keep he cliente_id and secret in your "backend" – Carlos Aug 17 '16 at 17:35
Nice comment @Carlos . So, could you please give us a link to example to learn from? Or may be you share with us you solution. Thanks ;) – Amine Jallouli Sep 13 '16 at 09:41

score 0 · Answer 2 · edited Oct 07 '21 at 13:33

0

Use password credentials grant type https://www.rfc-editor.org/rfc/rfc6749#section-4.3 its fully suppported by the bundle

edited Oct 07 '21 at 13:33

Community

1
1

answered Nov 29 '16 at 03:32

hazarin

21
2

FOSOAuthServerBundle authorization grant

2 Answers2