bshaffer / oauth2-server-bundle Goto Github PK

View Code? Open in Web Editor NEW

106.0 18.0 72.0 104 KB

OAuth2 for your Symfony Application

License: MIT License

PHP 99.44% HTML 0.56%

oauth2-server-bundle's Issues

User credentials issue

Hello,

I followed the readme instructions and added this to my config.yml :

oauth2.user_provider.class: Amce\OAuth2ServerBundle\User\OAuth2UserProvider

But it doesn't work, so i noticed it should be Acme instead of Amce, but same thing i can't get it to work, i get this error :

PHP Fatal error: Class 'Acme\OAuth2ServerBundle\User\OAuth2UserProvider' not found in /home/myuser/oauthserver/var/cache/dev/appDevDebugProjectContainer.php on line 2239

Error install via composer

$ php composer.phar update bshaffer/oauth2-server-bundle

Loading composer repositories with package information
Updating dependencies (including require-dev)
Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - Installation request for bshaffer/oauth2-server-bundle dev-master -> satisfiable by bshaffer/oauth2-server-bundle[dev-master].
    - bshaffer/oauth2-server-bundle dev-master requires bshaffer/oauth2-server-php dev-develop -> no matching package found.
  Problem 2
    - bshaffer/oauth2-server-bundle dev-master requires bshaffer/oauth2-server-php dev-develop -> no matching package found.
    - symfony/framework-standard-edition 2.4.x-dev requires bshaffer/oauth2-server-bundle dev-master -> satisfiable by bshaffer/oauth2-server-bundle[dev-master].
    - Installation request for symfony/framework-standard-edition 2.4.x-dev -> satisfiable by symfony/framework-standard-edition[2.4.x-dev].

Potential causes:
 - A typo in the package name
 - The package is not available in a stable-enough version according to your minimum-stability setting
   see <https://groups.google.com/d/topic/composer-dev/_g3ASeIFlrc/discussion> for more details.

Read <http://getcomposer.org/doc/articles/troubleshooting.md> for further common problems.

Provide easy means to change entity managers

Allow configuration to switch entity managers.

We use several database connections and manually map our entity managers. This causes problems when we don't want the OAuth entities to exist in the main entity manager.

As a workaround I added a compiler pass which while not the prettiest of solutions but it allows everything to work as intended.


use Symfony\Component\DependencyInjection\Compiler\CompilerPassInterface;
use Symfony\Component\DependencyInjection\ContainerBuilder;
use Symfony\Component\DependencyInjection\Reference;

class OAuthCompilerPass implements CompilerPassInterface
{
    public function process(ContainerBuilder $container)
    {
        $replaceEmServices = [
            'oauth2.user_provider',
            'oauth2.scope_manager',
            'oauth2.storage.client_credentials',
            'oauth2.storage.authorization_code',
            'oauth2.storage.user_credentials',
            'oauth2.storage.access_token',
            'oauth2.storage.refresh_token',
            'oauth2.storage.scope',
            'oauth2.client_manager',
        ];

        //Set this to the service id of your entity manager
        $newEntityManager = 'doctrine.orm.connect_entity_manager';

        foreach ($replaceEmServices as $serviceId) {
            if ($container->hasDefinition($serviceId)) {
                $definition = $container->getDefinition($serviceId);
                $reference  = new Reference($newEntityManager);

                $definition->replaceArgument(0, $reference);
            }
        }
    }
}

[BUG] Entity\AuthorizationCode::setExpires should not UTC Time.

https://github.com/bshaffer/oauth2-server-bundle/blob/develop/Storage/AuthorizationCode.php#L99

From above line you set UTC time, But in your OAuth2\GrantType/AuthorizationCode::validateRequest you have check by default time zone.

It should be: (new \DateTime())->setTimestamp($expires).

https://github.com/bshaffer/oauth2-server-php/blob/develop/src/OAuth2/GrantType/AuthorizationCode.php#L63

Symfony Security Component Integration

Implement integration with the security component:

http://symfony.com/blog/new-in-symfony-2-4-customize-the-security-features-with-ease

[ Question ] How can I change the Client entity and use my own existing client entity to use it with oauth?

So the title says everything. I have an entity called Company but I want use it as Client Oauth and don't use the OAuth client entity. How can I se mine?

Thanks a lot.

NOTICE: Deleted Master Branch

Yes, I deleted the master branch. Any composer references to dev-master will no longer work. Please update your code to use the latest tag (0.4)

Annotation mismatch oauth2-server-bundle/Entity/Client.php

Impact: Cosmetic...
Looks like there are some annotation mismatches in the Client Entity file...

Client-Entity.txt

Undefined method errors after PR #42

I'm getting the following error on the authorization endpoint after updating to the latest commit containing PR #42:

Symfony\Component\Debug\Exception\UndefinedMethodException: Attempted to call an undefined method named "createFromRequestStack" of class "OAuth2\HttpFoundationBridge\Request".
Did you mean to call "createFromRequest"?

ClientCredentials misses two interface methods

OAuth2\ServerBundle\Storage\ClientCredentials misses two interface methods. This causes a fatal error:

Fatal error: Class OAuth2\ServerBundle\Storage\ClientCredentials contains 2 abstract methods and must therefore be declared abstract or implement the remaining methods (OAuth2\Storage\ClientCredentialsInterface::isPublicClient, OAuth2\Storage\ClientInterface::getClientScope) in my/project/vendor/bshaffer/oauth2-server-bundle/OAuth2/ServerBundle/Storage/ClientCredentials.php on line 116

I am looking to use oauth2 to restrict access to an API that I have created using Restler. Restler is supposed to use your server library. Based upon using oauth2-server-bundle or Restler, how do I validate the token and then redirect to the API?

composer dependencies error

did exectly what you wrote in you examples.

composer update bshaffer/oauth2-server-bundle

Loading composer repositories with package information
Updating dependencies (including require-dev)
Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - Installation request for bshaffer/oauth2-server-bundle dev-master -> satisfiable by bshaffer/oauth2-server-bundle[dev-master].
    - bshaffer/oauth2-server-bundle dev-master requires bshaffer/oauth2-server-php dev-master -> no matching package found.

Potential causes:
 - A typo in the package name
 - The package is not available in a stable-enough version according to your minimum-stability setting
   see <https://groups.google.com/d/topic/composer-dev/_g3ASeIFlrc/discussion> for more details.

Read <http://getcomposer.org/doc/articles/troubleshooting.md> for further common problems.

JWT support in this bundle?

In the OAuth2 server that this based on it appears to support JWT tokens (http://bshaffer.github.io/oauth2-server-php-docs/overview/jwt-access-tokens/) but I don't see how to utilize this with the Symfony bundle. Is there some way in the tokenAction() for the TokenController to do this?

function checkScope receives array of string as the second parameter but it expects a string

Hi @bshaffer,

When executing the following curl command to test the token endpoint:

curl -u testuser:testpass https://someIP/Symfony-OAuth-Server/web/app_dev.php/token -k -d 'grant_type=client_credentials&scope=photo_engine'

the following error is given:

in /var/www/Symfony-OAuth-Server/vendor/bshaffer/oauth2-server-php/src/OAuth2/Scope.php line 49

at Symfony\Component\Debug\ErrorHandler-&gt;handle(&#039;2&#039;, &#039;trim() expects parameter 1 to be string, array given&#039;, &#039;/var/www/Symfony-OAuth-Server/vendor/bshaffer/oauth2-server-php/src/OAuth2/Scope.php&#039;, &#039;49&#039;, array(&#039;required_scope&#039; =&gt; array(&#039;photo_engine&#039;), &#039;available_scope&#039; =&gt; array(&#039;xyz&#039;, &#039;photo_engine&#039;)))
    in  line

at trim(array(&#039;xyz&#039;, &#039;photo_engine&#039;))
    in /var/www/Symfony-OAuth-Server/vendor/bshaffer/oauth2-server-php/src/OAuth2/Scope.php line 49

at OAuth2\Scope-&gt;checkScope(&#039;photo_engine&#039;, array(&#039;xyz&#039;, &#039;photo_engine&#039;))
    in /var/www/Symfony-OAuth-Server/vendor/bshaffer/oauth2-server-php/src/OAuth2/Controller/TokenController.php line 173

at OAuth2\Controller\TokenController-&gt;grantAccessToken(object(Request), object(Response))
    in /var/www/Symfony-OAuth-Server/vendor/bshaffer/oauth2-server-php/src/OAuth2/Controller/TokenController.php line 49

at OAuth2\Controller\TokenController-&gt;handleTokenRequest(object(Request), object(Response))
    in /var/www/Symfony-OAuth-Server/vendor/bshaffer/oauth2-server-php/src/OAuth2/Server.php line 256

at OAuth2\Server-&gt;handleTokenRequest(object(Request), object(Response))
    in /var/www/Symfony-OAuth-Server/vendor/bshaffer/oauth2-server-bundle/OAuth2/ServerBundle/Controller/TokenController.php line 31

What happens is that the function checkScope gets an array of available scopes as the second parameter and tries to trim it. Either the function checkScope should get string as the second parameter or it should not be trimmed because array is already provided.

This kind of behaviour comes out of the box.

There are no commands defined in the "OAuth2" namespace.

symfony 4.4.8
php 7.3

When I run the command -
php bin/console OAuth2:CreateScope scope read

it gives the following error -
There are no commands defined in the "OAuth2" namespace.

OpenID Connect support

It seems that oauth2-server-php supports OpenID Connect. Does it mean this bundle does it too?

user_id is not passed in ClientCredentials

From what I see in GrantType/ClientCredentials.php in method getUserId we request $this->clientData['user_id'].
Going to Storage/ClientCredentials.php it seems this storage do not return user_id. Also, in oauth_client table there is no column user_id.

Then, if we have ability to create custom UserProvider, it means that this provider should be used when retrieving user.

Question is - it is intentional, or it might be implemented or what is the appropriate solution in this case?

"The grant type was not specified in the request"

I have the following code to test against a local instance of this oauth2-server-bundle that I included in a symfony demo app for test purposes.

I am testing the token endpoint.

When I test with the code below I get the error message:

"The grant type was not specified in the request"

Can anyone tell me why?

When I debug I see that the $_REQUEST does contain all parameters but the

$this->get('oauth2.request') does not contain any of the parameters.

When I use a straight curl command from the terminal as demonstrated in the documentation

curl -u testclient:testpass http://localhost/token.php -d 'grant_type=authorization_code&code=YOUR_CODE'

I don't have any problems. I get back the expected results.

    $username='oauthopenidserver';
    $password='rfl703uk0qsgwg0gs840w0c8884s0w4';
    $url = 'http://oauthopenidserver.com:8080/token';
    $fields = array(
        'code' => $auth_code,
        'grant_type' => 'authorization_code',
        'redirect_uri' => 'http://localhost:8000/en/sso/login_oidc',
        'scope' => 'openid',
    );

    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL,$url);
    curl_setopt($ch, CURLOPT_TIMEOUT, 30); //timeout after 30 seconds
    curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
    curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
    curl_setopt($ch, CURLOPT_USERPWD, "$username:$password");
    curl_setopt($ch, CURLOPT_POSTFIELDS, $fields);
    curl_setopt($ch, CURLOPT_POST, true);
    $status_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);   //get status code
    $response=curl_exec ($ch);
    curl_close ($ch);

Client isPublic must be null for user credential

Hi,

I tried to implement a user credential Grant type, but it's not work. When I read the doc http://bshaffer.github.io/oauth2-server-php-docs/grant-types/user-credentials/ , I saw that client ID didn't need a client secret. However, in the bundle, it's mandatory. I updated the entity doctrine client. I had

fields:
        client_secret:
            type:       string
            length:     40
            nullable:   true

Make all OAuth2-services public

Make all defines services in oauth2-server-bundle/Resources/config/services.xml public so Symfony 3 & Symfony 4 can use them via $controller->get(). Per default all defined services are now private.

services.txt

Does this bundle supports Symfony 3?

Scope is not required in Client Credentials grant type

The scope in the request should be optional.
https://tools.ietf.org/html/rfc6749#section-4.4.1

Request:

curl https://api.mysite.com/token -d 'grant_type=client_credentials&client_id=TestClient&client_secret=TestSecret'

Response:

{
    "error": "invalid_scope",
    "error_description": "This application requires you specify a scope parameter"
}

Symfony 3 support

There is a SF3 support planned here ?

Composer...why no tags?

Problem 1
- Installation request for bshaffer/oauth2-server-bundle dev-master -> satisfiable by bshaffer/oauth2-server-bundle[dev-master].
- bshaffer/oauth2-server-bundle dev-master requires bshaffer/oauth2-server-php dev-master -> no matching package found.

Can't you just create a tag, like you're supposed to do?

Documentation improvements and bundle configuration

Hi @bshaffer,

Thanks for this great work, as far as I could test it seems neat and flexible.

I'm currently trying to create my own OAuth server with your bundle and I've some problems of implementation.

The context is a bit unusual: my project don't store users password. It uses a external authentication system which provide only the user login. Thus I can't create a UserProvider as I don't have any passwords in my database.

What would be the best way to create a three legged authentication code oauth server without user provider ? It seems possible, but after some tests I didn't find anything conclusive.

And by the way, I know how hard it is to write a good documentation when you are the developper, as you can't understand the users problems. If you want, I can explain to you what I don't get about the bundle to improve doc.

PS : a reference for configuration, grant types, storage implementations etc. could be really useful!

Authorization Code & Login Forms

I know this bundle is early in development (only v0.2), but I was wondering what the plans were for adding a way to hook into an existing authentication system (like FOSUserBundle), so we could have the authorization code flow like Google, Facebook, Github, where you can login and manage your authorizations and such.

I might be missing this if it's already in the bundle, I'm pretty new to Symfony. If I am could you just point out to me how I might implement a login form with this?

Introduce mapped-superclass

I think it could be really nice to change entities to mapped superclass to be able to inherit those class when needed. A little bit like FOSUserBundle does.

At the moment, I would like to add informations in the Client and the User entities but as a limitation with Doctrine and Entities, I can't do that without changing the server code. But I guess, it could be useful also with other entities.

http_basic included in README

I suggest to include that http_basic in a firewall configuration in app/config/security.yml shouldn't be setted as true.

TokenController.php and RouteController.php have the same route annotation

Hi @bshaffer,

When testing the resource endpoint

curl -u testclient:testpass https://serverIP/Symfony-OAuth-Server/web/app_dev.php/resource -k -d 'access_token=YOUR_TOKEN'

the TokenController gets executed instead of the ResourceController.

It is due to the fact that the ResourceController and TokenController have exactly the same route annotation. ResourceController should have the route e.g. @route("/resource", name="_resource") instead of @route("/token", name="_token").

After modifying the route the following error is raised:

CRITICAL - Uncaught PHP Exception ReflectionException: "Class OAuth2\ServerBundle\Controller\Application does not exist" at /var/www/Symfony-OAuth-Server/app/cache/dev/classes.php line 5997

Here is the full stack trace:

in /var/www/Symfony-OAuth-Server/vendor/sensio/framework-extra-bundle/Sensio/Bundle/FrameworkExtraBundle/EventListener/ParamConverterListener.php line 81

at ReflectionParameter-&gt;getClass()
    in /var/www/Symfony-OAuth-Server/vendor/sensio/framework-extra-bundle/Sensio/Bundle/FrameworkExtraBundle/EventListener/ParamConverterListener.php line 81

at Sensio\Bundle\FrameworkExtraBundle\EventListener\ParamConverterListener-&gt;autoConfigure(object(ReflectionMethod), object(Request), array())
    in /var/www/Symfony-OAuth-Server/vendor/sensio/framework-extra-bundle/Sensio/Bundle/FrameworkExtraBundle/EventListener/ParamConverterListener.php line 72

at Sensio\Bundle\FrameworkExtraBundle\EventListener\ParamConverterListener-&gt;onKernelController(object(FilterControllerEvent), &#039;kernel.controller&#039;, object(ContainerAwareEventDispatcher))
    in  line

at call_user_func(array(object(ParamConverterListener), &#039;onKernelController&#039;), object(FilterControllerEvent), &#039;kernel.controller&#039;, object(ContainerAwareEventDispatcher))
    in /var/www/Symfony-OAuth-Server/vendor/symfony/symfony/src/Symfony/Component/EventDispatcher/Debug/WrappedListener.php line 59

at Symfony\Component\EventDispatcher\Debug\WrappedListener-&gt;__invoke(object(FilterControllerEvent), &#039;kernel.controller&#039;, object(ContainerAwareEventDispatcher))
    in  line

at call_user_func(object(WrappedListener), object(FilterControllerEvent), &#039;kernel.controller&#039;, object(ContainerAwareEventDispatcher))
    in /var/www/Symfony-OAuth-Server/vendor/symfony/symfony/src/Symfony/Component/EventDispatcher/EventDispatcher.php line 164

at Symfony\Component\EventDispatcher\EventDispatcher-&gt;doDispatch(array(object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener)), &#039;kernel.controller&#039;, object(FilterControllerEvent))
    in /var/www/Symfony-OAuth-Server/vendor/symfony/symfony/src/Symfony/Component/EventDispatcher/EventDispatcher.php line 53

at Symfony\Component\EventDispatcher\EventDispatcher-&gt;dispatch(&#039;kernel.controller&#039;, object(FilterControllerEvent))
    in /var/www/Symfony-OAuth-Server/vendor/symfony/symfony/src/Symfony/Component/EventDispatcher/ContainerAwareEventDispatcher.php line 167

at Symfony\Component\EventDispatcher\ContainerAwareEventDispatcher-&gt;dispatch(&#039;kernel.controller&#039;, object(FilterControllerEvent))
    in /var/www/Symfony-OAuth-Server/vendor/symfony/symfony/src/Symfony/Component/EventDispatcher/Debug/TraceableEventDispatcher.php line 112

at Symfony\Component\EventDispatcher\Debug\TraceableEventDispatcher-&gt;dispatch(&#039;kernel.controller&#039;, object(FilterControllerEvent))
    in /var/www/Symfony-OAuth-Server/app/bootstrap.php.cache line 2971

at Symfony\Component\HttpKernel\HttpKernel-&gt;handleRaw(object(Request), &#039;1&#039;)
    in /var/www/Symfony-OAuth-Server/app/bootstrap.php.cache line 2936

at Symfony\Component\HttpKernel\HttpKernel-&gt;handle(object(Request), &#039;1&#039;, true)
    in /var/www/Symfony-OAuth-Server/app/bootstrap.php.cache line 3085

at Symfony\Component\HttpKernel\DependencyInjection\ContainerAwareHttpKernel-&gt;handle(object(Request), &#039;1&#039;, true)
    in /var/www/Symfony-OAuth-Server/app/bootstrap.php.cache line 2335

at Symfony\Component\HttpKernel\Kernel-&gt;handle(object(Request))
    in /var/www/Symfony-OAuth-Server/web/app_dev.php line 28

bshaffer / oauth2-server-bundle Goto Github PK

oauth2-server-bundle's Issues

Recommend Projects

Recommend Topics

Recommend Org