Comments (6)
Just as note for others trying the code above,
if ($request->getMethod() !== 'POST' || null === $event->getUser()) {
should be
if ($request->getMethod() !== 'POST' && null === $event->getUser()) {
Otherwise you will directly get a denied for your request.
Another change that is needed is that the default provided routes (Might only apply if you use symfony flex?) doesn't allow POST go /authorize, so instead of including the default route file, you will need to define the routes yourself.
With those changes it works perfectly, thanks!
from oauth2-bundle.
To anyone having the same problem as @metasearch7, this is what I did:
Create AuthRequestResolve:
<?php
namespace App\EventListener;
use Trikoder\Bundle\OAuth2Bundle\Event\AuthorizationRequestResolveEvent;
final class AuthRequestResolve
{
public function onAuthRequestResolve(AuthorizationRequestResolveEvent $event): void
{
// TODO: if using 3rd party clients, make sure the user approves access
$event->resolveAuthorization(TRUE);
}
}
Add this in services.yaml:
App\EventListener\AuthRequestResolve:
tags:
- { name: kernel.event_listener, event: trikoder.oauth2.authorization_request_resolve, method: onAuthRequestResolve }
I think maybe in the onAuthRequestResolve is where you ask the user to review the app's permissions.
from oauth2-bundle.
Check out #177 for documentation on this. If you would like to have an intermediate page, I've done this in the event handler (though I'm not sure what the best practices are for this):
public function onAuthorizationRequest(AuthorizationRequestResolveEvent $event): void
{
$request = $this->requestStack->getCurrentRequest();
// only handle post requests for logged-in users:
// get requests will be intercepted and shown the login form
// other verbs we will handle as an authorization denied
// and this implementation ensures a user is set at this point already
if ($request->getMethod() !== 'POST' || null === $event->getUser()) {
$event->resolveAuthorization(AuthorizationRequestResolveEvent::AUTHORIZATION_DENIED);
return;
}
if (!$request->request->has('action')) {
// 1. successful login, goes to grant page
$content = $this->twig->render('security/grant.html.twig', [
'scopes' => $event->getScopes(),
'client' => $event->getClient(),
'grant' => static::AUTHORIZATION_GRANT,
// very simple way to ensure user gets to this point in the
// flow when granting or denying is to pre-add their credentials
'email' => $request->request->get('email'),
'password' => $request->request->get('password'),
]);
$response = new Response(200, [], $content);
$event->setResponse($response);
} else {
// 2. grant operation, either grants or denies
if ($request->request->get('action') == static::AUTHORIZATION_GRANT) {
$event->resolveAuthorization(AuthorizationRequestResolveEvent::AUTHORIZATION_APPROVED);
} else {
$event->resolveAuthorization(AuthorizationRequestResolveEvent::AUTHORIZATION_DENIED);
}
}
}
security/grant.html.twig:
<form method="post">
{% if app.user %}
<div class="mb-3">
You are logged in as {{ app.user.username }}, <a href="{{ path('api_logout') }}">Logout</a>
</div>
{% endif %}
<h1 class="h3 mb-3 font-weight-normal">Grant Permissions</h1>
<input type="hidden" name="_csrf_token"
value="{{ csrf_token('authenticate') }}"
>
<input type="hidden" name="email"
value="{{ email }}"
>
<input type="hidden" name="password"
value="{{ password }}"
>
<p>Grant the following permissions:</p>
<ul>
{% for scope in scopes %}
<li>{{ scope }}: {{ scope }}</li>
{% endfor %}
</ul>
<button class="btn btn-lg btn-primary" type="submit" name="action" value="{{ grant }}">
Grant
</button>
<button class="btn btn-lg btn-primary" type="submit" name="action" value="Deny">
Deny
</button>
</form>
Any improvements to this approach would be appreciated.
from oauth2-bundle.
I've also been looking into how this part of the Oauth2 spec can be supported by this bundle.
I don't know how the AuthorizationRequestResolveEvent
can be used to achieve this as it's will involve a redirect. There's not a whole lot going on in the controller so we could just implement our own to achieve this and define the route authorize route in our app bundle.
from oauth2-bundle.
Im still a newbie with oauth2 and I was wondering about this permission page. When I send a GET request to /authorize I'm instantly redirected to the redirect_uri registered for the client.
But does this mean the user is by default giving permission even without the permission page ? I was supposed to get an access_token but i've got nothing.
Or does it means authorization_code flow doesnt work at all ?
from oauth2-bundle.
Is this problem resolved?
after entering the login and password, the authorization request is not displayed, but a redirect is immediately performed
/?&error=access_denied&error_description=The+resource+owner+or+authorization+server+denied+the+request.&hint=The+user+denied+the+request&message=The+resource+owner+or+authorization+server+denied+the+request.
How to make an authorization request?
from oauth2-bundle.
Related Issues (20)
- Symfony 5.3 new user interface support HOT 2
- Doctrine Bundle 2.4 support HOT 1
- How to get access token for all types of grants? HOT 3
- PHPDumper throws error on installation, string:OAUTH2_ENCRYPTION_KEY are never used
- How to override/extend Model-Classes for Client, AccessToken, etc
- Restricting routes by scope example HOT 1
- Symfony 5.3 Deprecation issue HOT 4
- in_memory persistence: provide client_id and client_secret from .env files HOT 1
- Writing the tests relying on config
- How can I get data from access token? HOT 2
- Symfony 5.3 Basic Setup, does not work! HOT 2
- [Question] How to manually generate a refresh token?
- Re-using unit test
- 1 package has known vulnerabilities HOT 1
- unexplained Client authentication failed error HOT 1
- Password Grant Flow
- Add Symfony 6 support HOT 2
- phpstan lvl 2 error on dev-master 09462b1 HOT 1
- sensio/framework-extra-bundle dependencya problem with 3.2.0 HOT 1
- is this project still maintained ? HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from oauth2-bundle.