带有FOSUserBundle的FOSOAuthServerBundle - 如何使其工作?
[英]FOSOAuthServerBundle with FOSUserBundle - How to make it works?
问题描述
Currently my project works very well. 
目前我的项目运作良好。 I use FOSUserBundle for the management of my users. 我使用FOSUserBundle来管理我的用户。 Now, I want to implement OAuth, so I'm using FOSOAuthServerBundle. 现在,我想实现OAuth,所以我使用的是FOSOAuthServerBundle。 Most of developers recommend this bundle for implement OAuth. 大多数开发人员推荐使用此捆绑包来实现OAuth。
I followed the documentation of FOSOAuthServerBundle. 我按照FOSOAuthServerBundle的文档。 Normally, I have to add more information in my security.yml but I don't know exactly what I have to do ... 通常,我必须在我的security.yml中添加更多信息,但我不确切知道我要做什么......
Here is my security.yml : 这是我的security.yml:
security:
encoders:
Symfony\Component\Security\Core\User\User: plaintext
Moodress\Bundle\UserBundle\Entity\User: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
main:
id: fos_user.user_provider.username
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
oauth_token:
pattern: ^/oauth/v2/token
security: false
oauth_authorize:
pattern: ^/oauth/v2/auth
main:
pattern: ^/
fos_oauth: true
stateless: true
anonymous: true
I guess that there are some information to add in firewalls maybe ?? 我想有一些信息可以添加到防火墙中吗?
I really don't know how to make works FOSOAuthServerBundle with FOSUserBundle. 我真的不知道如何使用FOSUserBundle制作FOSOAuthServerBundle。 Before, with just FOSUserBundle, I used the login form and the login check of FOSUserBundle. 之前,只使用FOSUserBundle,我使用了登录表单和FOSUserBundle的登录检查。 Now that I put all the basic configuration of FOSOAuthServerBundle, what I have to do next ? 既然我已经完成了FOSOAuthServerBundle的所有基本配置,那我接下来要做什么? Which form should I use? 我应该使用哪种表格? Which login check? 哪个登录检查? The token is created automatically by FOSOAuthServerBundle ? 令牌是由FOSOAuthServerBundle自动创建的? In the documentation, they show how to create a client... Am I supposed to add this code in my project ? 在文档中,它们展示了如何创建客户端...我应该在我的项目中添加此代码吗? If yes... where ? 如果是的话...在哪里? :/ :/
I found this article on the web : http://blog.logicexception.com/2012/04/securing-syfmony2-rest-service-wiith.html 我在网上找到了这篇文章: http : //blog.logicexception.com/2012/04/securing-syfmony2-rest-service-wiith.html
I tried to implement this, but I can't believe that we need to add all this files to make it work... 我试图实现这一点,但我无法相信我们需要添加所有这些文件才能使其正常工作......
If someone knows how to make works FOSOAuthServerBundle with FOSUserBundle, it would be very helpful. 如果有人知道如何使用FOSUserBundle制作FOSOAuthServerBundle,那将非常有用。
1 个解决方案
解决方案1
7 已采纳 2014-02-05 12:54:19
I've just installed this bundle and started playing with it. 我刚安装了这个捆绑包并开始玩它。
I think you need to learn first more about how OAuth authentication works. 我想您需要先了解OAuth身份验证的工作原理。
This way you will understand that the FOSUserBundle mechanisms are not exactly the same as OAuth. 这样您就会明白FOSUserBundle机制与OAuth不完全相同。
Your link is the best piece of information to setup correctly the bundle. 您的链接是正确设置捆绑包的最佳信息。
I'm using MongoDB to store all the 4 required documents : Client, AuthCode, RefreshToken and AccessToken 我正在使用MongoDB来存储所有4个必需的文档:Client,AuthCode,RefreshToken和AccessToken
The step called "Create a new client" is basically the "register" process of FOSUserBundle for OAuth. 称为“创建新客户端”的步骤基本上是用于OAuth的FOSUserBundle的“注册”过程。
OAuth will use the client to give permission to access. OAuth将使用客户端授予访问权限。
The main idea of OAuth is to secure an API, therefore I suggest you switch your config to anonymous: false OAuth的主要思想是保护API,因此我建议您将配置切换为匿名:false
Then you'll see the message : 然后你会看到这样的信息:
{"error":"access_denied","error_description":"OAuth2 authentication required"}
when you call your API 当你打电话给你的API
The idea of OAuth is to get an Access Token to call your API. OAuth的想法是获取一个访问令牌来调用您的API。 Read this : http://blog.tankist.de/blog/2013/07/16/oauth2-explained-part-1-principles-and-terminology/ 阅读本文: http : //blog.tankist.de/blog/2013/07/16/oauth2-explained-part-1-principles-and-terminology/
This is when the OAuth authentication process needs to be followed. 这是需要遵循OAuth身份验证过程的时间。
There are 5 basic methods to use : 有5种基本方法可供使用:
const GRANT_TYPE_AUTH_CODE = 'authorization_code';
const GRANT_TYPE_IMPLICIT = 'token';
const GRANT_TYPE_USER_CREDENTIALS = 'password';
const GRANT_TYPE_CLIENT_CREDENTIALS = 'client_credentials';
const GRANT_TYPE_REFRESH_TOKEN = 'refresh_token';
To learn about each, go find more documentation about OAuth RFC. 要了解每个,请查找有关OAuth RFC的更多文档。
Each of them correspond to a specific call to : /oauth/v2/token?client_id=[CLIENT_ID]&response_type=code&redirect_uri=URL&grant_type=token 它们中的每一个对应于特定的调用:/ oauth / v2 / token?client_id = [CLIENT_ID]&response_type = code&redirect_uri = URL&grant_type = token
Cf: https://github.com/FriendsOfSymfony/oauth2-php/blob/master/lib/OAuth2/OAuth2.php#L182 Cf: https : //github.com/FriendsOfSymfony/oauth2-php/blob/master/lib/OAuth2/OAuth2.php#L182
Also read this link : blog.tankist.de/blog/2013/08/20/oauth2-explained-part-4-implementing-custom-grant-type-symfony2-fosoauthserverbundle/ 另请阅读此链接: blog.tankist.de/blog/2013/08/20/oauth2-explained-part-4-implementing-custom-grant-type-symfony2-fosoauthserverbundle/
The part "Time to test" explains how to use OAuth. “测试时间”部分介绍了如何使用OAuth。
I'm still working on it. 我还在努力。
Hope it helps. 希望能帮助到你。
Also this link indicates how to use FOSUserBundle User & UserManager probably to use the password grant_type : If you're authenticating users, don't forget to set the user provider. 此链接还指示如何使用FOSUserBundle用户和UserManager可能使用密码grant_type:如果您正在验证用户,请不要忘记设置用户提供程序。
Here's an example using the FOSUserBundle user provider: https://github.com/FriendsOfSymfony/FOSOAuthServerBundle/blob/master/Resources/doc/index.md 以下是使用FOSUserBundle用户提供程序的示例: https : //github.com/FriendsOfSymfony/FOSOAuthServerBundle/blob/master/Resources/doc/index.md
# app/config/config.yml
fos_oauth_server:
...
service:
user_provider: fos_user.user_manager
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.