I'm trying to make an OAuth server with symfony and the FOSOAuthServerBundle bundle. I'm following this tutorial and I'm on the "Authorization Code" part (Maybe you should check the parts before). When I open the URL PROVIDER_HOST/oauth/v2/auth?client_id=CLIENT_ID&response_type=code&redirect_uri=CLIENT_HOST
in Browser, I'm getting an ERR_TOO_MANY_REDIRECTS error. Here is the output from my log file:
[2017-10-11 09:50:58] request.INFO: Matched route "fos_oauth_server_authorize". {"route":"fos_oauth_server_authorize","route_parameters":{"_controller":"FOS\\OAuthServerBundle\\Controller\\AuthorizeController::authorizeAction","_route":"fos_oauth_server_authorize"},"request_uri":" http://example.de/app_dev.php/oauth/v2/auth?client_id=3_4ip472z6jf6scgoog0kssg8so0sosg0ok400w80ccog0s88gs0&redirect_uri=test.local&response_type=code ","method":"GET"}
[] [2017-10-11 09:50:58] security.INFO: An AuthenticationException was thrown; redirecting to authentication entry point. {"exception":"[object] (Symfony\\Component\\Security\\Core\\Exception\\AuthenticationCredentialsNotFoundException(code: 0): A Token was not found in the TokenStorage. at .../vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/AccessListener.php:53)"}
[] [2017-10-11 09:50:58] security.DEBUG: Calling Authentication entry point. [] []
[2017-10-11 09:51:00] request.INFO: Matched route "acme_oauth_server_auth_login". {"route":"acme_oauth_server_auth_login","route_parameters":{"_controller":"SsoBundle\\Controller\\SecurityController::loginAction","_route":"acme_oauth_server_auth_login"},"request_uri":" http://example.de/app_dev.php/oauth/v2/auth_login ","method":"GET"}
[] [2017-10-11 09:51:00] security.INFO: An AuthenticationException was thrown; redirecting to authentication entry point. {"exception":"[object] (Symfony\\Component\\Security\\Core\\Exception\\AuthenticationCredentialsNotFoundException(code: 0): A Token was not found in the TokenStorage. at .../vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/AccessListener.php:53)"}
[] [2017-10-11 09:51:00] security.DEBUG: Calling Authentication entry point. [] []
The last 3 logs repeats now... I have tried to debug it with echo "test"; die();
echo "test"; die();
within the AuthorizeController and the SecurityController, however that was not even working.
Here is my SecurityController:
namespace SsoBundle\Controller;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Security\Core\Security;
class SecurityController extends Controller
{
public function loginAction(Request $request)
{
$session = $request->getSession();
if ($request->attributes->has(Security::AUTHENTICATION_ERROR)) {
$error = $request->attributes->get(Security::AUTHENTICATION_ERROR);
} elseif (null !== $session && $session->has(Security::AUTHENTICATION_ERROR)) {
$error = $session->get(Security::AUTHENTICATION_ERROR);
$session->remove(Security::AUTHENTICATION_ERROR);
} else {
$error = '';
}
if ($error) {
$error = $error->getMessage(
); // WARNING! Symfony source code identifies this line as a potential security threat.
}
$lastUsername = (null === $session) ? '' : $session->get(Security::LAST_USERNAME);
return $this->render(
'SsoBundle:Security:login.html.twig',
array(
'last_username' => $lastUsername,
'error' => $error,
)
);
}
public function loginCheckAction(Request $request)
{
}
}
And here my security.yml:
security:
# https://symfony.com/doc/current/security.html#b-configuring-how-users-are-loaded
providers:
in_memory:
memory: ~
user_provider:
id: platform.user.provider
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
oauth_token:
pattern: ^/oauth/v2/token
security: false
secured_area:
pattern: ^/
form_login:
provider: user_provider
check_path: /oauth/v2/auth_login_check
login_path: /oauth/v2/auth_login
logout:
path: /logout
target: /
oauth_authorize:
pattern: ^/oauth/v2/auth
form_login:
provider: user_provider
check_path: /oauth/v2/auth_login_check
login_path: /oauth/v2/auth_login
anonymous: true
api:
pattern: ^/api/.*
fos_oauth: true
stateless: true
main:
anonymous: ~
# activate different ways to authenticate
# https://symfony.com/doc/current/security.html#a-configuring-how-your-users-will-authenticate
#http_basic: ~
# https://symfony.com/doc/current/security/form_login_setup.html
#form_login: ~
encoders:
SsoBundle\Entity\User:
algorithm: sha1
encode_as_base64: false
iterations: 1
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
access_control:
- { path: ^/api, roles: [ IS_AUTHENTICATED_FULLY ] }
- { path: ^/demo/secured/hello/admin/, roles: ROLE_ADMIN }
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
I had to change some things from the tutorial, because it was not working everything. But now I have no Idea what I can do this time.
Anyone know what could be the problem? If you need more code, let me know. Thanks!
Symfony will pick the first firewall that is appropriate for url. In your case multiple firewalls will match with ^/oauth/v2/auth
. Both secured_area
and oauth_authorize
. Since secured_area
looks like a fallback that catches all urls not covered by other firewalls you might want to move it to the end of the file, so it's checked last.
My guess is that secured_area
(which does not allow anonymous access?) is called and then will redirect to ask for authentication landing at the same firewall and thus looping.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.