ekreative / oauth2-symfony-bundle
Symfony OAuth2Bundle
Installs: 8 587
Dependents: 0
Suggesters: 0
Security: 0
Stars: 2
Watchers: 5
Forks: 26
Type:symfony-bundle
Requires
- php: >=7.2
- lib-openssl: *
- guzzlehttp/guzzle: ^6
- psr/log: ^1
- symfony/framework-bundle: ^3.4|^4.1
- symfony/security: ^3.4|^4.1
- symfony/templating: ^3.4|^4.1
- symfony/validator: ^3.4|^4.1
- symfony/yaml: ^3.4|^4.1
Requires (Dev)
- ext-pdo_sqlite: *
- doctrine/data-fixtures: ^1.0
- doctrine/doctrine-bundle: ^1.9
- doctrine/doctrine-fixtures-bundle: ^3.0
- doctrine/orm: ^2.6
- friendsofphp/php-cs-fixer: ^2.13
- phpstan/phpstan: ^0.10.5
- phpunit/phpunit: ^7
- symfony/browser-kit: ^3.4|^4.1
- symfony/css-selector: ^3.4|^4.1
- symfony/finder: ^3.4|^4.1
- symfony/form: ^3.4|^4.1
- symfony/monolog-bundle: ^3.3
- symfony/phpunit-bridge: *
- symfony/process: ^3.4|^4.1
- symfony/security-bundle: ^3.4|^4.1
- symfony/translation: ^3.4|^4.1
- symfony/twig-bridge: ^3.4|^4.1
- symfony/twig-bundle: ^3.4|^4.1
- symfony/web-server-bundle: ^3.4|^4.1
- twig/extensions: ^1
- dev-master
- dev-develop / 5.x-dev
- 5.2.0
- 5.1.0
- 5.0.0-alpha4
- 5.0.0-alpha1
- 4.x-dev
- 4.2.0
- 4.1.6
- 4.1.5
- 4.1.2
- 4.1.1
- 4.1.0
- 4.0.4
- 4.0.3
- 4.0.2
- 4.0.1
- 4.0.0
- 3.x-dev
- 3.2.0
- 3.1.6
- 3.1.2
- 3.1.1
- 3.1.0
- 3.0.12
- 3.0.11
- 3.0.10
- 3.0.9
- 3.0.8
- 3.0.7
- 3.0.6
- 3.0.5
- 3.0.4
- 3.0.3
- 3.0.2
- 3.0.1
- 3.0.0
- 2.4.10
- 2.4.9
- 2.4.8
- 2.4.7
- 2.4.6
- 2.4.5
- 2.4.4
- 2.4.3
- 2.4.2
- 2.4.1
- 2.4.0
- 2.3.3
- 2.3.2
- 2.3.1
- 2.3.0
- 2.2.4
- 2.2.3
- 2.2.2
- 2.2.1
- 2.2.0
- 2.1.10
- 2.1.9
- 2.1.8
- 2.1.7
- 2.1.6
- 2.1.5
- 2.1.4
- 2.1.3
- 2.1.2
- 2.1.1
- 2.1.0
- 2.0.0
- 1.0.1
- 1.0.0
- 1.0.0-rc4
- 1.0.0-rc2
- 1.0.0-rc1
- 1.0.0-alpha3
- 1.0.0-alpha2
- 1.0.0-alpha1
- dev-new-options
- dev-indexes
- dev-trait_repo
This package is auto-updated.
Last update: 2024-10-29 05:16:32 UTC
README
The primary goal of OAuth2Bundle is to develop a standards compliant RFC6749 OAuth2.0 library
This library bundle with a Symfony based Bundle for unit test and demo purpose. Installation and usage can refer as below.
Installation
Simply add a dependency on ekreative/oauth2-symfony-bundle to your project's composer.json file if you use Composer to manage the dependencies of your project.
Here is a minimal example of a composer.json:
{
"require": {
"ekreative/oauth2-symfony-bundle": "^6.0"
}
}
Parameters
This bundle come with following parameters:
model: (Optional) Override this with your own model classes, default with in-memory AccessToken for using resource firewall with remote debug endpoint.driver: (Optional) Currently we support in-memory (in_memory), or Doctrine ORM (orm). Default with in-memory for using resource firewall with remote debug endpoint.user_provider: (Optional) For usinggrant_type = password, override this parameter with your own user provider, e.g. using InMemoryUserProvider or a Doctrine ORM EntityRepository that implements UserProviderInterface.
Services
This bundle come with following services controller which simplify the OAuth2.0 controller implementation overhead:
authbucket_oauth2.authorization_controller: Authorization Endpoint controller.authbucket_oauth2.token_controller: Token Endpoint controller.authbucket_oauth2.debug_controller: Debug Endpoint controller.
Registering
You have to add AuthBucketOAuth2Bundle to your AppKernel.php:
# app/AppKernel.php
class AppKernel extends Kernel
{
public function registerBundles()
{
$bundles = [
new AuthBucket\Bundle\OAuth2Bundle\AuthBucketOAuth2Bundle(),
];
return $bundles;
}
}
Moreover, enable following bundles if that's not already the case:
$bundles = [
new Symfony\Bundle\FrameworkBundle\FrameworkBundle(),
new Symfony\Bundle\SecurityBundle\SecurityBundle(),
new Symfony\Bundle\MonologBundle\MonologBundle(),
];
Usage
This library seperate the endpoint logic in frontend firewall and backend controller point of view, so you will need to setup both for functioning.
To enable the built-in controller with corresponding routing, add the following into your routing.yml, all above controllers will be enabled accordingly with routing prefix /api/oauth2:
# app/config/routing.yml
authbucketoauth2bundle:
prefix: /api/oauth2
resource: "@AuthBucketOAuth2Bundle/Resources/config/routing.yml"
Below is a list of recipes that cover some common use cases.
Authorization Endpoint
We don't provide custom firewall for this endpoint, which you should protect it by yourself, authenticate and capture the user credential, e.g. by SecurityBundle:
# app/config/security.yml
security:
encoders:
Symfony\Component\Security\Core\User\User: plaintext
providers:
default:
memory:
users:
demousername1: { roles: 'ROLE_USER', password: demopassword1 }
demousername2: { roles: 'ROLE_USER', password: demopassword2 }
demousername3: { roles: 'ROLE_USER', password: demopassword3 }
firewalls:
api_oauth2_authorize:
pattern: ^/api/oauth2/authorize$
http_basic: ~
provider: default
Token Endpoint
Similar as authorization endpoint, we need to protect this endpoint with our custom firewall oauth2_token:
# app/config/security.yml
security:
firewalls:
api_oauth2_token:
pattern: ^/api/oauth2/token$
oauth2_token: ~
Debug Endpoint
We should protect this endpoint with our custom firewall oauth2_resource:
# app/config/security.yml
security:
firewalls:
api_oauth2_debug:
pattern: ^/api/oauth2/debug$
oauth2_resource: ~
Resource Endpoint
We don't provide other else resource endpoint controller implementation besides above debug endpoint. You should consider implement your own endpoint with custom logic, e.g. fetching user email address or profile image.
On the other hand, you can protect your resource server endpoint with our custom firewall oauth2_resource. Shorthand version (default assume resource server bundled with authorization server, query local model manager, without scope protection):
# app/config/security.yml
security:
firewalls:
api_resource:
pattern: ^/api/resource
oauth2_resource: ~
Longhand version (assume resource server bundled with authorization server, query local model manager, protect with scope demoscope1):
# app/config/security.yml
security:
firewalls:
api_resource:
pattern: ^/api/resource
oauth2_resource:
resource_type: model
scope: [ demoscope1 ]
If authorization server is hosting somewhere else, you can protect your local resource endpoint by query remote authorization server debug endpoint:
# app/config/security.yml
security:
firewalls:
api_resource:
pattern: ^/api/resource
oauth2_resource:
resource_type: debug_endpoint
scope: [ demoscope1 ]
options:
debug_endpoint: http://example.com/api/oauth2/debug
cache: true
Demo
The demo is based on Symfony and AuthBucketOAuth2Bundle. Read though Demo for more information.
You may run the demo locally. Open a console and execute the following command to install the latest version in the oauth2-symfony-bundle directory:
$ composer create-project ekreative/oauth2-symfony-bundle ekreative/oauth2-symfony-bundle "^6.0"
Then use the PHP built-in web server to run the demo application:
$ cd ekreative/oauth2-symfony-bundle
$ ./bin/console server:run
Open your browser and access the http://127.0.0.1:8000 URL to see the Welcome page of demo application.
Also access http://127.0.0.1:8000/admin/refresh_database to initialize the bundled SQLite database with user account admin:secrete.
Tests
This project is coverage with PHPUnit test cases; CI result can be found from Travis CI;
To run the test suite locally, execute the following command:
$ ./vendor/bin/phpunit
References
License
- Code released under MIT