FOSOAuthServerBundle与FOSUserBundle-如何使其工作?[英] FOSOAuthServerBundle with FOSUserBundle - How to make it works?

本文是小编为大家收集整理的关于FOSOAuthServerBundle与FOSUserBundle-如何使其工作?的处理/解决方法,可以参考本文帮助大家快速定位并解决问题,中文翻译不准确的可切换到English标签页查看源文。

问题描述

目前我的项目运行良好.我使用FosuserBundle来管理用户.现在,我想实现OAuth,所以我正在使用FosoAuthServerBundle.大多数开发人员推荐此捆绑包用于实施OAuth.

我遵循了Fosoauthserverbundle的文档.通常,我必须在我的安全性中添加更多信息,但我不知道我要做什么...

这是我的security.yml:

security:
    encoders:
       Symfony\Component\Security\Core\User\User: plaintext
       Moodress\Bundle\UserBundle\Entity\User: sha512

    role_hierarchy:
       ROLE_ADMIN:       ROLE_USER
       ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

    providers:
       main:
           id: fos_user.user_provider.username

    firewalls:
        dev:
            pattern:  ^/(_(profiler|wdt)|css|images|js)/
            security: false
        oauth_token:
            pattern:    ^/oauth/v2/token
            security:   false

        oauth_authorize:
            pattern:    ^/oauth/v2/auth

        main:
            pattern: ^/
            fos_oauth:  true
            stateless:  true
            anonymous: true

我猜想可能会添加一些信息?

我真的不知道如何与fosuserbundle制作作品.在此之前,仅使用FosuserBundle,我使用了登录表单和FosuserBundle的登录检查.现在,我将所有基本配置放在Fosoauthserverbundle的所有基本配置中,接下来我要做什么?我应该使用哪种表格?哪个登录检查?令牌是由FosoAuthServerBundle自动创建的吗?在文档中,他们显示了如何创建客户端...我应该在项目中添加此代码吗?如果是...在哪里? :/

我在网络上找到了这篇文章: .com/2012/04/securing-syfmony2-rest-service-wiith.html

我试图实施此功能,但我不敢相信我们需要添加所有这些文件才能使其正常工作...

如果有人知道如何使Fosoauthserververbundle与FosuserBundle一起工作,那将非常有帮助.

推荐答案

我刚刚安装了这个捆绑包并开始使用它.

我认为您需要首先了解有关Oauth身份验证的工作方式.

这样,您将了解FosuserBundle机制与Oauth不完全相同.

您的链接是正确设置捆绑包的最佳信息.

我正在使用mongoDB存储所有所需的4个文档:客户端,authcode,refreshtoken和accessToken

称为"创建新客户端"的步骤基本上是oauth的fosuserbundle的"寄存器"过程.

oauth将使用客户端授予访问权限.

OAuth的主要思想是确保API,因此我建议您将配置切换为匿名:false

然后您将看到消息:

{"error":"access_denied","error_description":"OAuth2 authentication required"}

当您致电API

OAuth的想法是获取访问令牌来调用您的API. 阅读以下内容: http://blog.tankist.de/blog/2013/07/07/16/oauth2-explained-part-part-1-part-1-part-1-principles-and-terminology/

这是需要遵循OAuth身份验证过程的时候.

有5种基本方法要使用:

const GRANT_TYPE_AUTH_CODE = 'authorization_code';
const GRANT_TYPE_IMPLICIT = 'token';
const GRANT_TYPE_USER_CREDENTIALS = 'password';
const GRANT_TYPE_CLIENT_CREDENTIALS = 'client_credentials';
const GRANT_TYPE_REFRESH_TOKEN = 'refresh_token';

要了解每个信息,请查找有关Oauth RFC的更多文档.

每个人都对应于以下特定呼叫: /oauth/v2/token?client_id = [client_id]&wendesp_type = code&redirect_uri = url&grant_type = token

cf: .

还阅读此链接: blog.tankist.te/blog/blog/2013/2013/2013/20/oauth2-explaind-part-explain-part-4-implementing-custom-gustom-gustom-grant-grant-grant-grant-type-symfony2-fossoauterblebunsoauterblebunserblen/<<<

"测试时间"的零件说明了如何使用oauth.

我仍在努力.

希望它有帮助.


此外,此链接也指示如何使用FosuserBundle用户和UserManager使用密码Grant_Type:如果您是对用户进行认证,请不要忘记设置用户提供商.

这是使用FosuserBundle用户提供商的示例: 主/资源/doc/index.md

# app/config/config.yml
fos_oauth_server:
    ...

    service:
        user_provider: fos_user.user_manager

本文地址:https://www.itbaoku.cn/post/2090752.html

问题描述

Currently my project works very well. I use FOSUserBundle for the management of my users. Now, I want to implement OAuth, so I'm using FOSOAuthServerBundle. Most of developers recommend this bundle for implement OAuth.

I followed the documentation of FOSOAuthServerBundle. Normally, I have to add more information in my security.yml but I don't know exactly what I have to do ...

Here is my security.yml :

security:
    encoders:
       Symfony\Component\Security\Core\User\User: plaintext
       Moodress\Bundle\UserBundle\Entity\User: sha512

    role_hierarchy:
       ROLE_ADMIN:       ROLE_USER
       ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

    providers:
       main:
           id: fos_user.user_provider.username

    firewalls:
        dev:
            pattern:  ^/(_(profiler|wdt)|css|images|js)/
            security: false
        oauth_token:
            pattern:    ^/oauth/v2/token
            security:   false

        oauth_authorize:
            pattern:    ^/oauth/v2/auth

        main:
            pattern: ^/
            fos_oauth:  true
            stateless:  true
            anonymous: true

I guess that there are some information to add in firewalls maybe ??

I really don't know how to make works FOSOAuthServerBundle with FOSUserBundle. Before, with just FOSUserBundle, I used the login form and the login check of FOSUserBundle. Now that I put all the basic configuration of FOSOAuthServerBundle, what I have to do next ? Which form should I use? Which login check? The token is created automatically by FOSOAuthServerBundle ? In the documentation, they show how to create a client... Am I supposed to add this code in my project ? If yes... where ? :/

I found this article on the web : http://blog.logicexception.com/2012/04/securing-syfmony2-rest-service-wiith.html

I tried to implement this, but I can't believe that we need to add all this files to make it work...

If someone knows how to make works FOSOAuthServerBundle with FOSUserBundle, it would be very helpful.

推荐答案

I've just installed this bundle and started playing with it.

I think you need to learn first more about how OAuth authentication works.

This way you will understand that the FOSUserBundle mechanisms are not exactly the same as OAuth.

Your link is the best piece of information to setup correctly the bundle.

I'm using MongoDB to store all the 4 required documents : Client, AuthCode, RefreshToken and AccessToken

The step called "Create a new client" is basically the "register" process of FOSUserBundle for OAuth.

OAuth will use the client to give permission to access.

The main idea of OAuth is to secure an API, therefore I suggest you switch your config to anonymous: false

Then you'll see the message :

{"error":"access_denied","error_description":"OAuth2 authentication required"}

when you call your API

The idea of OAuth is to get an Access Token to call your API. Read this : http://blog.tankist.de/blog/2013/07/16/oauth2-explained-part-1-principles-and-terminology/

This is when the OAuth authentication process needs to be followed.

There are 5 basic methods to use :

const GRANT_TYPE_AUTH_CODE = 'authorization_code';
const GRANT_TYPE_IMPLICIT = 'token';
const GRANT_TYPE_USER_CREDENTIALS = 'password';
const GRANT_TYPE_CLIENT_CREDENTIALS = 'client_credentials';
const GRANT_TYPE_REFRESH_TOKEN = 'refresh_token';

To learn about each, go find more documentation about OAuth RFC.

Each of them correspond to a specific call to : /oauth/v2/token?client_id=[CLIENT_ID]&response_type=code&redirect_uri=URL&grant_type=token

Cf: https://github.com/FriendsOfSymfony/oauth2-php/blob/master/lib/OAuth2/OAuth2.php#L182

Also read this link : blog.tankist.de/blog/2013/08/20/oauth2-explained-part-4-implementing-custom-grant-type-symfony2-fosoauthserverbundle/

The part "Time to test" explains how to use OAuth.

I'm still working on it.

Hope it helps.


Also this link indicates how to use FOSUserBundle User & UserManager probably to use the password grant_type : If you're authenticating users, don't forget to set the user provider.

Here's an example using the FOSUserBundle user provider: https://github.com/FriendsOfSymfony/FOSOAuthServerBundle/blob/master/Resources/doc/index.md

# app/config/config.yml
fos_oauth_server:
    ...

    service:
        user_provider: fos_user.user_manager