Symfony2 OAuth在提供令牌时一直给我一个登录页面[英] Symfony2 OAuth keeps giving me a login page when a token is provided

本文是小编为大家收集整理的关于Symfony2 OAuth在提供令牌时一直给我一个登录页面的处理/解决方法,可以参考本文帮助大家快速定位并解决问题,中文翻译不准确的可切换到English标签页查看源文。

问题描述

我已经设置了一个应用程序:

  • friendsofsymfony/fosuserbundle
  • friendsofsymfony/fosoauthserververbundle
  • friendsofsymfony/fosrestbundle

我已经成功创建了一个客户端,可以使用这样的URL获得访问令牌

http://api.mydomain. com/oauth/v2/token?client_id = client_id&client_secret = client_secret&grant_type = password&username = mikebates&password = secret = secret

但是,当我尝试访问这样的A URL时 http://api.mydom.mydomain.com/api.com/api/api/api/surgeries/surgeries/surgeries/45/45/details ?access_token = access_token

我被重定向到Symfony登录页面,但是我不能拥有它或我构建的移动应用程序可以消耗此REST API无法访问.

我使用本教程来设置内容(在其中删除用户/用户repository类并将其更改以与fosuserbundle一起使用)http://blog.tankist.de/blog/2013/07/16/oauth2-explained-part-1-principles-和术语/

我不确定我告诉Symfony在哪里重定向到登录页面,我想更改该逻辑以从令牌上进行身份验证.

这是我的设置的概述

security.yml

security:
    encoders:
        FOS\UserBundle\Model\UserInterface: sha512

    role_hierarchy:
        ROLE_ADMIN:       ROLE_USER
        ROLE_SUPER_ADMIN: ROLE_ADMIN

    providers:
        fos_userbundle:
            id: fos_user.user_provider.username  

    firewalls:
        ...

        login:
            pattern:  ^/secured/login$
            security: false

        oauth_token:
            pattern:    ^/oauth/v2/token
            security:   false

        oauth_authorize:
            pattern:    ^/oauth/v2/auth
            form_login:
                provider: fos_userbundle
                check_path: _security_check
                login_path: _demo_login
            anonymous: true

        api:
            pattern:    ^/api
            fos_oauth:  true
            stateless:  true
            anonymous:  false # can be omitted as its default value

    access_control:
        - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/api, roles: [ IS_AUTHENTICATED_FULLY ] }
        - { path: ^/oauth/v2/auth_login, role: IS_AUTHENTICATED_ANONYMOUSLY }

config.yml

# FriendsOfSymfony : Rest
fos_rest:
    disable_csrf_role: ROLE_API
    param_fetcher_listener: true
    view:
        view_response_listener: 'force'
        formats:
            xml:  true
            json: true
        templating_formats:
            html: true
        jsonp_handler: ~
    format_listener:
        rules:
            - { path: ^/, priorities: [ html, jsonp, json, xml ], fallback_format: ~, prefer_extension: true }
    exception:
        codes:
            'Symfony\Component\Routing\Exception\ResourceNotFoundException': 404
            'Doctrine\ORM\OptimisticLockException': HTTP_CONFLICT
        messages:
            'Symfony\Component\Routing\Exception\ResourceNotFoundException': true
    allowed_methods_listener: true
    access_denied_listener:
        json: true
    body_listener: true

# FriendsOfSymfony : User
fos_user:
    db_driver: orm
    firewall_name: main
    user_class: Incompass\UserBundle\Entity\Person
    group:
        group_class: Incompass\UserBundle\Entity\Group

# FriendsOfSymfony : OAuth
fos_oauth_server:
    db_driver: orm
    client_class: Incompass\AuthBundle\Entity\Client
    access_token_class: Incompass\AuthBundle\Entity\AccessToken
    refresh_token_class: Incompass\AuthBundle\Entity\RefreshToken
    auth_code_class: Incompass\AuthBundle\Entity\AuthCode
    service:
        user_provider: fos_user.user_provider.username
        options:
            supported_scopes: user

推荐答案

我通过更改Security.yml

中的防火墙顺序解决了这一问题.
firewalls:
    oauth_authorize:
        pattern:    ^/oauth/v2/auth
        form_login:
            provider: fos_userbundle
            check_path: /oauth/v2/auth_login_check
            login_path: /oauth/v2/auth_login
        anonymous: true

    oauth_token:
        pattern:    ^/oauth/v2/token
        security:   false

    api:
        pattern:    ^/api
        fos_oauth:  true
        stateless:  true

    login:
        pattern:  ^/secured/login$
        security: false

    main:
        pattern: ^/
        form_login:
            provider: fos_userbundle
            csrf_provider: form.csrf_provider
        logout:       true
        anonymous:    true

    dev:
        pattern:  ^/(_(profiler|wdt)|css|images|js)/
        security: false

    secured_area:
        pattern:    ^/secured/
        form_login:
            provider: fos_userbundle
            check_path: _security_check
            login_path: _demo_login
        logout:
            path:   _demo_logout
            target: _demo

本文地址:https://www.itbaoku.cn/post/2090793.html

问题描述

I have setup an app with:

  • FriendsOfSymfony/FOSUserBundle
  • FriendsOfSymfony/FOSOAuthServerBundle
  • FriendsOfSymfony/FOSRestBundle

I have successfully created a client and can get an access token using a url like this

http://api.mydomain.com/oauth/v2/token?client_id=CLIENT_ID&client_secret=CLIENT_SECRET&grant_type=password&username=mikebates&password=secret

However, when I then try to access the a url like this http://api.mydomain.com/api/surgeries/45/details?access_token=ACCESS_TOKEN

I get redirected to the symfony login page, but I can't have that or the mobile app I'm build to consume this REST API won't be able to get access.

I used this tutorial to set things up (removing the User / UserRepository classes in there and altering it to work with FOSUserBundle) http://blog.tankist.de/blog/2013/07/16/oauth2-explained-part-1-principles-and-terminology/

I'm not sure where I have told symfony to redirect to the login page, I want to change that logic to just authenticate from the token.

This is an overview of my setup

security.yml

security:
    encoders:
        FOS\UserBundle\Model\UserInterface: sha512

    role_hierarchy:
        ROLE_ADMIN:       ROLE_USER
        ROLE_SUPER_ADMIN: ROLE_ADMIN

    providers:
        fos_userbundle:
            id: fos_user.user_provider.username  

    firewalls:
        ...

        login:
            pattern:  ^/secured/login$
            security: false

        oauth_token:
            pattern:    ^/oauth/v2/token
            security:   false

        oauth_authorize:
            pattern:    ^/oauth/v2/auth
            form_login:
                provider: fos_userbundle
                check_path: _security_check
                login_path: _demo_login
            anonymous: true

        api:
            pattern:    ^/api
            fos_oauth:  true
            stateless:  true
            anonymous:  false # can be omitted as its default value

    access_control:
        - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/api, roles: [ IS_AUTHENTICATED_FULLY ] }
        - { path: ^/oauth/v2/auth_login, role: IS_AUTHENTICATED_ANONYMOUSLY }

config.yml

# FriendsOfSymfony : Rest
fos_rest:
    disable_csrf_role: ROLE_API
    param_fetcher_listener: true
    view:
        view_response_listener: 'force'
        formats:
            xml:  true
            json: true
        templating_formats:
            html: true
        jsonp_handler: ~
    format_listener:
        rules:
            - { path: ^/, priorities: [ html, jsonp, json, xml ], fallback_format: ~, prefer_extension: true }
    exception:
        codes:
            'Symfony\Component\Routing\Exception\ResourceNotFoundException': 404
            'Doctrine\ORM\OptimisticLockException': HTTP_CONFLICT
        messages:
            'Symfony\Component\Routing\Exception\ResourceNotFoundException': true
    allowed_methods_listener: true
    access_denied_listener:
        json: true
    body_listener: true

# FriendsOfSymfony : User
fos_user:
    db_driver: orm
    firewall_name: main
    user_class: Incompass\UserBundle\Entity\Person
    group:
        group_class: Incompass\UserBundle\Entity\Group

# FriendsOfSymfony : OAuth
fos_oauth_server:
    db_driver: orm
    client_class: Incompass\AuthBundle\Entity\Client
    access_token_class: Incompass\AuthBundle\Entity\AccessToken
    refresh_token_class: Incompass\AuthBundle\Entity\RefreshToken
    auth_code_class: Incompass\AuthBundle\Entity\AuthCode
    service:
        user_provider: fos_user.user_provider.username
        options:
            supported_scopes: user

推荐答案

I solved this by changing the order of the firewalls in security.yml

firewalls:
    oauth_authorize:
        pattern:    ^/oauth/v2/auth
        form_login:
            provider: fos_userbundle
            check_path: /oauth/v2/auth_login_check
            login_path: /oauth/v2/auth_login
        anonymous: true

    oauth_token:
        pattern:    ^/oauth/v2/token
        security:   false

    api:
        pattern:    ^/api
        fos_oauth:  true
        stateless:  true

    login:
        pattern:  ^/secured/login$
        security: false

    main:
        pattern: ^/
        form_login:
            provider: fos_userbundle
            csrf_provider: form.csrf_provider
        logout:       true
        anonymous:    true

    dev:
        pattern:  ^/(_(profiler|wdt)|css|images|js)/
        security: false

    secured_area:
        pattern:    ^/secured/
        form_login:
            provider: fos_userbundle
            check_path: _security_check
            login_path: _demo_login
        logout:
            path:   _demo_logout
            target: _demo