1

I am trying to set up a project where I can authenticate users via API and Web interfaces (login forms). So far I can manage to work with only one login form, which is the main Web login form. I need to authenticate them via API and bring up the oauth form customized with a message to notify user about authorization, just a custom message basically. Something like facebook does probably.

On Symfony2 security page I could not find help needed so far nor on blogs. At least not the one that works for me.

So the perfect scenario is

  1. http://url.com/ for web
  2. http://url.com/api for api

I am using FOS User Bundle for my users and FOS OAuth Bundle for oauth authentication and FOSRestBundle for REST API.

As explained in this oauth tutorial, is the exact scenario I am trying to achieve.

When I ask for url like http://url.com/oauth/v2/token?client_id=24_2qxtvmjv99eso8wg8sowc8c04o488og8gs8wo0osocks0wkcw0&client_secret=33ghqa2w202sooscwogw0kwwwg0gc00k8sgkkw0cgco4cg08s0&grant_type=client_credentials it redirects me to login page. Where as I understand my access_control is wrong.

This is my security.yml file:

security:
encoders:
    FOS\UserBundle\Model\UserInterface: bcrypt

role_hierarchy:
    ROLE_USER:        [ROLE_CUSTOMER_RSS, ROLE_CUSTOMER_ASS]
    ROLE_AGENT:       ROLE_USER
    ROLE_ADMIN:       ROLE_AGENT
    ROLE_SUPER_ADMIN: ROLE_ADMIN

providers:
    fos_userbundle:
        id: fos_user.user_provider.username

firewalls:

    oauth_token:
        pattern:    ^/oauth/v2/token
        security:   false

    oauth_authorize:
        pattern:    ^/oauth/v2/auth
        form_login:
            provider: fos_userbundle
            check_path: /oauth/v2/auth_login_check
            login_path: /oauth/v2/auth_login

    api:
        pattern:    ^/api
        fos_oauth:  true
        stateless:  true
        anonymous:  false # can be omitted as its default value

   ui_login:
            pattern: ^/
            form_login:
                login_path: fos_user_security_login
                check_path: fos_user_security_check
                provider: fos_userbundle
                csrf_provider: form.csrf_provider
                default_target_path: /
            logout:       true
            anonymous:    true

    assets:
        pattern:  ^/(css|images|js)/
        security: false

    dev:
        pattern:  ^/(_(profiler|wdt|configurator|error))/
        security: false

access_control:
    - { path: ^/oauth/v2/auth_login, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/logout, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }

    - { path: ^/, role: [ROLE_USER] }

I know I am missing a lot of stuff here. Please help.

Improve this question

1 Answer 1

Reset to default
1

The order of your firewalls matters. The way you have it configured right now the first "catchall" firewall for urls "^/" is catching all requests, so the other firewalls are not activated. The more specific firewalls should be located first and the less specific firewalls should be located later. Thus, the ui_login firewall should be the last one defined

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Yes it did make a difference thanks! Now when I go to http://url.com/oauth/v2/auth_login I get redirect loop. Any help with that? I will update my security.yml here.
Probably you need to say that that url can be accessed anonymously, not really sure
I edited my access_control as follows: access_control: - { path: ^/oauth/v2/auth_login, role: IS_AUTHENTICATED_ANONYMOUSLY } Still redirect loop.. I don't understand.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.