OAuth2 Server Bundle for Symfony 2.
The following grant types are supported out the box:
- Client Credentials
- Authorization Code
- Refresh Token
- User Credentials (see below)
You can make token requests to the /token
path via POST.
You can restrict the grant types available per client in the database, use a Compiler Pass or in your own TokenController you could do something like:
public function tokenAction()
{
$server = $this->get('oauth2.server');
// Override default grant types to authorization code only
$server->addGrantType($this->get('oauth2.grant_type.authorization_code'));
return $server->handleTokenRequest($this->get('oauth2.request'), $this->get('oauth2.response'));
}
Add the bundle to your composer.json:
{
"require": {
"bshaffer/oauth2-server-bundle": "dev-master"
}
}
Now tell composer to download the bundle by running the command:
$ php composer.phar update bshaffer/oauth2-server-bundle
Composer will install the bundle to your project's vendor/bshaffer
directory.
Enable the bundle in the kernel:
<?php
// app/AppKernel.php
public function registerBundles()
{
$bundles = array(
// ...
new OAuth2\ServerBundle\OAuth2ServerBundle(),
);
}
You'll need to update your schema to setup the Entities provided by this module.
$ php app/console doctrine:schema:update --force
You'll need to add the following to your routing.yml
# app/config/routing.yml
oauth2_server:
resource: "@OAuth2ServerBundle/Controller/"
type: annotation
prefix: /
You'll need to setup a scope before you can create a client, use this command. The description you give here will appear on the Authorization page.
$ php app/console OAuth2:CreateScope scope (description)
Use this console command to create a new client:
$ php app/console OAuth2:CreateClient client_id redirect_uri (grant_types) (scope)
You can override any of the built-in components in your own bundle by adding new parameters in your config.yml:
# app/config/config.yml
parameters:
oauth2.storage.client_credentials.class: Amce\OAuth2ServerBundle\Storage\ClientCredentials
Where Amce\OAuth2ServerBundle\Storage\ClientCredentials
is your own implementation of the ClientCredentials interface.
If you provide your own storage managers then you'll be able to hook everything up to your own custom Entities.
To make it easy to plug-in your own User Provider we've conformed to the UserInterface
, UserProviderInterface
& EncoderFactoryInterface
.
Therefore to make proper use of the user credentials grant type you'll need to modify your config.yml with the relevant classes.
# app/config/config.yml
parameters:
oauth2.user_provider.class: Amce\OAuth2ServerBundle\User\OAuth2UserProvider
If you want to take advantage of scope restriction on a per user basis your User entity will need to implement the OAuth2\ServerBundle\OAuth2UserInterface
or OAuth2\ServerBundle\AdvancedOAuth2UserInterface
.
Out of the box we do provide a basic user provider and entity for you to use. Setup your security.yml to use it:
# app/config/security.yml
security:
encoders:
OAuth2\ServerBundle\Entity\User:
algorithm: sha512
encode_as_base64: true
iterations: 5000
providers:
oauth2:
id: oauth2.user_provider
You'll need some users first though! Use the console command to create a new user:
$ php app/console OAuth2:CreateUser username password
You'll need to use a Compiler Pass to configure settings for a grant type. For example say we want our refresh tokens to always get renewed:
// Amce/OAuth2ServerBundle/AmceOAuth2ServerBundle.php
namespace Amce\OAuth2ServerBundle;
use Symfony\Component\HttpKernel\Bundle\Bundle;
use Symfony\Component\DependencyInjection\ContainerBuilder;
use Amce\OAuth2ServerBundle\DependencyInjection\Compiler\OAuth2CompilerPass;
class AmceOAuth2ServerBundle extends Bundle
{
public function build(ContainerBuilder $container)
{
parent::build($container);
$container->addCompilerPass(new OAuth2CompilerPass());
}
}
// Amce/OAuth2ServerBundle/DependencyInjection\Compiler\OAuth2CompilerPass.php
namespace Amce\OAuth2ServerBundle\DependencyInjection\Compiler;
use Symfony\Component\DependencyInjection\ContainerBuilder;
use Symfony\Component\DependencyInjection\Compiler\CompilerPassInterface;
use Symfony\Component\DependencyInjection\Reference;
class OAuth2CompilerPass implements CompilerPassInterface
{
public function process(ContainerBuilder $container)
{
// Override Refresh Token Grant Type Settings
$serviceId = 'oauth2.grant_type.refresh_token';
if ($container->hasDefinition($serviceId)) {
$definition = $container->getDefinition($serviceId);
$definition->replaceArgument(1, array(
'always_issue_new_refresh_token' => TRUE
));
}
}
}