How to configure FOSUserBundle to be the authentication provider for my FOSOAuthServerBundle enabled server

caxton picture caxton · Dec 7, 2012 · Viewed 11.2k times · Source

I am trying to set up FOSUserBundle to be the authentication provider for my FOSOAuthServerBundle enabled server. The FOSOAuthServerBundle has been working correctly prior to me trying to implement FOSUserBundle and I have also had FOSUserBundle working without FOSOAuthServerBundle, but I just can't get them working together.

My question is what should be specified for the authentication provider in the oauth_authorize: firewall in the security.yml below?

# app/config/security.yml
security:
    providers:
    fos_userbundle:
        id: fos_user.user_provider.username

    encoders:
        FOS\UserBundle\Model\UserInterface: sha512

    firewalls:
        oauth_token:
            pattern:    ^/oauth/v2/token
            security:   false

        oauth_authorize:
            pattern:    ^/oauth/v2/auth

            # WHAT GOES HERE?

        api:
            pattern:    ^/api
            fos_oauth:  true
            stateless:  true

    access_control:
        - { path: ^/api, roles: [ IS_AUTHENTICATED_FULLY ] }

I am trying to authenticate the users and not the client.

Many thanks.

Answer

DaanBuit picture DaanBuit · Jan 20, 2017

You should have the following in your config.yml

fos_user:
   db_driver: orm
   firewall_name: main
   user_class: Zoef\UserBundle\Entity\Userere

And something like this for the oauth server

fos_oauth_server:
    db_driver: orm
    client_class:        {PATH TO ENTITY}\Client
    access_token_class:  {PATH TO ENTITY}\AccessToken
    refresh_token_class: {PATH TO ENTITY}\RefreshToken
    auth_code_class:     {PATH TO ENTITY}\AuthCode
        service:
            user_provider: fos_user.user_provider.username

And the security.yml should look like this:

security:
    encoders:
        FOS\UserBundle\Model\UserInterface: sha512
    providers:
        fos_userbundle:
            id: fos_user.user_provider.username
    firewalls:
        oauth_token:
            pattern:    ^/oauth/v2/token
            security:   false

    access_control:
    - { path: ^/, roles: ROLE_ADMIN }

You can test if it works because when you got to any url you should get an reponse like this:

{"error":"access_denied","error_description":"OAuth2 authentication required"}