search

FriendsOfSymfony / FOSOAuthServerBundle

A server side OAuth2 Bundle for Symfony
1.09k stars 451 forks source link

FOSOAuthServer can't access authorization page #612

Open sam09torres opened 5 years ago

sam09torres commented 5 years ago

0

I'm using Symfony 4. I'm using API Platform and FOSOAuthBundle. I can create a client and make a token but I can't access to Authorization Form

security.yaml

firewalls:
dev:
    pattern: ^/(_(profiler|wdt)|css|images|js)/
    security: false

oauth_token:
    host: api.forheavent.test
    pattern:    ^/oauth/v2/token
    security:   false

oauth_authorize:
    host: api.forheavent.test
    pattern:    ^/oauth/v2/auth
    anonymous: ~

    #form_login:
    #    provider: db_provider
    #    check_path: /oauth/v2/auth
    #    login_path: /oauth/v2/auth

api: #api resources
    host: api.forheavent.test
    pattern:   ^/
    provider: db_provider
    fos_oauth:  true
    stateless:  true
    anonymous:  true # can be omitted as its default value

main:#regular website
    anonymous:  ~
    host: ^forheavent.test$
    context: user
    form_login:
        login_path: login
        check_path: /login_check
        username_parameter: email
        password_parameter: password
    provider: db_provider
    guard:
        entry_point: App\Security\LoginFormAuthenticator
        authenticators:
            - App\Security\LoginFormAuthenticator
    logout:
        path: logout
        target: index
    access_control:
- { path: ^/fr/connexion, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https}
- { path: ^/oauth/v2/auth, roles: [ IS_AUTHENTICATED_ANONYMOUSLY ], host: api.forheavent.test  }
- { path: ^/(?!oauth.*$).*, roles: [ IS_AUTHENTICATED_FULLY ], host: api.forheavent.test} #Urls except starting with oauth (Ex routes for authorization and token)

fos_oauth_server.yaml

fos_oauth_server: db_driver: orm # Drivers available: orm, mongodb, or propel

client_class: App\Entity\Client access_token_class: App\Entity\AccessToken refresh_token_class: App\Entity\RefreshToken auth_code_class: App\Entity\AuthCode

service: user_provider: security.user.provider.concrete.db_provider

As I try to access to : https://api.forheavent.test/oauth/v2/auth?client_id=1_1212121212

I keep on getting this error: "Full authentication is required to access this resource. " I'd like to access to the default controller and access to my auth page.

Another thing I tried is putting a default form_login because Symfony required an authenticator listener if I remove the anonymous option from my auth firewall...but actually I don't want it I've read many questions, docs, tutos but I can't get over it. Thanks in advance