search

gigablah / silex-oauth

Silex provider for lusitanian/oauth.
MIT License
109 stars 24 forks source link

Unable to set different pattern for the protected area #31

Open russellseymour opened 8 years ago

russellseymour commented 8 years ago

Hello,

I am implementing OAuth on an area of my application. I am moving from Form based auth to OAuth.

I have been trying to set the pattern for the login to something other that ^/ but I keep getting an error message when I click on my Google button:

image

The firewall is setup as follows:

    $app['security.firewalls'] = [
      'login' => [
        'pattern' => '^/admin',
        'anonymous' => true,
        'oauth' => [
          'failure_path' => '/login',
          'with_csrf' => true
        ],
        'users' => $app -> share(function() use ($app) {
          return $app['model.account'];
        })
      ]
    ];

If I leave the pattern as `^/' then it works, does this mean that it is only possible to use OAuth across the whole website?

Thanks, Russell

rpensek commented 7 years ago

@russellseymour: Be sure to include this in the additional path as they should be secured as well, for example:

'default' => array(
            'pattern' => '^/admin',
            'anonymous' => false,
            'oauth' => array(
                'login_path' => '/admin/auth/{service}',
                'callback_path' => '/admin/auth/{service}/callback',
                'check_path' => '/admin/auth/{service}/check',
                'failure_path' => '/login',
                'with_csrf' => true
            )...