Closed devantoine closed 8 months ago
madmis
commented
7 years ago Have the same issue. As temporary solution, override class parameter
#app/config/services.yml
parameters:
hwi_oauth.authentication.listener.oauth.class: AppBundle\Security\OAuthListenerAnd copy \HWI\Bundle\OAuthBundle\Security\Http\Firewall\OAuthListener.php (can't extend it and override only one method, because there private methods)
devantoine
commented
7 years ago @madmis That's exactly the solution I'm describing in my post ;)
madmis
commented
7 years ago @devantoine, sorry man, i was inattentive.
But anyway, your post helped me.
gigabites19
commented
2 years ago Is this resolved? I think it'd be really useful since more and more apps are going headless
phtmgt
commented
2 years ago Same issue here.
phtmgt
commented
2 years ago And apparently the override described above does not work, as this OAuthListener is entirely different now. Any suggestions? Maybe there's a way to do it now, 6 years later.
alozytskyi
commented
1 year ago For the ones who used OAuthListener to override redirect_uri with "postmessage": sadly, it no longer works with Symfony 6.2 and HWIOAuthBundle 2.0-BETA2 due to the fact that old authentication was removed in Symfony 6
To make it work with Symfony 6+/HWIOAuthBundle 2.0-BETA-2:
GoogleResourceOwner from HWIOAuthBundle somewhere to your projectOverride getAccessToken method and in $parameters array set 'postmessage' instead of $redirectUri argument:
public function getAccessToken(HttpRequest $request, $redirectUri, array $extraParameters = [])
{
OAuthErrorHandler::handleOAuthError($request);
$parameters = array_merge([
'code' => $request->query->get('code'),
'grant_type' => 'authorization_code',
'redirect_uri' => 'postmessage',
], $extraParameters);hwi_oauth:
resource_owners:
google_custom:
type: oauth2
class: <overriden GoogleResourceOwner class>
client_id: "%your google client_id param or env%"
client_secret: "%your google client_secret param or env%"
scope: "openid https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile"
options:
access_type: offlinegoogle_custom everywhere where you would normally use google resource_owner 
github-actions[bot]
commented
8 months ago Message to comment on stale issues. If none provided, will not mark issues stale
github-actions[bot]
commented
8 months ago This issue was closed because it has been stalled for 5 days with no activity.
When requesting an OAuth token you have to set the "redirect_uri" parameter. Currently the redirect_uri being pass to the request requesting the token is, for google, "/login/check-google".
I've got an AngularJS client which requests the authorization_token and then call /login/check-google with a
redirectUriand ancodeparameter.The issue is that the authorization_token has been requested with the client's uri (currently
http://localhost:3000) but the access_token requested by HWIOAuthBundle isn't made with the same redirectUri, leading in an "invalid redirect_uri" error.I've found that the job is done in GenericOAuth2ResourceOwner::getAccessToken(). If I hardcore the
redirect_urikey tohttp://localhost:3000it works fine. But I haven't found a way to override this parameter. Is there a way to do this or do we need a PR?Here's a (ugly) workaroun,d I've copied the OAuthListener and declared the service in my bundle. Then I've edited the
attemptAuthenticationlike so:It's ugly for two reasons: 1) I've got code duplication 2) I have to duplicate the entire listener! I can't make it extends the HWIOAuthBundle's listener and only redefine the
attemptAuthentication()because$resourceOwnerMapis private and has no getter :/So either provide a way to change the redirect_uri parameter being pass when requesting the token or expose
$resourceOwnerMap(and maybe$checkPaths) to ease extending the listener.