search

mautic / plugin-helloworld

Hello World plugin built on the Integration framework
13 stars 13 forks source link

Authentification username/password with bearer token #1

Open kuzmany opened 4 years ago

kuzmany commented 4 years ago

@alanhartless There is possible create example for authorization by username/password with receive authtoken and then use it as bearer token. Does it possible with HttpFactory or I should write own connection client.

alanhartless commented 4 years ago

There’s not an example written yet. The main branch is client credentials grant and the other an auth grant. But it’s possible by using the PasswordCredentials with the oauth2 two legged httpfactory. https://github.com/mautic/mautic/blob/3.x/app/bundles/IntegrationsBundle/Auth/Provider/Oauth2TwoLegged/Credentials/PasswordCredentialsGrantInterface.php

kuzmany commented 4 years ago

I spent half day on it, I've tried also check https://github.com/kamermans/guzzle-oauth2-subscriber, but I am not able to figure out.

We have post request to authorization url with username/password/projectCode/scope and get accessToken from request, what have been use as Bearer token then.

$client = new GuzzleHttp\Client();
// authorize and get authToken
$reponse = $client->post('authurl', [
    'json'=>[
        "username" => "",
        "password" => "",
        "projectCode" => "",
        "scope" => "API",
    ]
]);
$response = json_decode(($reponse->getBody()->getContents()));

// make request 
$headers = [
    'Authorization' => 'Bearer ' . $response->authToken,
    'Accept'        => 'application/json',
];

$reponse = $client->get('getfieldurl', [
    'headers' => $headers
]);

Can you hit me lil bit? Then I can write wiki and make examples to community.

alanhartless commented 4 years ago

Is the code you're working on private? It'll help if I can see what you've tried.

https://github.com/mautic-inc/plugin-integrations/wiki/3.-Integration-Authentication#password-grant is a quick example of the password grant.

In order to store the token, you'll need the token persistence to store the bearer token in the same way that the code grant example does https://github.com/mautic/plugin-helloworld/blob/mautic-3-authorization-code-grant-example/Connection/Config.php.

Although, I'm not sure that we currently natively support injecting additional information into the auth or re-auth requests for projectCode. Looking at https://github.com/mautic/mautic/blob/3.x/app/bundles/IntegrationsBundle/Auth/Provider/Oauth2TwoLegged/HttpFactory.php#L192 and kamermans code, it seems it does a simple merge for whatever is passed in as $config. Might have to introduce a new interface that can be used in https://github.com/mautic/mautic/blob/3.x/app/bundles/IntegrationsBundle/Auth/Provider/Oauth2TwoLegged/HttpFactory.php#L179-L178 to append extra/custom data into the auth requests.

But by default, the oauth2 legged client should use the Bearer auth https://github.com/kamermans/guzzle-oauth2-subscriber#access-token-signers. Custom AccessToken signers can be implemented in Mautic's http factories through the Config class (https://github.com/mautic/plugin-helloworld/blob/mautic-3-authorization-code-grant-example/Connection/Config.php) implementing \Mautic\IntegrationsBundle\Auth\Support\Oauth2\ConfigAccess\ConfigTokenSignerInterface.