这是需要遵循OAuth身份验证过程的时间.有5种基本方法可供使用:const GRANT_TYPE_AUTH_CODE = 'authorization_code';const GRANT_TYPE_IMPLICIT = 'token';const GRANT_TYPE_USER_CREDENTIALS = 'password';const GRANT_TYPE_CLIENT_CREDENTIALS = 'client_credentials';const GRANT_TYPE_REFRESH_TOKEN = 'refresh_token';要了解每种信息,请查找有关OAuth RFC的更多文档.它们每个都对应于对的特定调用:/oauth/v2/token?client_id = [CLIENT_ID]& response_type = code& redirect_uri = URL& grant_type = token Cf: https://github .com/FriendsOfSymfony/oauth2-php/blob/master/lib/OAuth2/OAuth2.php#L182也请阅读此链接: blog.tankist.de/blog/2013/08/20/oauth2-explained-part-4-implementing-custom-grant-type-symfony2-fosoauthserverbundle/测试时间"部分说明了如何使用OAuth.我还在努力.希望有帮助.此链接还指示如何使用FOSUserBundle User& UserManager可能使用密码grant_type:如果您要对用户进行身份验证,请不要忘记设置用户提供程序.下面是使用FOSUserBundle用户提供程序的示例: https://github.com/FriendsOfSymfony/FOSOAuthServerBundle/blob/master/Resources/doc/index.md # app/config/config.ymlfos_oauth_server: ... service: user_provider: fos_user.user_managerCurrently my project works very well. I use FOSUserBundle for the management of my users. Now, I want to implement OAuth, so I'm using FOSOAuthServerBundle. Most of developers recommend this bundle for implement OAuth.I followed the documentation of FOSOAuthServerBundle. Normally, I have to add more information in my security.yml but I don't know exactly what I have to do ...Here is my security.yml :security: encoders: Symfony\Component\Security\Core\User\User: plaintext Moodress\Bundle\UserBundle\Entity\User: sha512 role_hierarchy: ROLE_ADMIN: ROLE_USER ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH] providers: main: id: fos_user.user_provider.username firewalls: dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false oauth_token: pattern: ^/oauth/v2/token security: false oauth_authorize: pattern: ^/oauth/v2/auth main: pattern: ^/ fos_oauth: true stateless: true anonymous: trueI guess that there are some information to add in firewalls maybe ??I really don't know how to make works FOSOAuthServerBundle with FOSUserBundle. Before, with just FOSUserBundle, I used the login form and the login check of FOSUserBundle. Now that I put all the basic configuration of FOSOAuthServerBundle, what I have to do next ? Which form should I use? Which login check? The token is created automatically by FOSOAuthServerBundle ? In the documentation, they show how to create a client... Am I supposed to add this code in my project ? If yes... where ? :/I found this article on the web : http://blog.logicexception.com/2012/04/securing-syfmony2-rest-service-wiith.htmlI tried to implement this, but I can't believe that we need to add all this files to make it work...If someone knows how to make works FOSOAuthServerBundle with FOSUserBundle, it would be very helpful. 解决方案 I've just installed this bundle and started playing with it.I think you need to learn first more about how OAuth authentication works.This way you will understand that the FOSUserBundle mechanisms are not exactly the same as OAuth.Your link is the best piece of information to setup correctly the bundle.I'm using MongoDB to store all the 4 required documents : Client, AuthCode, RefreshToken and AccessTokenThe step called "Create a new client" is basically the "register" process of FOSUserBundle for OAuth.OAuth will use the client to give permission to access.The main idea of OAuth is to secure an API, therefore I suggest you switch your config to anonymous: falseThen you'll see the message :{"error":"access_denied","error_description":"OAuth2 authentication required"}when you call your APIThe idea of OAuth is to get an Access Token to call your API.Read this : http://blog.tankist.de/blog/2013/07/16/oauth2-explained-part-1-principles-and-terminology/This is when the OAuth authentication process needs to be followed.There are 5 basic methods to use :const GRANT_TYPE_AUTH_CODE = 'authorization_code';const GRANT_TYPE_IMPLICIT = 'token';const GRANT_TYPE_USER_CREDENTIALS = 'password';const GRANT_TYPE_CLIENT_CREDENTIALS = 'client_credentials';const GRANT_TYPE_REFRESH_TOKEN = 'refresh_token';To learn about each, go find more documentation about OAuth RFC.Each of them correspond to a specific call to :/oauth/v2/token?client_id=[CLIENT_ID]&response_type=code&redirect_uri=URL&grant_type=tokenCf: https://github.com/FriendsOfSymfony/oauth2-php/blob/master/lib/OAuth2/OAuth2.php#L182Also read this link :blog.tankist.de/blog/2013/08/20/oauth2-explained-part-4-implementing-custom-grant-type-symfony2-fosoauthserverbundle/The part "Time to test" explains how to use OAuth.I'm still working on it.Hope it helps.Also this link indicates how to use FOSUserBundle User & UserManager probably to use the password grant_type : If you're authenticating users, don't forget to set the user provider.Here's an example using the FOSUserBundle user provider:https://github.com/FriendsOfSymfony/FOSOAuthServerBundle/blob/master/Resources/doc/index.md# app/config/config.ymlfos_oauth_server: ... service: user_provider: fos_user.user_manager 这篇关于具有FOSUserBundle的FOSOAuthServerBundle-如何使其工作?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持! 上岸,阿里云!
07-23 07:12
查看更多