hwi / hwioauthbundle Goto Github PK

What should be placed under /login? I'm now getting a No route found for "GET /login". Do I have to write my own controller for that purpose? What I'm trying to do is log-in a user via a custom OAuth service.

I'm integrating HWIOAuthBundle with FOSUserBundle. I need to redirect the users to the FOSUserBundle login page when they're not logged in and try to access to a protected page (e.g. /profile/edit).

With my configuration the users are redirect to the HWIOAuthBundle login page (hwi_oauth_connect route). How to change this behavior?

here's my security.yml configuration file:

jms_security_extra:
    secure_all_services: false
    expressions: true

security:
    providers:
        fos_userbundle:
            id: fos_user.user_manager

    encoders:
        FOS\UserBundle\Model\UserInterface: sha512

    role_hierarchy:
        ROLE_ADMIN:       ROLE_USER
        ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

    firewalls:
        main:
            pattern: ^/
            logout:       true
            anonymous:    true
            oauth:
                resource_owners:
                    facebook:           "/login/check-facebook"
                    twitter:            "/login/check-twitter"
                login_path:        /oauth/login
                failure_path:      /oauth/login
                oauth_user_provider:
                    service: hwi_oauth.user.provider.fosub_bridge
            form_login:
                provider: fos_userbundle
                login_path: /login
                check_path: /login_check
                csrf_provider: form.csrf_provider

    access_control:
        - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }

When Facebook redirects me, back to my website I get:

SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

I didn't install any certificates or change the the curl options to just accept it. What does the bundle expect me to change/install inorder to go past this exception
.

Hi,

Do you have example of twig integration for get access token with Facebook ?

I have to create my own button or there is some helper with your bundle ?

Of course, if I try http://local.mywebsite.fr/login/check-facebook, I am redirected with error "Not a valid access token."

Can you give us more information please ?

Thanks ! :)

Seems that the change in a500e8d to use buzz is causing composer to be unable to resolve dependencies.

Your requirements could not be solved to an installable set of packages.

  Problem 1
    - Installation request for hwi/oauth-bundle == 9999999-dev -> satisfiable by hwi/oauth-bundle dev-master.
    - Can only install one of: kriswallsmith/buzz dev-master, kriswallsmith/buzz v0.6.
    - hwi/oauth-bundle dev-master requires kriswallsmith/buzz 0.6 -> satisfiable by kriswallsmith/buzz v0.6.
    - Installation request for kriswallsmith/buzz == 9999999-dev -> satisfiable by kriswallsmith/buzz dev-master.

My composer.json on refers to the hwi-oauth-bundle not buzz, and the message isn't very clear about what exactly breaks, trying to figure it out.

The hard dependency on Buzz 0.6 is conflicting with the SensioBuzzBundle. It doesn't appear to be at the moment, but that is due to a broken dependency. See sensiolabs/SensioBuzzBundle#9 for my comments on this situation.

I have tested the OAuth bundle with Buzz 0.7, and it passes the PHPUnit, but I am not in a position to test it in actual use at the moment. In a month or so I will be at the stage in my current project that I can test this fully if no one else can look into it until that point.

It is really hard get it working with current documentation. It needs an extend documentation. If guy who have average knowledge in symfony will struggle with current documentation...

Hi,

I configured the viadeo provider with https://api.viadeo.com/me for informations_url.

But if I want for example, the contacts_list of the user, I have to GET /me/contacts.

How I can configure that in this bundle ?

OAuthListener will create the uri passed to facebook based on the current request so that will contain the user info after the schema like this:

http://user:[email protected]/connect/facebook

Facebook is strict with the expected urls so it will not continue.

Please help me with FOS integration. I have the following setup https://github.com/nucleartux/symf/commit/54c614de4dcb572eb45ebfba40cc2c3fb55748e6
But when I visit /app_dev.php/login/facebook I got error

Unable to find the controller for path "/login/facebook". Maybe you forgot to add the matching route in your routing configuration?

Hi,
I'm using this bundle in conjunction with FOSUserBundle. I allows my users to connect with facebook and then persist the new registered users into FOSUserBundle User entities.

I would like to know what's is the best way to store the facebook access token of a user when he/she register with facebook or connects his/her account.
Substantially I need to make async api request and post activities to the user facebook profile page.

I would also like to know if there's a good integrated way to handle token invalidation or expiration.
I suppose that rewriting the access token every time the user logins with facebook would be an easy to implement solution.

Thanks in advance

There should be a "firewall_name: secured_area" setting under the hwi_oauth section

The tag 0.1-alpha have some code different from master. I need to the current form of tag 0.1-alpha code without any change in future.

In composer.json

 "require": {
        "hwi/oauth-bundle": "0.1-alpha",
   },

And I need a code from above version should be fixed or not changed. Whether 0.1-alpha can be changed?

If I give

 "require": {
        "hwi/oauth-bundle": "*",
   },

The code will be updated with composer update.
I am inheriting HWIOAuthBundle to MyBundle. So If code changes, it will be difficult to maintain.

Does HWIOAuthBundle offers versions?

I was looking into using this bundle but rolling out my own controller and login links.

So while trying to re-implement what is done in the ConnectController in a separate app controller i realized that is consume a lot of its own functions and has way to many protected methods which would belong in separate services. This is the case for:

• getResourceOwnerByName
• getUriForCheckPath
• getResourceOwners

I would put them in a ResourceOwnerService, so its easier to use them from other controllers without replicating half of the code.

What do you think?

Hi,
I just tried connecting a Facebook test user. After giving permissions to the app i have been redirected to the connect page (hwi_oauth_connect route) instead of being redirect to the registration page.
That's really weird and happens only with facebook app test users (not with real ones).

Tell me if I can try something more to find out why the issue occurs.

You can find my whole codebase here: lmammino/just-had-a-cocktail

I'd like to use this bundle for logging in with Google and LinkedIn, however the latter does not exist, so I might have a go at implementing it. Any thing to know before I start?

I am now able to login to an account through Google, however I am having to manually insert the id that it is returning into the google_id field for an existing test user in order for that to work. As far as it actually automatically creating an account for the user, that is not happening, and I'm not sure how that should be done, from what I have read, it seems that the configuration that I now have should be doing that.

config.yml

hwi_oauth:
    resource_owners:
        google:
            type: google
            client_id: 123456789.apps.googleusercontent.com
            client_secret: SupercalifragaliZ
            scope: "https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile"
            user_response_class: 'Acme\UserBundle\OAuth\Response\GoogleUserResponse'
            paths:
                email: email
                profilepicture: picture
                firstname: given_name
                lastname: family_name
                gender: gender
                locale: locale
    firewall_name: secured_area
    fosub:
        username_iterations: 5
        properties:
            google: googleId
    connect: ~

security.yml

security:
    providers:
        fos_userbundle:
            id: fos_user.user_manager
    encoders:
        FOS\UserBundle\Model\UserInterface: sha512

    firewalls:
        secured_area:
            pattern:    ^/
            anonymous: true
            logout: true
            form_login:
                provider: fos_userbundle
                login_path: /login
                check_path: /login/login_check
                csrf_provider: form.csrf_provider
            oauth:
                resource_owners:
                    google: "/login/check-google"
                login_path: /connect
                failure_path: /connect
                oauth_user_provider:
                    service: hwi_oauth.user.provider.fosub_bridge

routing.yml

hwi_oauth_redirect:
    resource: "@HWIOAuthBundle/Resources/config/routing/redirect.xml"
    prefix:   /connect

hwi_oauth_connect:
    resource: "@HWIOAuthBundle/Resources/config/routing/connect.xml"

hwi_oauth_security:
    resource: "@HWIOAuthBundle/Resources/config/routing/login.xml"
    prefix: /login

#fos_user_security:
#    resource: "@FOSUserBundle/Resources/config/routing/security.xml"

fos_user_profile:
    resource: "@FOSUserBundle/Resources/config/routing/profile.xml"
    prefix: /profile

fos_user_register:
    resource: "@FOSUserBundle/Resources/config/routing/registration.xml"
    prefix: /register

fos_user_resetting:
    resource: "@FOSUserBundle/Resources/config/routing/resetting.xml"
    prefix: /resetting

fos_user_change_password:
    resource: "@FOSUserBundle/Resources/config/routing/change_password.xml"
    prefix: /profile

google_login:
    pattern: /login/check-google

Acme/UserBundle/OAuth/Response/GoogleUserResponse.php

I would like to use this to add more data from google directly into the user's account. The idea is to allow a user to register with us through our own registration form, or to click on an OAuth provider, and we will then create their account for them. This response implementation would be the start of that, as we would be able to pull in the different fields that google provides after authorization.

<?php

namespace Acme\UserBundle\OAuth\Response;

use HWI\Bundle\OAuthBundle\OAuth\Response\AdvancedPathUserResponse;

/**
 * GoogleUserResponse
 *
 */
class GoogleUserResponse extends AdvancedPathUserResponse
{
    /**
     * {@inheritdoc}
     */
    public function getEmail()
    {
        return $this->getValueForPath('email', false);
    }

    /**
     * {@inheritdoc}
     */
    public function getProfilePicture()
    {
        return $this->getValueForPath('profilepicture', false);
    }

    /**
     * {@inheritdoc}
     */
    public function getFirstName()
    {
        return $this->getValueForPath('firstname', false);
    }

    /**
     * {@inheritdoc}
     */
    public function getLastName()
    {
        return $this->getValueForPath('lastname', false);
    }

    /**
     * {@inheritdoc}
     */
    public function getGender()
    {
        return $this->getValueForPath('gender', false);
    }

    /**
     * {@inheritdoc}
     */
    public function getLocale()
    {
        return $this->getValueForPath('locale', false);
    }
}

I added polish translation

I'd like to know if it would be possible to connect users that are logging in using an oauth service to the database with the already registered users based on their email.

When a user does not grant access to his account a 500 Internal Server Error is thrown with the following message: "No auth code in request". Here's the code that throws the exception which ultimately triggers the 500 Internal Server Error:

if (!$resourceOwner->handles($request)) {
        // Can't use AuthenticationException below, as it leads to infinity loop
        throw new \RuntimeException('No oauth code in the request.');
}

I believe the correct behavior would be to redirect to failure_path with an error message instead of throwing a 500 error.

Hi,

Your connectController render response with yours twig files like :

return $this->container->get('templating')->renderResponse('HWIOAuthBundle:Connect:registration.html.twig', array

(for registrationAction)

I have a UserBundle who have FOSUserBundle for parent, so, how can I override yours twig files properly ?

I spend few hours by getting Not a valid access token. and all was because of
HWI\Bundle\OAuthBundle\OAuth\ResourceOwner\GenericResourceOwner.php line 193

if (false !== strpos($apiResponse->getHeader('content-type'), 'application/json')) {

it should be Case Sensitive

if (false !== strpos($apiResponse->getHeader('Content-Type'), 'application/json')) {

It would be a nice feature if we can add the "hd" parameter from :
https://developers.google.com/accounts/docs/OAuth_ref#Parameters3

It would only allow people from a specific org.

What do you think about this implementation ?

Hi, I'm trying to request offline access when authenticating with google, then access the refresh_token to store along with my user for later use.

Looking at the code this doesn't seem possible at the moment, but hopefully I'm missing something and it is?

Thanks.

Is this bundle enable to connect with oAuth 1.0 ?

If not, I wish participate and do a Pull Request to implement this functionality, which class do I have to look ?

It could be usefull to the Twitter api for example...

Motivated ? :)

What kind of key is required for the registration form?

• Fresh Symfony install
• Fresh HWIOAuthBundle
  I have no clue why I get this error. Can you shine a light on it? (as in https://github.com/miraclemarc/OAuth2client)

RuntimeException: The definition "hwi_oauth.authentication.provider.oauth.secured_area" has a reference to an abstract definition "hwi_oauth.user.provider". Abstract definitions cannot be the target of references.

Hello,

I am new to Symfony, that may be all the explanation I need to throw out there, as I imagine this is a simple fix, but I just don't know enough about the framework's processes to pinpoint where and what to correct. When clearing the cache from the command line, I run into the following error:

Command:
app/console cache:clear

------------------------------------------------------------------------------------------------------------------------------------------------ [Symfony\Component\DependencyInjection\Exception\RuntimeException] The parent definition "hwi_oauth.abstract_resource_owner.google" defined for definition "hwi_oauth.resource_owner.google" does not exist.

I have read the docs a couple of times, and went along with the example configuration that specifies parameters to set when using with FOSUserBundle. The end goal is to give users the option to login either by creating an account locally and we store the creds in the database, or by connecting to Google, (or once I get this working, additional OAuth providers).

Any help or pointers would be greatly appreciated, and I would be happy to expand the documentation on the matter once it is solved.

Environment:

• Symfony 2.1
• PHP 5.3.13

Thanks,

Nick

user_repsonse_class setting written in form of "XXX\YYY\ZZZ" should be "XXX\\YYY\\ZZZ"

For example there is user with email=[email protected] and it hasn't connected facebook account. But he has this account and email is the same.

How it possible try select user by email which returned by facebook and if user exists - connect him and authenticate?

Sorry it this is a simple question/answer, but how can I configure where the user gets sent after they log in (with an already connected account)? With the normal (FOS) login they are redirected to /account as set up in security.yml (default_target_path: /account) but when connecting with OAuth they always get sent to the homepage, with #_=_ in the url, which I also can't figure out...

Any help much appreciated! Thanks

Maybe better use separate table for authorization through providers? Then it would not need to create a separate column for every provider.
If you support this idea, I could implement it :)

What is missing:

• docs for twitter and vkontakte,
• how to set up connect functionality,
• how to implement FOSUB connect bridge,
• how to create custom connect bridge,
• what is user_class_response and how to use it / implement own,
• what are paths and how to use them,
• list of extension points in generic resource owners
• and... moar ? =)

After using the login link and successfully finding a user, the subsequent requests blow up on "is_granted"

To what i can understand, the token that get to OAuthProvider::authenticate does not have "rsourceOwnerName" set and if i add a return $token when that is the case, the dev bar show me i'm logged as the user however authenticated is false.

Any ideas?

Gone through this bundle and i can't one thing. Why not use all values of a user oAuth server returns?
For example, facebook can return last name, first name, gender, while bundle utilize only name and id.

I'm having problems with the OAuth authentication when the ?code=XXXX GET parameter is missing. This can happen when the user cancels the authentication. The following code snippet throws a RuntimeException in that case. That exception is not handled by the security subsystem and causes a global error page, which is bad. I'm not sure why we can't use an AuthenticationException exception here (as done by the native symfony authentication listeners). The comment speaks of an infinite loop. I guess the author means a redirect loop. But that isn't supposed to happen if the security subsystem is configured correctly. If we throw an AuthenticationException here, the function AbstractAuthenticationListener::onFailure() gets called, which usually returns a redirect to the firewall's "failure_path". If that is not equal to the Check-URL, there won't be any redirect loop. Am I right? So basically, when I replace RuntimeException with AuthenticationException, the problem disappears for me and the user gets redirected to an error page.

Can we do something about that?

    /**
     * {@inheritDoc}
     */
    protected function attemptAuthentication(Request $request)
    {
        list($resourceOwner, $checkPath) = $this->resourceOwnerMap->getResourceOwnerByRequest($request);

        if (!$resourceOwner->handles($request)) {
            // Can't use AuthenticationException below, as it leads to infinity loop
            throw new \RuntimeException('No oauth code in the request.');
        }

        $accessToken = $resourceOwner->getAccessToken(
            $request,
            $this->httpUtils->createRequest($request, $checkPath)->getUri()
        );

        $token = new OAuthToken($accessToken);
        $token->setResourceOwnerName($resourceOwner->getName());

        return $this->authenticationManager->authenticate($token);
    }

Would be interesting to also provide authentication using Joind.in's 2.1 API which is OAuth2.

More info: http://joind.in/api/v2docs (ues the OAuth 1.0a is a typo in the docs.)

make the response property configurable. At the moment it is the username hardcoded. But i want use the email property. I cant change the property mapping. I want use the username as default in my form.

I looked around, it seems it dosen't support this way, Hopes maintainer could integrate it in future version

Hi! I'm new to HWIOauth, and I've been experimenting with this great bundle and FOSUserBundle for a few days. I had several problems with the routing, configuration, etc. But now I'm being able to connect a facebook account to a registered (and logged) user. If the user is not registered and I send him to http://mysite.dev/connect/facebook I get this error: No route found for "GET /connect"

¿What am I doing wrong? I want a new user to just log-in using his facebook account and save him in the user's list.

My config.yml file

imports:
    - { resource: parameters.ini }
    - { resource: security.yml }

hwi_oauth:
    # configuration of oauth resource owners to use
    resource_owners:
        facebook:
            type: facebook
            client_id:xxxxxxxxxxxxxxxxxxxxx
            client_secret:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
            scope: ""
        twitter:
            type: twitter
            client_id: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
            client_secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

    # name of the firewall the oauth bundle is active in
    firewall_name: secured_area

    # optional FOSUserBundle integration
    fosub:
        # try 30 times to check if a username is available (foo, foo1, foo2 etc)
        username_iterations: 30

        # mapping between resource owners (see below) and properties
        properties:
            facebook: facebookId

    # if you want to use 'connect' and do not use the FOSUB integration, configure these separately
    connect: ~
#        registration_form_handler: my_registration_form_handler
#        registration_form: my_registration_form
#        connect_provider: my_link_provider # can be the same as your user provider

    # optional HTTP Client configuration
    http_client:
        timeout:       5
        verify_peer:   false
        ignore_errors: true
        max_redirects: 5

framework:
    #esi:             ~
    #translator:      { fallback: %locale% }
    secret:          %secret%
    router:
        resource: "%kernel.root_dir%/config/routing.yml"
        strict_requirements: %kernel.debug%
    form:            true
    csrf_protection: true
    validation:      { enable_annotations: true }
    templating:      { engines: ['twig'] } #assets_version: SomeVersionScheme
    default_locale:  %locale%
    trust_proxy_headers: false # Whether or not the Request object should trust proxy headers (X_FORWARDED_FOR/HTTP_CLIENT_IP)
    translator:      { fallback: en }
    session:         ~

# Twig Configuration
twig:
    debug:            %kernel.debug%
    strict_variables: %kernel.debug%

# Assetic Configuration
assetic:
    debug:          %kernel.debug%
    use_controller: false
    bundles:        [ ]
    #java: /usr/bin/java
    filters:
        cssrewrite: ~
        #closure:
        #    jar: %kernel.root_dir%/Resources/java/compiler.jar
        #yui_css:
        #    jar: %kernel.root_dir%/Resources/java/yuicompressor-2.4.7.jar

# Doctrine Configuration
doctrine:
    dbal:
        driver:   %database_driver%
        host:     %database_host%
        port:     %database_port%
        dbname:   %database_name%
        user:     %database_user%
        password: %database_password%
        charset:  UTF8

    orm:
        auto_generate_proxy_classes: %kernel.debug%
        auto_mapping: true

# Swiftmailer Configuration
swiftmailer:
    transport: %mailer_transport%
    host:      %mailer_host%
    username:  %mailer_user%
    password:  %mailer_password%
    spool:     { type: memory }

# FosUser   
fos_user:
    db_driver: orm
    firewall_name: main
    user_class: Miramos\UserBundle\Entity\User

My security.yml

security:
    providers:
        fos_userbundle:
            id: fos_user.user_manager

    encoders:
        FOS\UserBundle\Model\UserInterface: sha512


    firewalls:
        secured_area:
            pattern:    ^/
            form_login:
                provider: fos_userbundle
                login_path: /connect/
                check_path: /login/login_check
            anonymous: true
            logout: true
            oauth:
                resource_owners:
                    twitter: "/login/check-twitter"
                    facebook: "/login/check-facebook"
                login_path:        /connect
                failure_path:      /connect

                # FOSUB integration
                oauth_user_provider:
                    service: hwi_oauth.user.provider.fosub_bridge

My routing.yml

miramos_user:
    resource: "@MiramosUserBundle/Resources/config/routing.yml"
    prefix:   /

facebook_login:
    pattern: /login/check-facebook

google_login:
    pattern: /login/check-google

custom_login:
    pattern: /login/check-custom

github_login:
    pattern: /login/check-github



hwi_oauth_security:
    resource: "@HWIOAuthBundle/Resources/config/routing/login.xml"
    prefix: /login

hwi_oauth_connect:
    resource: "@HWIOAuthBundle/Resources/config/routing/connect.xml"
    prefix: /connect

hwi_oauth_redirect:
    resource: "@HWIOAuthBundle/Resources/config/routing/redirect.xml"
    prefix:   /connect





fos_user_security:
    resource: "@FOSUserBundle/Resources/config/routing/security.xml"

fos_user_profile:
    resource: "@FOSUserBundle/Resources/config/routing/profile.xml"
    prefix: /profile

fos_user_register:
    resource: "@FOSUserBundle/Resources/config/routing/registration.xml"
    prefix: /register

fos_user_resetting:
    resource: "@FOSUserBundle/Resources/config/routing/resetting.xml"
    prefix: /resetting

fos_user_change_password:
    resource: "@FOSUserBundle/Resources/config/routing/change_password.xml"
    prefix: /profile

Thanks in advance

Hi,

I have the login authentication working with facebook and google, but I'm unable register a social network if the user is already logged in.

For example I do a login with facebook and then I try to add a google account it calls the google authentication url with the redirect url pointing to connectServiceAction.

This all looks correct but because the configured url in google api is "login/login-check" it gives an error saying that the url is incorrect.

The url generated is different in case of the login or if you just want to associate to an existing acount

OAuthUtils:getAuthorizationUrl

        return $resourceOwner->getAuthorizationUrl(
            $connect && $hasUser
                ? $this->generateUrl('hwi_oauth_connect_service', array('service' => $name), true)
                : $this->generateUri($checkPath)
        );

and google and facebook don't allow that. How can I fix this?

PS: This probably is not a bundle issue but I didn't know where to ask for help, thx.

Can you add oAuth 1.0a support. As example, twitter use it.
Thx!

When using the Generic type of ResourceOwner configuration does not require you to add "scope" but its called by the actual code and generated a exception since its not there.

/**
 * {@inheritDoc}
 */
public function getAuthorizationUrl($redirectUri, array $extraParameters = array())
{
    $parameters = array_merge($extraParameters, array(
        'response_type' => 'code',
        'client_id'     => $this->getOption('client_id'),
        'scope'         => $this->getOption('scope'),
        'redirect_uri'  => $redirectUri,
    ));

    return $this->getOption('authorization_url').'?'.http_build_query($parameters);
}

Hi, I configured your bundle in order to work with FOSUB.

I follow yout documentation and I always have the error :

[Symfony\Component\Config\Definition\Exception\InvalidConfigurationException]
Unrecognized options "oauth" under "security.firewalls.secured_area"

That is my security.yml :

security:
    encoders:
        Symfony\Component\Security\Core\User\User: plaintext

    role_hierarchy:
        ROLE_ADMIN:       ROLE_USER
        ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

    providers:
      fos_userbundle:
        id: fos_user.user_manager
      in_memory:
        users:
          user:  { password: userpass, roles: [ 'ROLE_USER' ] }
          admin: { password: adminpass, roles: [ 'ROLE_ADMIN' ] }

    encoders:
        "FOS\UserBundle\Model\UserInterface": sha512

    firewalls:
        dev:
          pattern:  ^/(_(profiler|wdt)|css|images|js)/
          security: false

#        login:
#            pattern:  ^/demo/secured/login$
#            security: false

        secured_area:
          pattern: ^/
          form_login:
            provider: fos_userbundle
            csrf_provider: form.csrf_provide
            login_path: /connect
            check_path: /login/login_check
          anonymous: true
          oauth:
            resource_owner:
              facebook:     /login/check-facebook
            login_path:     /connect
            failure_path:   /connect

            oauth_user_provider:
              service: hwi_oauth.user.provider.fosub_bridge

    access_control:
        - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/admin/, role: ROLE_ADMIN }

And my config.yml :

fos_user:
  db_driver: orm # other valid values are 'mongodb', 'couchdb' and 'propel'
  firewall_name: secured_area
  # Permet de renseigner la nouvelle entity utilisateur
  user_class: Dowith\UserBundle\Entity\User
  registration:
    form:
      type: dowith_user_registration

hwi_oauth:
  resource_owners:
    facebook:
      type:                facebook
      client_id:           157782180945709
      client_secret:       7cf5d55a734b475df09c3281ca08b276
      scope:               "email user_birthday"

  firewall_name: secured_area

  fosub:
    username_iterations: 30

    properties:
      facebook: facebookId

  connect: ~

I had not touch anything else ! What is wrong whit this config ?

Thanks for your help !

I added to composer.json

"require": {
"hwi/oauth-bundle": "*"
},

composer update response:

The requested package hwi/oauth-bundle * could not be found

I have an case when Sensio Connect fails (my fault, but it's not a point here =)), and I don't have any info about it as this error is "hidden" by case of "No oauth code in the request.". I can "notice" this error only when I turn on debug for redirect pages in Sf2.

Error in that case is... in URL =)

error=redirect_uri_mismatch&error_description=Must use the same redirect URI you registered with us.&state=

[Symfony\Component\DependencyInjection\Exception\ServiceNotFoundException]
The service "hwi_oauth.resource_owner.google" has a dependency on a non-existent service "buzz.client".

I'm kinda trudging through trying to figure out how to link a facebook and a mailchimp account to my sf users. I cannot find any info on the initial process of creating that link so I've decided to implement my own oauth user provider as:

In my security.yml:

oauth_user_provider:
                service: oauth_user_provider.service

And in my services.yml:

parameters:
    oauth_user_provider.class: MyApp\MainBundle\Security\Core\User\OAuthUserProvider

services:
    oauth_user_provider.service:
        class: %oauth_user_provider.class%
        arguments: ['@fos_user.user_manager', { 'mailchimp':'mailchimp', 'facebook':'facebook' }]

Here's my config.yml:

hwi_oauth:
    # name of the firewall in which this bundle is active, this setting MUST be set
    firewall_name: secured_area
    resource_owners:
        facebook:
            type:                facebook
            client_id:           00000000000
            client_secret:       asdadsadsadsadsadsada
            scope:               ""

        mailchimp:
            type:                oauth2
            client_id:           00000000000
            client_secret:       asdadsadsadsadsadsada
            access_token_url:    https://login.mailchimp.com/oauth2/token
            authorization_url:   https://login.mailchimp.com/oauth2/authorize
            infos_url:           https://mailchimp.com
            scope:               ""
            user_response_class: HWI\Bundle\OAuthBundle\OAuth\Response\PathUserResponse
            #user_response_class: MyApp\MainBundle\OAuth\Response\MailChimpUserResponse
            paths:
                username: id
                displayname: username
    fosub:
        # try 30 times to check if a username is available (foo, foo1, foo2 etc)
        username_iterations: 30

        # mapping between resource owners (see below) and properties
        properties:

            mailchimp: mailchimp
            facebook: facebook

My intention was to use the loadUserByOAuthUserResponse method to see if the user was linked and if not, then link it.

I have 3 questions/issues though.

a) is this the correct process to create that initial link?

b) I've hardcoded the mapping as the second parameter in my services.yml class (facebook: facebook...) - Is this the correct method? I could not figure how to access the same config params from my security file.

c) Most importantly - the custom mailchimp response never goes through the loadUserByOAuthUserResponse (nor any of the same methods in your provided classes). it just goes straight to my failure_path without me being able to intercept it.

After suppressing the ssl validation on curl (issue #26). I got an error Unrecognized field: facebookId

My config looks like:

imports:
    - { resource: parameters.ini }
    - { resource: security.yml }

framework:
    #esi:             ~
    translator:      { fallback: en }
    secret:          %secret%
    charset:         UTF-8
    router:          { resource: "%kernel.root_dir%/config/routing.yml" }
    form:            true
    csrf_protection: true
    validation:      { enable_annotations: true }
    templating:      { engines: ['twig'] } #assets_version: SomeVersionScheme
    session:
        default_locale: %locale%
        auto_start:     true

# Twig Configuration
twig:
    debug:            %kernel.debug%
    strict_variables: %kernel.debug%

# Assetic Configuration
assetic:
    debug:          %kernel.debug%
    use_controller: false
    # java: /usr/bin/java
    filters:
        cssrewrite: ~
        # closure:
        #     jar: %kernel.root_dir%/java/compiler.jar
        # yui_css:
        #     jar: %kernel.root_dir%/java/yuicompressor-2.4.2.jar

# Doctrine Configuration
doctrine:
    dbal:
        driver:   %database_driver%
        host:     %database_host%
        port:     %database_port%
        dbname:   %database_name%
        user:     %database_user%
        password: %database_password%
        charset:  UTF8
        types:
            json: Sonata\Doctrine\Types\JsonType

    orm:
        auto_generate_proxy_classes: %kernel.debug%
        #auto_mapping: true
        entity_managers:
            default:
                mappings:
                    ApplicationSonataUserBundle: ~
                    SonataUserBundle: ~    
                    FOSUserBundle: ~
                    SonataNotificationBundle: ~

# Swiftmailer Configuration
swiftmailer:
    transport: %mailer_transport%
    host:      %mailer_host%
    username:  %mailer_user%
    password:  %mailer_password%

jms_security_extra:
    #secure_controllers:  true
    secure_all_services: false

sonata_user:
    security_acl: true

sonata_block:
    default_contexts: [cms]
    blocks:
        sonata.admin.block.admin_list:
            contexts:   [admin]

        #sonata.admin_doctrine_orm.block.audit:
        #    contexts:   [admin]

        sonata.block.service.text:
        sonata.block.service.action:
        sonata.block.service.rss:

sonata_intl:
    timezone:
        # default timezone used as fallback
        default: Europe/London  

fos_user:
    db_driver:      orm # can be orm or odm
    firewall_name:  main
    user_class:     Application\Sonata\UserBundle\Entity\User

    group:
        group_class: Application\Sonata\UserBundle\Entity\Group

hwi_oauth:
    resource_owners:
        facebook:
            type:                facebook
            client_id:           asdfsadf
            client_secret:       ssafasfasdfsadfasdf
            scope:               "email"      

    firewall_name: main

    fosub:
        # try 30 times to check if a username is available (foo, foo1, foo2 etc)
        username_iterations: 30

        # mapping between resource owners (see below) and properties
        properties:
            facebook: facebookId

        #connect: ~

As far as i understood from the code it would be just a matter of creating a new resourceOwner extending the default GenericOAuth2ResourceOwner and providing a proper configuration.

This should help: http://instagram.com/developer/authentication/