Adding Google OAuth Authentication to the Symfony HWI OAuth Bundle

This is based on the tutorial included with the bundle, with a few changes to work with the current configurations included with the bundle.

We’ll use the HWI OAuth Bundle and Symfony to create an application that gets a
user token from Google.

The code that Flex installs is a skeleton application that is almost enough
code to authenticate with Facebook. This will add onto the existing skeleton.
That’s why you’ll see some Facebook configurations.

First, create the webapp, and require the OAuth bundle.

# create the webapp
symfony new oauth2-symfony --webapp
cd oauth2-symfony
# add the HWI OAuth bundle
composer require hwi/oauth-bundle

Next, change the hwi_oauth.yaml config file to add configurations for Google:

# config/packages/hwi_oauth.yaml
hwi_oauth:
    # list of names of the firewalls in which this bundle is active, this setting MUST be set
    firewall_names: [main]

    # https://github.com/hwi/HWIOAuthBundle/blob/master/Resources/doc/2-configuring_resource_owners.md
    resource_owners:
        facebook:
            type:                facebook
            client_id:           '%env(FB_ID)%'
            client_secret:       '%env(FB_SECRET)%'
            scope:               "email"
            options:
                display: popup
                csrf: true
        google:
            type:               google
            client_id:          '%env(GOOG_ID)%'
            client_secret:      '%env(GOOG_SECRET)%'
            scope:              "email profile"

Then, add two environment variables in .env

# .env
# ...
###> hwi/oauth-bundle ###
FB_ID=
FB_SECRET=
GOOG_ID=
GOOG_SECRET=
###< hwi/oauth-bundle ###

Get the ID and secret from your Google OAuth project’s credentials, under Google Cloud, APIs & Services, Credentials

https://console.cloud.google.com/apis/credentials/oauthclient

If you don’t have a project, you’ll need to create an OAuth Client ID.

Once you have the ID and SECRET set up, you can continue.

Set up the firewall by altering the configuration:

# config/packages/security.yaml
security:        
    # https://symfony.com/doc/current/security.html#registering-the-user-hashing-passwords
    password_hashers:
        Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
    # https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider
    providers:   
        hwi_oauth.user.provider:
            id: hwi_oauth.user.provider
    firewalls:   
        dev:     
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        main:    
            lazy: true
            provider: hwi_oauth.user.provider
            pattern: ^/
            oauth:    
                resource_owners:
                    facebook:     "/login/check-facebook"
                    google:       "/login/check-google"
                login_path:       /login
                use_forward:      false
                failure_path:     /login
                oauth_user_provider:
                    service: hwi_oauth.user.provider
                provider: hwi_oauth.user.provider

            # activate different ways to authenticate
            # https://symfony.com/doc/current/security.html#the-firewall

            # https://symfony.com/doc/current/security/impersonating_user.html
            # switch_user: true


    # Easy way to control access for large sections of your site
    # Note: Only the *first* access control that matches will be used
    access_control:
        # - { path: ^/admin, roles: ROLE_ADMIN }
        # - { path: ^/profile, roles: ROLE_USER }
        - { path: ^/login, roles: PUBLIC_ACCESS }
        - { path: ^/, roles: ROLE_USER }

Add routes to the bundles router:

# config/routes/hwi_oauth_routing.yaml 
hwi_oauth_redirect:
    resource: "@HWIOAuthBundle/Resources/config/routing/redirect.xml"
    prefix:   /connect

hwi_oauth_connect:
    resource: "@HWIOAuthBundle/Resources/config/routing/connect.xml"
    prefix:   /connect

hwi_oauth_login:
    resource: "@HWIOAuthBundle/Resources/config/routing/login.xml"
    prefix:   /login

facebook_login:
    path: /login/check-facebook

google_login:
    path: /login/check-google