This is based on the tutorial included with the bundle, with a few changes to work with the current configurations included with the bundle.
We’ll use the HWI OAuth Bundle and Symfony to create an application that gets a
user token from Google.
The code that Flex installs is a skeleton application that is almost enough
code to authenticate with Facebook. This will add onto the existing skeleton.
That’s why you’ll see some Facebook configurations.
First, create the webapp, and require the OAuth bundle.
# create the webapp
symfony new oauth2-symfony --webapp
cd oauth2-symfony
# add the HWI OAuth bundle
composer require hwi/oauth-bundleNext, change the hwi_oauth.yaml config file to add configurations for Google:
# config/packages/hwi_oauth.yaml
hwi_oauth:
# list of names of the firewalls in which this bundle is active, this setting MUST be set
firewall_names: [main]
# https://github.com/hwi/HWIOAuthBundle/blob/master/Resources/doc/2-configuring_resource_owners.md
resource_owners:
facebook:
type: facebook
client_id: '%env(FB_ID)%'
client_secret: '%env(FB_SECRET)%'
scope: "email"
options:
display: popup
csrf: true
google:
type: google
client_id: '%env(GOOG_ID)%'
client_secret: '%env(GOOG_SECRET)%'
scope: "email profile"Then, add two environment variables in .env
# .env
# ...
###> hwi/oauth-bundle ###
FB_ID=
FB_SECRET=
GOOG_ID=
GOOG_SECRET=
###< hwi/oauth-bundle ###Get the ID and secret from your Google OAuth project’s credentials, under Google Cloud, APIs & Services, Credentials
https://console.cloud.google.com/apis/credentials/oauthclient
If you don’t have a project, you’ll need to create an OAuth Client ID.
Once you have the ID and SECRET set up, you can continue.
Set up the firewall by altering the configuration:
# config/packages/security.yaml
security:
# https://symfony.com/doc/current/security.html#registering-the-user-hashing-passwords
password_hashers:
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
# https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider
providers:
hwi_oauth.user.provider:
id: hwi_oauth.user.provider
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
lazy: true
provider: hwi_oauth.user.provider
pattern: ^/
oauth:
resource_owners:
facebook: "/login/check-facebook"
google: "/login/check-google"
login_path: /login
use_forward: false
failure_path: /login
oauth_user_provider:
service: hwi_oauth.user.provider
provider: hwi_oauth.user.provider
# activate different ways to authenticate
# https://symfony.com/doc/current/security.html#the-firewall
# https://symfony.com/doc/current/security/impersonating_user.html
# switch_user: true
# Easy way to control access for large sections of your site
# Note: Only the *first* access control that matches will be used
access_control:
# - { path: ^/admin, roles: ROLE_ADMIN }
# - { path: ^/profile, roles: ROLE_USER }
- { path: ^/login, roles: PUBLIC_ACCESS }
- { path: ^/, roles: ROLE_USER }Add routes to the bundles router:
# config/routes/hwi_oauth_routing.yaml
hwi_oauth_redirect:
resource: "@HWIOAuthBundle/Resources/config/routing/redirect.xml"
prefix: /connect
hwi_oauth_connect:
resource: "@HWIOAuthBundle/Resources/config/routing/connect.xml"
prefix: /connect
hwi_oauth_login:
resource: "@HWIOAuthBundle/Resources/config/routing/login.xml"
prefix: /login
facebook_login:
path: /login/check-facebook
google_login:
path: /login/check-google