当提供令牌时，Symfony2 OAuth会不断给我一个登录页面 [英] Symfony2 OAuth keeps giving me a login page when a token is provided

查看：95 发布时间：2020/11/10 18:45:33 symfony fosuserbundle fosrestbundle fosoauthserverbundle

本文介绍了当提供令牌时，Symfony2 OAuth会不断给我一个登录页面的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我已使用以下应用程序设置了

I have setup an app with:

FriendsOfSymfony/FOSUserBundle
FriendsOfSymfony/FOSOAuthServerBundle
FriendsOfSymfony/FOSRestBundle

我已经成功创建了一个客户端，并且可以使用这样的网址获取访问令牌

I have successfully created a client and can get an access token using a url like this

http://api.mydomain.com/oauth/v2/token?client_id=CLIENT_ID&client_secret=CLIENT_SECRET&grant_type=password&username=mikebates&password=秘密

但是，当我随后尝试访问这样的网址时 http://api.mydomain.com/api/surgeries/45/details ?access_token = ACCESS_TOKEN

However, when I then try to access the a url like this http://api.mydomain.com/api/surgeries/45/details?access_token=ACCESS_TOKEN

我被重定向到symfony登录页面，但是我不能拥有该登录页面，否则我为使用此REST API而构建的移动应用程序将无法获得访问权限.

I get redirected to the symfony login page, but I can't have that or the mobile app I'm build to consume this REST API won't be able to get access.

我使用了本教程进行设置(在其中删除了User/UserRepository类，并对其进行了更改以与FOSUserBundle一起使用)

I used this tutorial to set things up (removing the User / UserRepository classes in there and altering it to work with FOSUserBundle) http://blog.tankist.de/blog/2013/07/16/oauth2-explained-part-1-principles-and-terminology/

我不确定我已告诉symfony重定向到登录页面的位置，我想更改该逻辑以仅从令牌进行身份验证.

这是我的设置概述

security.yml

security:
    encoders:
        FOS\UserBundle\Model\UserInterface: sha512

    role_hierarchy:
        ROLE_ADMIN:       ROLE_USER
        ROLE_SUPER_ADMIN: ROLE_ADMIN

    providers:
        fos_userbundle:
            id: fos_user.user_provider.username  

    firewalls:
        ...

        login:
            pattern:  ^/secured/login$
            security: false

        oauth_token:
            pattern:    ^/oauth/v2/token
            security:   false

        oauth_authorize:
            pattern:    ^/oauth/v2/auth
            form_login:
                provider: fos_userbundle
                check_path: _security_check
                login_path: _demo_login
            anonymous: true

        api:
            pattern:    ^/api
            fos_oauth:  true
            stateless:  true
            anonymous:  false # can be omitted as its default value

    access_control:
        - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/api, roles: [ IS_AUTHENTICATED_FULLY ] }
        - { path: ^/oauth/v2/auth_login, role: IS_AUTHENTICATED_ANONYMOUSLY }

config.yml

# FriendsOfSymfony : Rest
fos_rest:
    disable_csrf_role: ROLE_API
    param_fetcher_listener: true
    view:
        view_response_listener: 'force'
        formats:
            xml:  true
            json: true
        templating_formats:
            html: true
        jsonp_handler: ~
    format_listener:
        rules:
            - { path: ^/, priorities: [ html, jsonp, json, xml ], fallback_format: ~, prefer_extension: true }
    exception:
        codes:
            'Symfony\Component\Routing\Exception\ResourceNotFoundException': 404
            'Doctrine\ORM\OptimisticLockException': HTTP_CONFLICT
        messages:
            'Symfony\Component\Routing\Exception\ResourceNotFoundException': true
    allowed_methods_listener: true
    access_denied_listener:
        json: true
    body_listener: true

# FriendsOfSymfony : User
fos_user:
    db_driver: orm
    firewall_name: main
    user_class: Incompass\UserBundle\Entity\Person
    group:
        group_class: Incompass\UserBundle\Entity\Group

# FriendsOfSymfony : OAuth
fos_oauth_server:
    db_driver: orm
    client_class: Incompass\AuthBundle\Entity\Client
    access_token_class: Incompass\AuthBundle\Entity\AccessToken
    refresh_token_class: Incompass\AuthBundle\Entity\RefreshToken
    auth_code_class: Incompass\AuthBundle\Entity\AuthCode
    service:
        user_provider: fos_user.user_provider.username
        options:
            supported_scopes: user

推荐答案

我通过更改security.yml中的防火墙顺序来解决了这个问题

I solved this by changing the order of the firewalls in security.yml

firewalls:
    oauth_authorize:
        pattern:    ^/oauth/v2/auth
        form_login:
            provider: fos_userbundle
            check_path: /oauth/v2/auth_login_check
            login_path: /oauth/v2/auth_login
        anonymous: true

    oauth_token:
        pattern:    ^/oauth/v2/token
        security:   false

    api:
        pattern:    ^/api
        fos_oauth:  true
        stateless:  true

    login:
        pattern:  ^/secured/login$
        security: false

    main:
        pattern: ^/
        form_login:
            provider: fos_userbundle
            csrf_provider: form.csrf_provider
        logout:       true
        anonymous:    true

    dev:
        pattern:  ^/(_(profiler|wdt)|css|images|js)/
        security: false

    secured_area:
        pattern:    ^/secured/
        form_login:
            provider: fos_userbundle
            check_path: _security_check
            login_path: _demo_login
        logout:
            path:   _demo_logout
            target: _demo

这篇关于当提供令牌时，Symfony2 OAuth会不断给我一个登录页面的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！

查看全文

当提供令牌时，Symfony2 OAuth会不断给我一个登录页面 [英] Symfony2 OAuth keeps giving me a login page when a token is provided

问题描述

推荐答案

相关文章

其他开发最新文章

热门教程

热门工具

登录关闭

当提供令牌时，Symfony2 OAuth会不断给我一个登录页面 [英] Symfony2 OAuth keeps giving me a login page when a token is provided

问题描述

推荐答案

相关文章

其他开发最新文章

热门教程

热门工具

登录 关闭

登录关闭