HWIOAuthBundle is a great Symfony2 bundle that provides way to integrate web services that implements OAuth1.0 and OAuth2 as user authentication system. Once configured you can add infinite amount of web services as authentication source.
After user authentication it is better to fetch user information from the web service and store them in DB so that the user does not have to input profile information again. In following section I will outline step by step instruction on how to configure
HWIOAuthBundle and integrate
FOSUserBundle user provider using
fosub_bridge implemented in
HWIOauthBundle. For web service Github OAuth api used.
HWIOAuthBundle uses Buzz curl client to communicate with web services.
Buzz by default enables SSL certificate check. On some server CA certificate information may not exist. To add CA certificate info download
cacert.pem from this page and set
curl.cainfo php ini variable to the location of
Then register application of the web service you want to use for authentication. For this post I have used Github for its simplicity. You can create application from here. Your registration form may look like following,
After successful application creation you will be redirected to application page where you will see
client ID and
Client Secret fields set for the application. They will be used later.
Add the bundle info in
composer.json and issue
php composer.phar update --prefer-dist command.
1 2 3 4 5 6 7
Enable the bundles in
1 2 3 4 5 6 7 8
FOSUserBundle. For this tutorial I will only show user entity creation and configuration. For other setup refer to the documentation.
In one of your bundle add entity class with field information. After that add a entity field named
githubID which maps to the github user id. Minimal entity class is given bellow.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45
Add routes of
app/config/rouging.yml. Please note that I am securing parts of the site that matches with
^/secure_area url pattern. So appropriate prefix was added in this case. To apply it in root url just remove
/secure_area portion in all occurrences.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
Add entity info in the
1 2 3 4 5 6 7 8
1 2 3 4 5 6 7 8
HWIOauthBundle. Add routes of
app/config/routing.yml.Another route named
hwi_github_login was also added which is same as the callback url given during creation of Github application. This is the url which will be intercepted by the firewall to check authentication.
1 2 3 4 5 6 7 8 9 10 11 12 13 14
Now setup the security firewall.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29
firewalls section a new firewall named
secure_area with OAuth provider named
oauth is added which handles
^/secure_area url pattern. In
resource_owners section of the OAuth provider intercept url for the Github resource owner is provided. It is same as the callback url given during Github application creation.
access_control section path matching
^/secure_area/login pattern moved out of secure area.
User provider of the OAuth authentication provider is
fos_userbundle which was setup previously. As user provider is
hwi_oauth.user.provider.fosub_bridge service was set as
oauth_user_provider. If you want to set it to your custom user provider you have to implement OAuthAwareUserProviderInterface.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
The value of
firewall_name is same as the name of the firewall with OAuth provider setup in
resource_owners section OAuth information were added. The value of
client_secret are the values set by Github after the creation of the application. For configuration of other resource owners see the documentation.
FOSUserBundle were used as user provider,
fosub section were added. In
githubID entity field was set as value of
github config field.
connect section connects
HWIOAuthBundle to the registration system of Symfony. It also links existing logged in users to the authenticated service. Note that simply adding
connect: ~ would be enough to link
HWIOAuthBundle to the registration system. For the brief explanation of the options I have added default values.
confirmation option is set to true, user will be shown a page that will ask the user to connect the current authenticated resource to existing logged in user account. The template location is HWIOAuthBundle:Connect:connect_confirm.html.twig. To override the template see the documentation.
The value of
account_connector is a user provider class that implements AccountConnectorInterFace. By default it is set to same
hwi_oauth.user.provider.fosub_bridge service that was set in OAuth firewall. So if you want to add support for your custom user provider you have to extend it so that it implements AccountConnectorInterFace and OAuthAwareUserProviderInterface.
registration_form_handler is set to
hwi_oauth.registration.form.handler.fosub_bridge service. It is used during registration process and does almost same thing as default
FOSUserBundle registration form handler. The difference is that it implements RegistrationFormHandlerInterface. So if you want to add your custom handler you have to extend the handler to implement
The value of
registration_form is same as default
FOSUserBundle registration form
fos_user.registration.form. It is used during registration operation. The twig template of the registration file is at HWIOAuthBundle:Connect:registration.html.twig. Override it to meet your requirement.
Then issue following commands which will generate entity setter/getter methods and save table information to DB.
Thats all. Now go to any url matcing
^/sceure_area pattern and you will be redirected to
/secure_area/connect url where lists of OAuth resource owners will be shown. The twig template of the page is HWIOAuthBundle:Connect:login.html.twig. Override it to meet your requirement. After successful OAuth authentication new user will be redirected to registration page or to previous page if the user already exists.
Once first resource owner is configured adding other resource owners is very easy. Just add mapping resource owners field in the entity, add check-resource route on
app/config/routng.yml, add client id and client secret to
app/config/config.yml, add property mapping and add another line in
resource_owners section of the
Another bonus tip, After successful authentication you can get access token of the resource from the toke of the
security.context service as
HWIOAuthBundle sets OAuthToken after successful authentication. So just by adding following line
will give you the access token with which you can do REST API call to the resource.