This plugin integrates OAuth2 functionality into Guzzle Bundle

Related tags

Authentication and Authorization php oauth2 symfony guzzle bundle symfony-bundle oauth2-middleware
Overview

Guzzle Bundle OAuth2 Plugin

Build Status Coverage Status SensioLabsInsight

This plugin integrates OAuth2 functionality into Guzzle Bundle, a bundle for building RESTful web service clients.

Prerequisites

Installation

To install this bundle, run the command below on the command line and you will get the latest stable version from Packagist.

composer require gregurco/guzzle-bundle-oauth2-plugin

Usage

Enable bundle

Find next lines in src/Kernel.php:

foreach ($contents as $class => $envs) {
    if (isset($envs['all']) || isset($envs[$this->environment])) {
        yield new $class();
    }
}

and replace them by:

foreach ($contents as $class => $envs) {
    if (isset($envs['all']) || isset($envs[$this->environment])) {
        if ($class === \EightPoints\Bundle\GuzzleBundle\EightPointsGuzzleBundle::class) {
            yield new $class([
                new \Gregurco\Bundle\GuzzleBundleOAuth2Plugin\GuzzleBundleOAuth2Plugin(),
            ]);
        } else {
            yield new $class();
        }
    }
}

Basic configuration

With default grant type (client)

# app/config/config.yml

eight_points_guzzle:
    clients:
        api_payment:
            base_url: "http://api.domain.tld"
            
            options:
                auth: oauth2

            # plugin settings
            plugin:
                oauth2:
                    base_uri:       "https://example.com"
                    token_url:      "/oauth/token"
                    client_id:      "test-client-id"
                    client_secret:  "test-client-secret" # optional
                    scope:          "administration"

With password grant type

# app/config/config.yml

eight_points_guzzle:
    clients:
        api_payment:
            base_url: "http://api.domain.tld"
            
            options:
                auth: oauth2

            # plugin settings
            plugin:
                oauth2:
                    base_uri:       "https://example.com"
                    token_url:      "/oauth/token"
                    client_id:      "test-client-id"
                    username:       "johndoe"
                    password:       "A3ddj3w"
                    scope:          "administration"
                    grant_type:     "Sainsburys\\Guzzle\\Oauth2\\GrantType\\PasswordCredentials"

With client credentials in body

# app/config/config.yml

eight_points_guzzle:
    clients:
        api_payment:
            base_url: "http://api.domain.tld"
            
            options:
                auth: oauth2

            # plugin settings
            plugin:
                oauth2:
                    base_uri:       "https://example.com"
                    token_url:      "/oauth/token"
                    client_id:      "test-client-id"
                    scope:          "administration"
                    auth_location:  "body"

Options

Key Description Required Example
base_uri URL of oAuth2 server. yes https://example.com
token_url The path that will be concatenated with base_uri.
Default: /oauth2/token		 no /oauth/token
client_id The client identifier issued to the client during the registration process yes s6BhdRkqt3
client_secret The client secret no 7Fjfp0ZBr1KtDRbnfVdmIw
username The resource owner username for PasswordCredentials grant type johndoe
password The resource owner password for PasswordCredentials grant type A3ddj3w
auth_location The place where to put client_id and client_secret in auth request.
Default: headers. Allowed values: body, headers.		 no body
resource The App ID URI of the web API (secured resource) no https://service.contoso.com/
private_key Path to private key for JwtBearer grant type "%kernel.root_dir%/path/to/private.key"
scope One or more scope values indicating which parts of the user's account you wish to access no administration
audience no
grant_type Grant type class path. Class should implement GrantTypeInterface.
Default: Sainsburys\\Guzzle\\Oauth2\\GrantType\\ClientCredentials		 no Sainsburys\\Guzzle\\Oauth2\\GrantType\\PasswordCredentials
Sainsburys\\Guzzle\\Oauth2\\GrantType\\AuthorizationCode
Sainsburys\\Guzzle\\Oauth2\\GrantType\\JwtBearer
persistent Token will be stored in session unless grant_type is client credentials; in which case it will be stored in the app cache.
Default: false		 no
retry_limit How many times request will be repeated on failure.
Default: 5		 no

See more information about middleware here.

License

This middleware is licensed under the MIT License - see the LICENSE file for details

Comments
  • Error when using with Symfony 4

    Error when using with Symfony 4

    When I try to use it with Symfony for I got the following error:

    Unrecognized option "oauth2" under "eight_points_guzzle.clients.my_client.plugin"

    bug 
    opened by rfsbsb 10
  • Problem with

    Problem with "persistent" caching token

    I encountered a problem with caching tokens.

    I change option in config like in documentation: persistent: true

    And the problem is:

    Cache item "oauth.token.api_sso" comes from a non tag-aware pool: you cannot tag it.

    The temporary fix I made: image

    I commented line 83 in file: vendor/gregurco/guzzle-bundle-oauth2-plugin/src/Middleware/CachedOAuthMiddleware.php

    Also I observed that this error is trrigerred only when item is inserted to cache for the first time. When the item is in cache and I uncommented the line everything is working.

    Symfony: 4.2.2 GuzzleBundleOAuth2Plugin: 1.0.7

    bug 
    opened by mkaczm01 6
  • Feature/add cache

    Feature/add cache

    Allow the persistent option to store the tokens in cache if the grant type is client credentials. This will use the standard PSR-6 interface that Symfony works with and is configured as cache.app.

    The code in src/GuzzleBundleOAuth2Plugin.php which chooses the class to return for the persistence middleware could probably be refactored at some point but does work in our tests against a redis cache storage.

    enhancement 
    opened by chrisivens 6
  • Configuration too restrictive

    Configuration too restrictive

    As of today grant_type takes only a class string. It would be good if it could take a service as well or a way to inject parameters. For example I am trying to plug the OAuth mecanism with auth0. They need an extra parameter wich is called audience. We could just integrate it as part of the config but either we do not validate the parameters or we do as said before.

    There are plenty of ways to implement the OAuth flow and it seems it can be very tricky to get it done as of today. In the example I gave earlier I have to create a CompilerPass to get the service created dynamically with the grant_type class and inject it with the parameter I need.

    enhancement 
    opened by Neirda24 4
  • Make the token data store cache expiry even when data says expires_in

    Make the token data store cache expiry even when data says expires_in

    We found an issue whereby the token would expire and when getAccessToken() was called as a result, the token would be loaded from cache and re-stored as valid because the token data only specifies expires_in a certain number of seconds.

    The token was never expiring within the code because each time it was loaded from cache, the check for expiry would return as a valid token since the expiry was always n seconds from now.

    We also reduced the cache expiry timeout because 1 minute is a long time in programming terms.

    In Symfony 4.2 there is stampede protection built in but we can't assume anything in a contrib package which may be being used as standalone or on other versions.

    opened by chrisivens 3
  • Validation and tests

    Validation and tests

    • Improve config validation
    • Write tests for configuration
    • Do ClientCredentials as default grant type
    • support private_key option (required by JwtBearer grant type)
    opened by gregurco 1
  • Cannot use AuthorizationCode due to code option

    Cannot use AuthorizationCode due to code option

    Hi,

    We have an issue with using the AuthorizationCode GrantType because of the "code" option. It is required to use this GrantType, but the code option cannot be added due to the configuration.

    opened by bijsterdee 2
Releases(v2.1.0)
Owner
Vlad Gregurco
Software Architect and Open Source Contributor
Vlad Gregurco
GitHub
StartZ oauth2-etsy compatible League of PHP OAuth2

Etsy Provider for OAuth 2.0 Client This package provides Etsy OAuth 2.0 support for the PHP League's OAuth 2.0 Client. Requirements The following vers

StartZ 2 Nov 10, 2022
PHPAuth is a secure PHP Authentication class that easily integrates into any site.

PHPAuth is under going a complete rewrite to bring the code up to date, the project has been on hold for way to long time now and I decided to work on it again making sure EVERYONE can use it and not just advanced programmers.

PHPAuth 855 Jan 3, 2023
A Guzzle middleware to keep track of redirects

A Guzzle middleware to keep track of redirects This package contains middleware for Guzzle that allows you to track redirects that happened during a r

Spatie 17 Oct 9, 2022
A plugin for implementing an OAuth2 server in CakePHP 3

OAuth2 Server for CakePHP 3 A plugin for implementing an OAuth2 server in CakePHP 3. Built on top of the PHP League's OAuth2 Server. Currently we supp

uAfrica Technologies (Pty) Ltd 50 Oct 28, 2022
:atom: Social (OAuth1\OAuth2\OpenID\OpenIDConnect) sign with PHP :shipit:

SocialConnect Auth Getting Started :: Documentation :: Demo Open source social sign on PHP. Connect your application(s) with social network(s). Code e

SocialConnect 518 Dec 28, 2022
documentation for the oauth2-server-php library

OAuth2 Server PHP Documentation This repository hosts the documentation for the oauth2-server-php library. All submissions are welcome! To submit a ch

Brent Shaffer 227 Nov 24, 2022
:atom: Social (OAuth1\OAuth2\OpenID\OpenIDConnect) sign with PHP :shipit:

SocialConnect Auth Getting Started :: Documentation :: Demo Open source social sign on PHP. Connect your application(s) with social network(s). Code e

SocialConnect 458 Apr 1, 2021
:octocat: Socialite is an OAuth2 Authentication tool. It is inspired by laravel/socialite, you can easily use it without Laravel.

Socialite Socialite is an OAuth2 Authentication tool. It is inspired by laravel/socialite, You can easily use it in any PHP project. 中文文档 This tool no

安正超 1.2k Dec 22, 2022
OAuth client integration for Symfony. Supports both OAuth1.0a and OAuth2.

HWIOAuthBundle The HWIOAuthBundle adds support for authenticating users via OAuth1.0a or OAuth2 in Symfony. Note: this bundle adds easy way to impleme

Hardware Info 2.2k Dec 30, 2022
Cliente OAuth2 para Gov.br

Cliente OAuth2 para Gov.br Este pacote fornece suporte OAuth 2.0 para Gov.br usando a biblioteca cliente do League PHP. Requisitos Versões suportadas

Breno Roosevelt 11 Dec 27, 2022
A package that allows secure communication between two or more projects, focused mainly for use in microservices architectures, adding the Oauth2 authorization standard in addition to security at the network level by IP addresses and whitelists, which may already be owned.

OAuth2 between Laravel projects A package that allows secure communication between two or more projects, focused mainly for use in microservices archi

DiiMO 6 Aug 30, 2022
This is a basic Oauth2 authorization/authentication server implemented using Mezzio.

Mezzio-OAuth2-Authorization-Authentication-Server This is a basic OAuth2 authorization/authentication server implemented using Mezzio. I have found so

null 1 Nov 15, 2022
EvaOAuth provides a standard interface for OAuth1.0(a) / OAuth2.0 client authorization, it is easy to integrate with any PHP project by very few lines code.

EvaOAuth EvaOAuth provides a standard interface for OAuth1.0 / OAuth2.0 client authorization, it is easy to integrate with any PHP project by very few

AlloVince 256 Nov 16, 2022
EvaOAuth provides a standard interface for OAuth1.0(a) / OAuth2.0 client authorization, it is easy to integrate with any PHP project by very few lines code.

EvaOAuth EvaOAuth provides a standard interface for OAuth1.0 / OAuth2.0 client authorization, it is easy to integrate with any PHP project by very few

AlloVince 261 Jan 17, 2022
Static utilitiy classes to bridge PSR-7 http messages to OAuth2 Server requests and responses.

Static utilitiy classes to bridge PSR-7 http messages to OAuth2 Server requests and responses. While this libray is entended for use with Slim 3, it should work with any PSR-7 compatible framework.

Chad Gray 18 Jul 12, 2021
Routes and Middleware for Using OAuth2 Server within a Slim Framework API

Chadicus\Slim\OAuth2 A collection of OAuth2 Server routes, middleware and utilities for use within a Slim 3 Framework API Requirements Chadicus\Slim\O

Chad Gray 126 Oct 8, 2022
Laravel Passport is an OAuth2 server and API authentication package that is simple and enjoyable to use

Introduction Laravel Passport is an OAuth2 server and API authentication package that is simple and enjoyable to use. Official Documentation Documenta

The Laravel Framework 3.1k Dec 31, 2022
A demo application for running an OAuth2 server

OAuth2 Demo PHP This application is designed to demo the workflow between OAuth2.0 Clients and Servers. If this is your first time here, try experimen

Brent Shaffer 738 Dec 16, 2022
Social (OAuth1\OAuth2\OpenID\OpenIDConnect) sign with PHP

Open source social sign on PHP. Connect your application(s) with social network(s).

SocialConnect 517 Dec 11, 2022