OAuth client integration for Symfony. Supports both OAuth1.0a and OAuth2.

Overview

HWIOAuthBundle

Build Status Latest Stable Version Total Downloads License

The HWIOAuthBundle adds support for authenticating users via OAuth1.0a or OAuth2 in Symfony.

Note: this bundle adds easy way to implement any of OAuth1.0a or OAuth2 provider!

Installation

All the installation instructions are located in the documentation, check it for a specific version:

  • 1.3 - with support for Symfony: ^4.4 & ^5.0,

  • 1.2 (outdated) - with support for Symfony: ^3.4, ^4.4 and ^5.0.

Documentation

The bulk of the documentation is stored in the Resources/doc/index.md file in this bundle. Read the documentation for version:

This bundle contains support for 58 different providers:

  • 37signals,
  • Amazon,
  • Apple,
  • Asana,
  • Auth0,
  • Azure,
  • Bitbucket,
  • Bitly,
  • Box,
  • BufferApp,
  • Clever,
  • Dailymotion,
  • Deezer,
  • DeviantArt,
  • Discogs,
  • Disqus,
  • Dropbox,
  • EVE Online,
  • Facebook,
  • FI-WARE,
  • Flickr,
  • Foursquare,
  • Genius,
  • GitHub,
  • Google,
  • Hubic,
  • Instagram,
  • Itembase,
  • Jawbone,
  • JIRA,
  • Keycloak,
  • LinkedIn,
  • Mail.ru
  • Odnoklassniki,
  • Office365,
  • PayPal,
  • QQ,
  • RunKeeper,
  • Salesforce,
  • Sensio Connect,
  • Sina Weibo,
  • Slack,
  • Soundcloud,
  • Spotify,
  • Stack Exchange,
  • Stereomood,
  • Strava,
  • Toshl,
  • Trakt,
  • Trello,
  • Twitch,
  • Twitter,
  • VKontakte,
  • Windows Live,
  • Wordpress,
  • XING,
  • Yahoo,
  • Yandex,
  • Youtube

License

This bundle is under the MIT license. See the complete license in the bundle.

Comments
  • Extend documentation

    Extend documentation

    What is missing:

    • [x] docs for twitter and vkontakte,
    • [ ] how to set up connect functionality,
    • [ ] how to implement FOSUB connect bridge,
    • [ ] how to create custom connect bridge,
    • [x] what is user_class_response and how to use it / implement own,
    • [x] what are paths and how to use them,
    • [ ] list of extension points in generic resource owners
    • [ ] and... moar ? =)
    Documentation 
    opened by stloyd 49
  • Auto register users after login with facebook

    Auto register users after login with facebook

    Hi! I'm new to HWIOauth, and I've been experimenting with this great bundle and FOSUserBundle for a few days. I had several problems with the routing, configuration, etc. But now I'm being able to connect a facebook account to a registered (and logged) user. If the user is not registered and I send him to http://mysite.dev/connect/facebook I get this error: No route found for "GET /connect"

    ¿What am I doing wrong? I want a new user to just log-in using his facebook account and save him in the user's list.

    My config.yml file

    imports:
        - { resource: parameters.ini }
        - { resource: security.yml }
    
    hwi_oauth:
        # configuration of oauth resource owners to use
        resource_owners:
            facebook:
                type: facebook
                client_id:xxxxxxxxxxxxxxxxxxxxx
                client_secret:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
                scope: ""
            twitter:
                type: twitter
                client_id: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
                client_secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    
        # name of the firewall the oauth bundle is active in
        firewall_name: secured_area
    
        # optional FOSUserBundle integration
        fosub:
            # try 30 times to check if a username is available (foo, foo1, foo2 etc)
            username_iterations: 30
    
            # mapping between resource owners (see below) and properties
            properties:
                facebook: facebookId
    
        # if you want to use 'connect' and do not use the FOSUB integration, configure these separately
        connect: ~
    #        registration_form_handler: my_registration_form_handler
    #        registration_form: my_registration_form
    #        connect_provider: my_link_provider # can be the same as your user provider
    
        # optional HTTP Client configuration
        http_client:
            timeout:       5
            verify_peer:   false
            ignore_errors: true
            max_redirects: 5
    
    framework:
        #esi:             ~
        #translator:      { fallback: %locale% }
        secret:          %secret%
        router:
            resource: "%kernel.root_dir%/config/routing.yml"
            strict_requirements: %kernel.debug%
        form:            true
        csrf_protection: true
        validation:      { enable_annotations: true }
        templating:      { engines: ['twig'] } #assets_version: SomeVersionScheme
        default_locale:  %locale%
        trust_proxy_headers: false # Whether or not the Request object should trust proxy headers (X_FORWARDED_FOR/HTTP_CLIENT_IP)
        translator:      { fallback: en }
        session:         ~
    
    # Twig Configuration
    twig:
        debug:            %kernel.debug%
        strict_variables: %kernel.debug%
    
    # Assetic Configuration
    assetic:
        debug:          %kernel.debug%
        use_controller: false
        bundles:        [ ]
        #java: /usr/bin/java
        filters:
            cssrewrite: ~
            #closure:
            #    jar: %kernel.root_dir%/Resources/java/compiler.jar
            #yui_css:
            #    jar: %kernel.root_dir%/Resources/java/yuicompressor-2.4.7.jar
    
    # Doctrine Configuration
    doctrine:
        dbal:
            driver:   %database_driver%
            host:     %database_host%
            port:     %database_port%
            dbname:   %database_name%
            user:     %database_user%
            password: %database_password%
            charset:  UTF8
    
        orm:
            auto_generate_proxy_classes: %kernel.debug%
            auto_mapping: true
    
    # Swiftmailer Configuration
    swiftmailer:
        transport: %mailer_transport%
        host:      %mailer_host%
        username:  %mailer_user%
        password:  %mailer_password%
        spool:     { type: memory }
    
    # FosUser   
    fos_user:
        db_driver: orm
        firewall_name: main
        user_class: Miramos\UserBundle\Entity\User
    

    My security.yml

    security:
        providers:
            fos_userbundle:
                id: fos_user.user_manager
    
        encoders:
            FOS\UserBundle\Model\UserInterface: sha512
    
    
        firewalls:
            secured_area:
                pattern:    ^/
                form_login:
                    provider: fos_userbundle
                    login_path: /connect/
                    check_path: /login/login_check
                anonymous: true
                logout: true
                oauth:
                    resource_owners:
                        twitter: "/login/check-twitter"
                        facebook: "/login/check-facebook"
                    login_path:        /connect
                    failure_path:      /connect
    
                    # FOSUB integration
                    oauth_user_provider:
                        service: hwi_oauth.user.provider.fosub_bridge
    

    My routing.yml

    miramos_user:
        resource: "@MiramosUserBundle/Resources/config/routing.yml"
        prefix:   /
    
    facebook_login:
        pattern: /login/check-facebook
    
    google_login:
        pattern: /login/check-google
    
    custom_login:
        pattern: /login/check-custom
    
    github_login:
        pattern: /login/check-github
    
    
    
    hwi_oauth_security:
        resource: "@HWIOAuthBundle/Resources/config/routing/login.xml"
        prefix: /login
    
    hwi_oauth_connect:
        resource: "@HWIOAuthBundle/Resources/config/routing/connect.xml"
        prefix: /connect
    
    hwi_oauth_redirect:
        resource: "@HWIOAuthBundle/Resources/config/routing/redirect.xml"
        prefix:   /connect
    
    
    
    
    
    fos_user_security:
        resource: "@FOSUserBundle/Resources/config/routing/security.xml"
    
    fos_user_profile:
        resource: "@FOSUserBundle/Resources/config/routing/profile.xml"
        prefix: /profile
    
    fos_user_register:
        resource: "@FOSUserBundle/Resources/config/routing/registration.xml"
        prefix: /register
    
    fos_user_resetting:
        resource: "@FOSUserBundle/Resources/config/routing/resetting.xml"
        prefix: /resetting
    
    fos_user_change_password:
        resource: "@FOSUserBundle/Resources/config/routing/change_password.xml"
        prefix: /profile
    

    Thanks in advance

    opened by dmontero 38
  • Is this project still maintained?

    Is this project still maintained?

    Hi there,

    As I could see, the last update on master is dated for nearly 4 months ago.

    More than 150 issues and 50 Pull Requests are still waiting and some of them are critical.

    I think this bundle is a must have for developers who wants to make a social connect based application and we can't find better and still alive that him. It would be very bad to see it dying silently...

    So my question is: What would you do for the future?

    If you don't have enough time to maintained, maybe you can add some maintainers on you HWI team to mange code, PR and stable releases management.

    I would be glad to help us about that if you want and I think I'm not the only one. :wink:

    If you don't want to maintain it anymore, I think you should deprecate it and officially pass the lead to another organisation or person.

    I'm impatient to see your answer and make this project moving. :smile:

    Best regards

    cc @asm89 @fritsjanb @koenc @stloyd @WVan @XWB

    opened by soullivaneuh 27
  • Login Facebookuser into Symfony per AJAX

    Login Facebookuser into Symfony per AJAX

    Hello,

    i am currently playing around with this bundle and was wondering if it is possible to trigger the symfony-login after a successful facebook-login (via the facebook login button) per AJAX.

    If i understand this example right, in the most cases one would do the following to log the user into the symfony application:

    • Make sure that the facebook javascript SDK is loaded
    • When the user clicks on the facebook login button (and the user has not authorized the app) call FB.login()
    • After a successful login on the facebook-side, trigger the symfony login by issuing a GET to the URL defined for the hwi_oauth_service_redirect-route
    • Then the bundles ConnectController::redirectToServiceAction() is executed on the serverside which results in a redirect to facebooks oauth endpoint to get the oauth code (which in turn is required to log the user successfully into the symfony application).

    The problem i am facing now is that i am working on a single page application where the page must not be reloaded. So my first naive approach was to - in the FB.login-callback - issue the GET to hwi_oauth_service_redirect (resp. login/facebook) per AJAX like the following:

    $.ajax({
      url: 'login/facebook',
      type: 'GET',
      dataType: 'json',
      crossDomain: true,
    })
    .done(function(data, textStatus, jqXHR){
      console.info(data)
    })
    .fail(function(jqXHR, textStatus, errorThrown){
      console.warn('Could not login facebook user')
    });
    
    

    When i try to do this, unfortunately i run into cross-domain-issues and Firebug shows the following message:

    Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://www.facebook.com/dialog/oauth?response_type=code&client_id=MY_APP_CLIENT_ID&scope=emall&redirect_uri=MY_REDIRECT_UR/login/check-facebook&display=popup. This can be fixed by moving the resource to the same domain or enabling CORS.
    

    In contrast when i call the related URI (MY_DOMAIN/login/facebook) by reloading the page as shown in the docs everything works fine and the user is logged in on both sides (facebook and my symfony app).

    As i am not sure if am doing everything right or if i am missing something here, my question is: is it possible to trigger the symfony-login as described above (per AJAX) and am i just missing something or is it just not possible to do this?

    My configuration of the bundle looks something like the following:

    # app/config/config.yml
    
    hwi_oauth:
      connect:
          account_connector: my_custom_oauth_userprovider_service
      firewall_name: main
      fosub:
          username_iterations: 5
          properties:
             facebook: facebookId
      resource_owners:
        facebook:
          type:           facebook
          client_id:      MY_APP_CLIENT_ID
          client_secret:  MY_APP_CLIENT_SECRET
          scope:          "email"
          options:
              display: popup 
          infos_url:     "https://graph.facebook.com/me?fields=username,name,email,picture.type(square)"
          paths:
              email:          email
              profilepicture: picture.data.url
    
    
    # app/config/security.yml
    
    security:
        providers:
            fos_userbundle:
                id: fos_user.user_provider.username_email
    
        firewalls:
            main:
                pattern: ^/
                form_login:
                    success_handler: my_custom.authentication_success_handler
                    provider: fos_userbundle
                    csrf_provider: form.csrf_provider
                logout:
                  path: /logout
                  success_handler: my_custom.security.handler.logout
                anonymous:    true
    
                # HWIOAuth-related configuration:
                oauth:
                    resource_owners:
                        facebook: "/login/check-facebook"
                    login_path:        /login
                    use_forward:       false
                    failure_path:      /login
                    success_handler: my_custom.authentication_success_handler
                    oauth_user_provider:
                      service: my_custom.oauth_user_provider
    
            # some configuration for other firewalls...
    
        access_control:
              - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
              # more access_control stuff...
    
    
    # app/config/routing.yml
    
    hwi_oauth_redirect:
        resource: "@HWIOAuthBundle/Resources/config/routing/redirect.xml"
        prefix:   /login
    
    facebook_login:
        pattern: /login/facebook
    
    # imported FOS-UserBundle routes and custom routes... 
    
    Support request 
    opened by fnordo 27
  • Refactoring of resource owners and responses to handle unique data properly for all resources

    Refactoring of resource owners and responses to handle unique data properly for all resources

    Changes:

    • Added UserResponseInterface#getRealName() method, also new default path realname was added, this path holds real name of user
    • Added new path uuid that now hold an unique user identifier
    • [BC break] Method UserResponseInterface#getUsername() now always returns an real unique user identifier, an uses path uuid
    • [BC break] Path username no longer holds an unique user identifier
    • [BC break] OAuth1RequestTokenStorageInterface#save() second param $token now must be an array

    This PR is an replacement for #103.

    As those changes are quite big, I would think also about renaming of profilepicture to avatar / picture or so.

    Also this is more like PoV than totally working solution, but I would like to know what you think about this @asm89.

    opened by stloyd 24
  • Fix deprecated usages (SF 2.6/2.7/2.8)

    Fix deprecated usages (SF 2.6/2.7/2.8)

    This PR is a remake of #730.

    All BC will be kept for Symfony 2.3+.

    What is done here:

    • symfony/phpunit-bridge package install to get more proper deprecation notices
    • Updated Travis configuration
    • Drop FOSUserBundle 1.2 support (Only for symfony <2.3)
    • Add missing symfony/form package
    • Fix deprecated SecurityContextInterface usage
    • Fix deprecated OptionsResolverInterface usage
    • Fix deprecated OptionsResolver::setAllowedValues arguments usage
    • Fix deprecated OptionsResolver::setOptional method usage
    • Fix deprecated OptionsResolver::setNormalizers method usage
    • Fix deprecated OptionsResolver::addAllowedTypes method usage
    • Fix new UndefinedOptionsException thrown error
    • Improves ConnectController with Controller extends ($this->render, $this->redirect...)
    • Tests for ConnectController
    • Remove deprecated usages on ConnectController

    Todo:

    • Add friendsofsymfony/user-bundle as a dev requirement.
    • Remove ugly goto case from ConnectController

    The list will be updated as long as I'm working on it. Will remove [WIP] tag when it will be finished.

    Bugfix 
    opened by soullivaneuh 21
  • linkedin scope option

    linkedin scope option

    Linkedin supports the scope when requesting the token (e.g. permissions to get email address)

    https://developer.linkedin.com/documents/authentication#granting

    Passing the scope via URL did not work. It seems the scope should be passed as an argument to getRequestToken()

    I've implemented it on the linkedin class. If some other oauth1 providers need a similar option, this logic can be moved to the parent class.

    opened by elvisciotti 21
  • Login redirect loop

    Login redirect loop

    Hello, I'm using this bundle since a while and it works fine, my OAuthUserProvider main function looks like this:

    public function loadUserByOAuthUserResponse(UserResponseInterface $response)
    {
        $attr = $response->getResponse();
        try {
            switch($response->getResourceOwner()->getName()) {
                case 'google':
                    if(!$user = $this->userRepository->findOneByGoogleId($attr['id'])) {
                        if(($user = $this->userRepository->findOneByEmail($attr['email'])) && $attr['verified_email']) {
                            $user->setGoogleId($attr['id']);
                            if (!$user->getName()) {
                                $user->setName($attr['name']);
                            }
                            $user->setGoogleName($attr['name']);
                            $user->setGoogleProfilePictureUrl($attr['picture']);
                        }else{
                            $user = new User();
                            $user->setUsername($this->userRepository->createUsernameByEmail($attr['email']));
                            $user->setEmail($attr['email']);
                            $user->setName($attr['name']);
                            $user->setPassword('');
                            $user->setIsActive(true);
                            $user->setGoogleId($attr['id']);
                            $user->setGoogleName($attr['name']);
                            $user->setGoogleProfilePictureUrl($attr['picture']);
                            $user->addGroup($this->groupRepository->findOneByRole('ROLE_USER'));
                            $this->entityManager->persist($user);
                        }
                    }
                    break;
                case 'facebook':
                    if(!$user = $this->userRepository->findOneByFacebookId($attr['id'])) {
                        if(($user = $this->userRepository->findOneByEmail($attr['email'])) && $attr['verified']) {
                            $user->setFacebookId($attr['id']);
                            if (!$user->getName()) {
                                $user->setName($attr['name']);
                            }
                            $user->setFacebookUsername($attr['username']);
                        }else{
                            $user = new User();
                            $user->setUsername($this->userRepository->createUsernameByEmail($attr['email']));
                            $user->setEmail($attr['email']);
                            $user->setName($attr['name']);
                            $user->setPassword('');
                            $user->setIsActive(true);
                            $user->setFacebookId($attr['id']);
                            $user->setFacebookUsername($attr['username']);
                            $user->addGroup($this->groupRepository->findOneByRole('ROLE_USER'));
                            $this->entityManager->persist($user);
                        }
                    }
                    break;
                case 'twitter':
                    if(!$user = $this->userRepository->findOneByTwitterId($attr['id'])) {
                        $user = new User();
                        $user->setUsername($this->userRepository->createUsernameBySocialUsername($attr['screen_name']));
                        $user->setName($attr['name']);
                        $user->setPassword('');
                        $user->setIsActive(true);
                        $user->setTwitterId($attr['id']);
                        $user->setTwitterUsername($attr['screen_name']);
                        $user->setTwitterProfilePictureUrl($attr['profile_image_url']);
                        $user->addGroup($this->groupRepository->findOneByRole('ROLE_USER'));
                        $this->entityManager->persist($user);
                    } else {
                        $user->setTwitterId($attr['id']);
                        $user->setTwitterUsername($attr['screen_name']);
                        $user->setTwitterProfilePictureUrl($attr['profile_image_url']);
                    }
                    break;
            }
        } catch (\Exception $e) {
            throw new AccountNotLinkedException("Error loggin in with social");
        }
    
        if (null === $user) {
            throw new AccountNotLinkedException(sprintf("User '%s' not found.", $attr['email']));
        }
    
        $serviceName = $response->getResourceOwner()->getName();
        $setter = 'set' . ucfirst($serviceName) . 'AccessToken';
        $secretSetter = 'set' . ucfirst($serviceName) . 'AccessTokenSecret';
        $accessToken = $response->getAccessToken();
    
        if (is_array($accessToken)) {
            if (isset($accessToken['oauth_token']) && method_exists($user, $setter)) {
                $user->$setter($accessToken['oauth_token']);
            }
            if (isset($accessToken['oauth_token_secret']) && method_exists($user, $secretSetter)) {
                $user->$secretSetter($accessToken['oauth_token_secret']);
            }
        } else {
            if (method_exists($user, $setter)) {
                $user->$setter($accessToken);
            }
        }
    
        $this->entityManager->flush();
    
        return $user;
    }
    

    It worked fine but today I've left my pc open for a while and after reloading the page I got a redirect loop to the login page, I've tried to debug and it seems that the OauthUserProvider was used to get the user (which seems strange), the $reponse I'm getting is this:

    object(HWI\Bundle\OAuthBundle\OAuth\Response\AdvancedPathUserResponse)[420]
      protected 'paths' => 
        array (size=5)
          'identifier' => string 'id' (length=2)
          'nickname' => string 'name' (length=4)
          'realname' => string 'name' (length=4)
          'email' => string 'email' (length=5)
          'profilepicture' => string 'picture' (length=7)
      protected 'response' => 
        array (size=1)
          'error' => 
            array (size=3)
              'errors' => 
                array (size=1)
                  ...
              'code' => int 401
              'message' => string 'Invalid Credentials' (length=19)
      protected 'resourceOwner' => 
        object(HWI\Bundle\OAuthBundle\OAuth\ResourceOwner\GoogleResourceOwner)[411]
          protected 'options' => 
            array (size=7)
              'authorization_url' => string 'https://accounts.google.com/o/oauth2/auth' (length=41)
              'access_token_url' => string 'https://accounts.google.com/o/oauth2/token' (length=42)
              'infos_url' => string 'https://www.googleapis.com/oauth2/v1/userinfo' (length=45)
              'scope' => string 'https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile' (length=95)
              'user_response_class' => string '\HWI\Bundle\OAuthBundle\OAuth\Response\AdvancedPathUserResponse' (length=63)
              'client_id' => string '#########.apps.googleusercontent.com' (length=72)
              'client_secret' => string '###############' (length=24)
          protected 'paths' => 
            array (size=5)
              'identifier' => string 'id' (length=2)
              'nickname' => string 'name' (length=4)
              'realname' => string 'name' (length=4)
              'email' => string 'email' (length=5)
              'profilepicture' => string 'picture' (length=7)
          protected 'httpClient' => 
            object(Buzz\Client\Curl)[276]
              private 'lastCurl' => resource(2735, curl)
              protected 'options' => 
                array (size=0)
                  ...
              protected 'ignoreErrors' => boolean true
              protected 'maxRedirects' => int 5
              protected 'timeout' => int 5
              protected 'verifyPeer' => boolean true
          protected 'name' => string 'google' (length=6)
          public 'httpUtils' => 
            object(Symfony\Component\Security\Http\HttpUtils)[94]
              private 'urlGenerator' => 
                object(Symfony\Bundle\FrameworkBundle\Routing\Router)[244]
                  ...
              private 'urlMatcher' => 
                object(Symfony\Bundle\FrameworkBundle\Routing\Router)[244]
                  ...
      protected 'accessToken' => string 'somereplacedaccesstoken' (length=59)
    

    so without any attribute of the user being logged (maybe due expired tokens). In the logs I get this error:

    INFO - Authentication exception occurred; redirecting to authentication entry point (Could not follow path "id" in OAuth provider response: array ( 'error' => array ( 'errors' => array ( 0 => array ( 'domain' => 'global', 'reason' => 'authError', 'message' => 'Invalid Credentials', 'locationType' => 'header', 'location' => 'Authorization', ), ), 'code' => 401, 'message' => 'Invalid Credentials', ), ))
    

    and then the redirect loop. Any idea? Maybe it fails to use the user provider from the main app and fallback to this one? Since before this log I see it queries mysql for the user and it should find it since the query returns the row.

    opened by alex88 20
  • Redirect me again to register form

    Redirect me again to register form

    I sign in with facebook, the user doesn exist so the bundle redirect to the register form. Then I create the user and log in again, but the bundle redirect again to de register form instead of login the user. I see that de parameter of the user entity facebookId is not fill en the database.

    opened by joseadame 19
  • Resource owner invalid setting.

    Resource owner invalid setting.

    Hello there,

    I have the following error.

    An exception has been thrown during the rendering of a template ("The option "display" with value null is invalid. Accepted values are: "page", "popup", "touch".")
    

    The Facebook and Google ResourceOwner set the allowed values to something except null which is the default value of display. Looks like the OptionsResolver is more strict now and the allowed values should contain a null one.

    Please advice. I can create a small pr for this.

    Bug 
    opened by agounaris 19
  • No route found for

    No route found for "GET /login/check-google"

    Hi

    I am trying to run Symfony 2.1 and HWIOAuthBundle (composer reports used version: dev-master b75f0a6)

    My problem is, that after success authentication in google, I am redirected to the page

    http://localhost/crc/login/check-google?code=

    and symfony reports that this route is not defined.

    HWIOAuthBundle documentetion suggests to define (google_login) path in routing.yml, it is already done

    hwi_oauth_redirect:
        resource: "@HWIOAuthBundle/Resources/config/routing/redirect.xml"
        prefix:   /connect
    
    hwi_oauth_connect:
        resource: "@HWIOAuthBundle/Resources/config/routing/connect.xml"
    
    hwi_oauth_security:
        resource: "@HWIOAuthBundle/Resources/config/routing/login.xml"
        prefix: /login
    
    
    google_login:
        pattern: /login/check-google
    

    unfortunately it does not work.

    My security.xml looks like:

    providers:
        in_memory:
            memory:
    
    firewalls:
        dev:
            pattern:  ^/(_(profiler|wdt)|css|images|js)/
            security: false
        connect:
            pattern:  ^/connect
            anonymous: ~
        login:
            pattern:  ^/login
            anonymous: ~
        secured_area:
            pattern:  ^/
            anonymous: false
            oauth:
                resource_owners:
                    google: "/login/check-google"
                login_path: /login
                failure_path: /login/fail
                default_target_path: /account
                oauth_user_provider:
                    service: hwi_auth.oauth_user_provider
    

    and config.xml

    hwi_oauth:
        firewall_name: secured_area
        resource_owners:
            google:
                type:                google
                client_id:           xxx
                client_secret:       xx
                scope:               "https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile"
    
    services:
        hwi_auth.oauth_user_provider:
            class: HWI\Bundle\OAuthBundle\Security\Core\User\OAuthUserProvider
    

    What did I wrong? Where is an action, which should handle that request - maybe it is enough to just fix a route definition.

    opened by mrok 19
  • RefreshTokenListener calls resourceOwner::getUserInformation on each request

    RefreshTokenListener calls resourceOwner::getUserInformation on each request

    | Q | A | ------------------| --- | Bug? | yes (I think so) | New Feature? | no | Support question? | no | Version | 2.x

    Actual Behavior

    When I enable the auto refreshing of expired access tokens the listener calls OAuthAuthenticator::refreshToken, which (even if the token does not need to be refreshed) always calls $resourceOwner->getUserInformation that will execute an http call to the resource provider. So on each request an http request is made, which seems not needed. Is this desired behaviour?

    Expected Behavior

    Only call $resourceOwner->getUserInformation the token is actually refreshed (or only even when the token is initially created during authentication?)

    Steps to Reproduce

    1. Configure a OAuth2 resource owner
    2. Enable auto refreshing of expired access tokens
    3. Login with OAuth2
    4. Obverse a http call to userinfo on each request

    Possible Solutions

    I tried to read to the code, and I see the refreshToken method is also called from authenticate, I think some code could be moved/refactored between those methods.

    opened by starred-gijs 0
  • Invalid definition for service HWI\Bundle\OAuthBundle\Controller\Connect\RegisterController

    Invalid definition for service HWI\Bundle\OAuthBundle\Controller\Connect\RegisterController

    The current master branch gives the following error when running:

    php bin/console lint:container --verbose
    

    Error:

    [ERROR] Invalid definition for service "HWI\Bundle\OAuthBundle\Controller\Connect\RegisterController": argument 10 of
             "HWI\Bundle\OAuthBundle\Controller\Connect\RegisterController::__construct()" accepts "string", "null" passed.
    
    opened by nicodemuz 1
  • Fix PHP 8.2 compatibility

    Fix PHP 8.2 compatibility

    Fixes deprecation notice when running on PHP 8.2: Deprecated: Use of "parent" in callables is deprecated

    Since we are requiring Symfony ^4.4, __serialize() is already there (since v4.3) so we don't need to check if it exists: https://github.com/symfony/symfony/blob/c52b0edeb04feab571e2514ac8d613aed186d5ed/src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php#L160-L182

    Added PHP 8.2 to the build matrix too.

    Failing style check is not related.

    opened by IonBazan 0
  • Proof key for code exchange (PKCS) support

    Proof key for code exchange (PKCS) support

    | Q | A | ------------------| --- | Bug? | no | New Feature? | yes | Support question? | no | Version | 2.x

    Possible Solutions

    I am in need for PKCS support as more and more identity servers are requiring it. I have managed to extend GenericOAuth2ResourceOwner class to support it, but it would be nice to support it out of the box using parameters. Related to #1658

    Would you accept a pull request?

    opened by OskarsPakers 0
  • Error

    Error "Unable to find the controller for path …The route is wrongly configured." . How to configure the "check" Controller ?

    | Q | A | ------------------| --- | Bug? | no | New Feature? | no | Support question? | yes | Version | 2.x

    My question

    I don't understand that part of the documentation. Those routes are declared but do not target to any controller. Is this normal? (see here) image

    My case and my issue

    I confirmed everything as indicated in the documentation for Azure (resource owner). See below my security.yaml, hwi_oauth.yaml…

    I successfully manage to be redirected to Azure in order to log in and, once logged, to be redirected back to my application on the "/login/check-azure" route (as indicated in my security.yaml). The reply URL looks well in my browser : http://localhost/login/check-azure?code=0.ATEA41mpfLamBE6PWLnLKh_fKxxxxxxxxx

    ⚠️ But I've got the Symfony error : "Unable to find the controller for path "/login/check-azure". The route is wrongly configured." This does not surprise me too much because at no time is the controller defined for this route. What part am I missing? 🤔

    Thanks for your help

    My config files

    routes/hwi_oauth_routing.yaml :

    hwi_oauth_redirect:
        resource: "@HWIOAuthBundle/Resources/config/routing/redirect.xml"
        prefix:   /redirect
    
    hwi_oauth_connect:
        resource: "@HWIOAuthBundle/Resources/config/routing/connect.xml"
        prefix:   /connect
    
    hwi_oauth_login:
        resource: "@HWIOAuthBundle/Resources/config/routing/login.xml"
        prefix:   /login
    
    azure_login:
        path: /login/check-azure
    

    config/hwi_oauth.yaml :

    hwi_oauth:
        # list of names of the firewalls in which this bundle is active, this setting MUST be set
        firewall_names: [main]
        # https://github.com/hwi/HWIOAuthBundle/blob/master/Resources/doc/2-configuring_resource_owners.md
        resource_owners:
            azure:
                type: azure
                client_id: 70a35xxx-xxxx-xxxx-xxxx-xxxx 
                client_secret: xxxxxxxxxxxxxxx
                redirect_uri: xxxxxxxx
                options:
                    application: xxxxxxxx
                    scope: https://graph.microsoft.com/User.Read
    

    config/security.yaml :

    security:
        providers:
            users:
                entity:
                    class: App\Entity\User
                    property: email
        firewalls:
            dev:
                pattern: ^/(_(profiler|wdt)|css|images|js)/
                security: false
            main:
                pattern: ^/
                # Azure SSO (Oauth) 
                oauth:
                    resource_owners:
                        azure: "/login/check-azure"
                    login_path: "/redirect/azure"
                    use_forward: false
                    failure_path: "/login"
    
                    oauth_user_provider:
                        service: App\Service\Security\AzureSamlUserProviderService
    
    opened by damienfa 0
Releases(2.0.0-BETA2)
  • 2.0.0-BETA2(Jan 16, 2022)

    Changelog

    • Deprecated: configuration parameter firewall_names, firewalls are now computed automatically - all firewalls that have defined oauth authenticator/provider will be collected,
    • Added: Ability to automatically refresh expired access tokens (only for derived from GenericOAuth2ResourceOwner resource owners), if option refresh_on_expire set to true,
    • Enhancement: Refresh token listener is disabled by default and will only be enabled if at least one resource owner has option refresh_on_expure set to true,
    • Enhancement: (@internal) Removed/replaced redundant argument $firewallNames from controllers. If controller class was copied and replaced, adapt list of arguments: In controller use $resourceOwnerMapLocator->getFirewallNames(),
    • Bugfix: RefreshTokenListener cannot be lazy. If current firewall is lazy (or anonymous: lazy) then current auth token is often initializing on kernel.response. In this case new access token will not be stored in session. Therefore, the expired token will be refreshed on each request,
    • Bugfix: InteractiveLoginEvent will be triggered also for OAuthAuthenticator,
    • Maintain: Changed config files from *.xml to *.php (services and routes). Xml routing configs connect.xml, login.xml and redirect.xml are steel present but deprecated. Please use *.php variants in your includes instead.

    Details What's Changed

    • increase phpstan to level 2 by @dmaicher in https://github.com/hwi/HWIOAuthBundle/pull/1754
    • Define hwi_oauth.connect.confirmation parameter by @franmomu in https://github.com/hwi/HWIOAuthBundle/pull/1756
    • Maintain | Remove Makefile in favour of composer scripts by @stloyd in https://github.com/hwi/HWIOAuthBundle/pull/1766
    • make twig extension lazy by using a Runtime by @dmaicher in https://github.com/hwi/HWIOAuthBundle/pull/1741
    • Remove support for FOSUser bundle by @stloyd in https://github.com/hwi/HWIOAuthBundle/pull/1732
    • bump to phpstan level 3 by @dmaicher in https://github.com/hwi/HWIOAuthBundle/pull/1770
    • Bump minimal PHP version to 7.4 by @XWB in https://github.com/hwi/HWIOAuthBundle/pull/1774
    • Maintain | Adjust codebase to match PHPStan level 5 by @stloyd in https://github.com/hwi/HWIOAuthBundle/pull/1771
    • Use type hints and return types in ResourceOwnerMapInterface by @XWB in https://github.com/hwi/HWIOAuthBundle/pull/1773
    • Rework ResourceOwnerMap to use service locator instead of whole DI container by @stloyd in https://github.com/hwi/HWIOAuthBundle/pull/1775
    • Bugfix | Prevent issue with missing parameter when connect option is not enabled by @stloyd in https://github.com/hwi/HWIOAuthBundle/pull/1782
    • Maintain | Update min. Twig version to work with PHP 8 by @stloyd in https://github.com/hwi/HWIOAuthBundle/pull/1789
    • [BC Break] Rework resource owners to use Symfony Http Client internally by @stloyd in https://github.com/hwi/HWIOAuthBundle/pull/1681
    • BC Break | Make classes final where expected & adjust types to PHP 7.4 by @stloyd in https://github.com/hwi/HWIOAuthBundle/pull/1778
    • Maintain | Update tests to use type & return hints by @stloyd in https://github.com/hwi/HWIOAuthBundle/pull/1791
    • Update Yahoo resource owner to use OAuth2 by @stloyd in https://github.com/hwi/HWIOAuthBundle/pull/1790
    • [2.x] Fix HTTP client definition by @Jean85 in https://github.com/hwi/HWIOAuthBundle/pull/1792
    • Maintain | Fixed php-cs-fixer & phpstan reports by @stloyd in https://github.com/hwi/HWIOAuthBundle/pull/1801
    • Rework Github Actions to be more efficient by @stloyd in https://github.com/hwi/HWIOAuthBundle/pull/1807
    • Update link to LinkedIn by @alexislefebvre in https://github.com/hwi/HWIOAuthBundle/pull/1811
    • Fix EntityUserProviderTest by @sjerdo in https://github.com/hwi/HWIOAuthBundle/pull/1822
    • Fix parsing OAuth1.0a responses for Twitter by @sjerdo in https://github.com/hwi/HWIOAuthBundle/pull/1821
    • Spotify | Add path for profile picture by @sjerdo in https://github.com/hwi/HWIOAuthBundle/pull/1819
    • Pass content in HTTP POST request on OAuth server by @rmlev in https://github.com/hwi/HWIOAuthBundle/pull/1826
    • Fix code style issue by @sjerdo in https://github.com/hwi/HWIOAuthBundle/pull/1827
    • Maintain | Update compatibility with PHP 8.1 by @stloyd in https://github.com/hwi/HWIOAuthBundle/pull/1828
    • Maintain | Rework CI by @stloyd in https://github.com/hwi/HWIOAuthBundle/pull/1829
    • Maintain | Update PHPStan to version 1.0 by @stloyd in https://github.com/hwi/HWIOAuthBundle/pull/1830
    • Maintain | Add support for Symfony 6 by @stloyd in https://github.com/hwi/HWIOAuthBundle/pull/1800
    • Maintain | Merge branch 1.4 into master one by @stloyd in https://github.com/hwi/HWIOAuthBundle/pull/1834
    • Maintain | Run new security already on Symfony 5.4 by @stloyd in https://github.com/hwi/HWIOAuthBundle/pull/1837
    • Bugfix | Test BC layer for Symfony Security <5.4 by @stloyd in https://github.com/hwi/HWIOAuthBundle/pull/1839
    • Bugfix | Fixed issue when connect configuration is not set but ConnectController was used by @stloyd in https://github.com/hwi/HWIOAuthBundle/pull/1844
    • Reviewed authenticator and made refreshToken method public. by @gassan in https://github.com/hwi/HWIOAuthBundle/pull/1831
    • Maintain | Adjust docs to follow Symfony changes by @stloyd in https://github.com/hwi/HWIOAuthBundle/pull/1845
    • Bugfix | Added missing RememberMeBadge into OAuth passport by @stloyd in https://github.com/hwi/HWIOAuthBundle/pull/1846
    • Force particular methods on internal routes by @stloyd in https://github.com/hwi/HWIOAuthBundle/pull/1847
    • Maintain | Rework bundle structure to match Symfony best practices by @stloyd in https://github.com/hwi/HWIOAuthBundle/pull/1799
    • oauth token of the same class will be created. fix in tests by @gassan in https://github.com/hwi/HWIOAuthBundle/pull/1849
    • Track oauth requests by symfony-profiler by @gassan in https://github.com/hwi/HWIOAuthBundle/pull/1852
    • Allow null User for refreshing oauth token by @gassan in https://github.com/hwi/HWIOAuthBundle/pull/1855
    • Http client for symfony 4.4 by @gassan in https://github.com/hwi/HWIOAuthBundle/pull/1856
    • RFC | Lets switch configs from xml to php by @gassan in https://github.com/hwi/HWIOAuthBundle/pull/1859
    • Review: Removed/replaced redundant parameter $firewallNames in Controllers by @gassan in https://github.com/hwi/HWIOAuthBundle/pull/1861
    • auto refresh oauth2 token on expire by @gassan in https://github.com/hwi/HWIOAuthBundle/pull/1850
    • Maintain | Improved code quality by adding hint & return types by @stloyd in https://github.com/hwi/HWIOAuthBundle/pull/1863
    • Keycloak: default paths mapping for a new created keycloak realm by @gassan in https://github.com/hwi/HWIOAuthBundle/pull/1858
    • Removed option firewall_names by @gassan in https://github.com/hwi/HWIOAuthBundle/pull/1864
    • Maintain | Added new Composer 2.2 config for "allow-plugins" by @stloyd in https://github.com/hwi/HWIOAuthBundle/pull/1865
    • Bugfix: Refresh token listener should not be lazy. by @gassan in https://github.com/hwi/HWIOAuthBundle/pull/1867
    • set resourceOwner services directly without using tag by @dmaicher in https://github.com/hwi/HWIOAuthBundle/pull/1874
    • Bugfix: InteractiveLoginEvent Event will be triggered also for OAuthAuthenticator by @gassan in https://github.com/hwi/HWIOAuthBundle/pull/1877

    New Contributors

    • @sjerdo made their first contribution in https://github.com/hwi/HWIOAuthBundle/pull/1822
    • @rmlev made their first contribution in https://github.com/hwi/HWIOAuthBundle/pull/1826
    • @gassan made their first contribution in https://github.com/hwi/HWIOAuthBundle/pull/1831

    Full Changelog: https://github.com/hwi/HWIOAuthBundle/compare/1.4.5...2.0.0-BETA2

    Source code(tar.gz)
    Source code(zip)
  • 2.0.0-BETA1(Dec 10, 2021)

    Changelog

    • BC Break: Dropped PHP 7.3 support,
    • BC Break: Dropped support for Symfony: >=5.1 & <5.4 (still with BC layer included),
    • BC Break: OAuthExtension is now a lazy Twig extension using a Runtime,
    • BC Break: removed support for FOSUserBundle,
    • BC Break: changed process() argument for Form/RegistrationFormHandlerInterface, from Form $form to FormInterface $form,
    • BC Break: changed form class name in template Resources/views/Connect/connect_confirm.html.twig from fos_user_registration_register to registration_register,
    • BC Break: removed configuration option fosub from oauth_user_provider,
    • BC Break: removed configuration options hwi_oauth.fosub, & all related DI parameters,
    • BC Break: removed DI parameter hwi_oauth.registration.form.factory in favour of declaring form class name as DI parameter: hwi_oauth.connect.registration_form,
    • BC Break: changed ResourceOwnerMapInterface::hasResourceOwnerByName signature, update if you use a custom resource owner,
    • BC Break: changed ResourceOwnerMapInterface::getResourceOwnerByName signature, update if you use a custom resource owner,
    • BC Break: changed ResourceOwnerMapInterface::getResourceOwnerByRequest signature, update if you use a custom resource owner,
    • BC Break: changed ResourceOwnerMapInterface::getResourceOwnerCheckPath signature, update if you use a custom resource owner,
    • BC Break: ResourceOwnerMap uses service locator instead of DI container,
    • BC Break: Removed abstract services: hwi_oauth.abstract_resource_owner.generic, hwi_oauth.abstract_resource_owner.oauth1 & hwi_oauth.abstract_resource_owner.oauth2,
    • BC Break: Removed setName() method from OAuth/ResourceOwnerInterface,
    • BC Break: changed __construct() argument for OAuth/ResourceOwner/AbstractResourceOwner, from HttpMethodsClient $httpClient to HttpClientInterface $httpClient,
    • BC Break: replaced php-http/httplug-bundle with symfony/http-client
    • BC Break: removed hwi_oauth.http configuration,
    • BC Break: reworked bundles structure to match Symfony best practices:
      • bundle code moved to: src/,
      • tests moved to: tests/,
      • docs moved from Resources/doc into: docs/,
    • BC Break: routes provided by bundle now have methods requirements:
      • hwi_oauth_connect_service: GET & POST,
      • hwi_oauth_connect_registration: GET & POST,
      • hwi_oauth_connect: GET,
      • hwi_oauth_service_redirect: GET,
    • Added support for PHP 8.1,
    • Added support for Symfony 5.4 & 6.0,

    Kudos to "Old" Contributors (random order)

    New Contributors

    • @sjerdo made their first contribution in https://github.com/hwi/HWIOAuthBundle/pull/1822
    • @rmlev made their first contribution in https://github.com/hwi/HWIOAuthBundle/pull/1826
    • @gassan made their first contribution in https://github.com/hwi/HWIOAuthBundle/pull/1831

    Full Changelog: https://github.com/hwi/HWIOAuthBundle/compare/1.4.5...2.0.0-BETA1

    Source code(tar.gz)
    Source code(zip)
  • 1.4.5(Dec 8, 2021)

  • 1.4.3(Dec 7, 2021)

    Changelog:

    • Bugfix: Fixed support for PHP 8.1,
    • Bugfix: Fixed support for Symfony 5.4,
    • Bugfix: Fixed VkontakteResourceOwner option: api_version to not point to deprecated one,
    • Bugfix: RequestStack::getMasterRequest() is deprecated since Symfony 5.3, use RequestStack::getMainRequest() if exists,
    • Maintain: Added GenericOAuth1ResourceOwnerTestCase, GenericOAuth2ResourceOwnerTestCase & ResourceOwnerTestCase test case classes for easier unit testing custom resource owners
    Source code(tar.gz)
    Source code(zip)
  • 1.4.2(Aug 9, 2021)

    Changelog:

    • Bugfix: remove @final declaration from OAuthFactory & FOSUBUserProvider,
    • Maintain: added .gitattributes to reduce amount of code in archives,
    Source code(tar.gz)
    Source code(zip)
  • 1.4.1(Jul 28, 2021)

  • 1.4.0(Jul 26, 2021)

    Changelog:

    • BC Break: dropped Symfony 5.0 support as it is EOL,
    • BC Break: dropped PHP 7.2 support as it is EOL,
    • BC Break: changed __construct() argument for OAuth/RequestDataStorage/SessionStorage, from SessionInterface $session to RequestStack $requestStack,
    • BC Break: all internal classes are "softly" marked as final,
    • Added: Symfony 5.1 Security system support,
    • Added: Forward compatibility layer for session service deprecation,
    • Added: state support for service authentication URL's,
    • Added: ability to change the response after HWIOAuthEvents::CONNECT_COMPLETED is fired,
    • Added: PHPStan static analyse into CI,
    • Fixed: OAuthProvide to properly refresh data inside tokens,
    • Fixed: PHP notice in AppleResourceOwner,
    • Fixed: use new GitHub API in GitHubResourceOwner,
    • Fixed: functional tests with & without FOSUserBundle,
    • Fixed: controller don't depend on service container if possible,
    • Maintain: removed Wunderlist resource owner,
    • Maintain: removed several Symfony BC layers,
    • Maintain: removed Prophecy in favour of PHPUnit mocking,
    Source code(tar.gz)
    Source code(zip)
  • 1.3.0(Jan 3, 2021)

    • BC Break: dropped support for Symfony <4.4,
    • BC Break: dropped support for Doctrine Bundle <2.0,
    • Added PHP 8 support,
    • Upgraded Facebook API to v8.0,
    • Upgraded Twitch resource owner to incorporate latest Twitch API,
    • Fixed: undefined id_token exception in Azure resource owner,
    • Docs: changed firewall name to match flex receipt,
    • Maintain: moved from Travis CI to Github Actions
    Source code(tar.gz)
    Source code(zip)
  • 1.2.0(Oct 19, 2020)

    • BC Break: dropped Symfony 4.3 support,
    • Added first_name & last_name in AzureResourceOwner,
    • Added: support for multiple OAuth2 state parameters,
    • Added: Apple resource owner,
    • Fixed: updated Azure authorization & access_token urls,
    • Fixed: Doctrine persistence deprecation errors,
    • Allow modification of the response in FilterUserResponseEvent,
    Source code(tar.gz)
    Source code(zip)
  • 1.1.0(Apr 6, 2020)

    • Added Symfony 5 support,
    • Added domain whitelist service to avoid open redirect on target_path,
    • Fixed: session service was not injected in LoginController,
    • Fixed: missing setContainer call to service configuration for LoginController,
    • Fixed: client id and client secret must be set in Auth0ResourceOwner::doGetTokenRequest,
    • Fixed: missing client id and client secret in Auth0ResourceOwner,
    • Twig dependency on LoginController is now optional,
    Source code(tar.gz)
    Source code(zip)
  • 1.0.0(Jan 17, 2020)

    • Dropped support for PHP 5.6, 7.0 and 7.1,
    • Dropped support for FOSUserBundle 1.3,
    • Dropped support for Symfony 2.8,
    • Minimum Symfony 3 requirement is 3.4,
    • Minimum Symfony 4 requirement is 4.3,
    • Fixed: WindowsLive Resource Owner token request,
    • Fixed: Update Facebook API to v3.1,
    • Fixed: Update Linkedin API to v2,
    • Fixed: YahooResourceOwner::doGetUserInformationRequest uses wrong arguments,
    • Fixed: Symfony deprecation warning in symfony/config,
    • Fixed: SensioConnect now uses new API URLs,
    • Fixed: Do not add Authorization header if no client_secret is present,
    • Fixed: LoginController::connectAction should not fail if no token is available,
    • Added: Genius.com resource owner,
    • Added: HTTPlug 2.0 support,
    • Added: Keycloak resource owner,
    • Added: The controller is now available as a service,
    • Added: Allow to use HTTP Basic auth for token request,
    • [BC break] Class Configuration has been marked final,
    • [BC break] Class ConnectController has been marked final,
    • [BC break] Class HWIOAuthExtension has been marked final,
    • [BC break] Class OAuthExtension has been marked final,
    • [BC break] Class SetResourceOwnerServiceNameCompilerPass has been marked final,
    • [BC break] Class ConnectController extends AbstractController instead of Controller,
    • [BC break] Service hwi_oauth.http_client has been marked private,
    • [BC break] Service hwi_oauth.security.oauth_utils has been marked private,
    • [BC break] Several service class parameters have been removed,
    Source code(tar.gz)
    Source code(zip)
  • 0.6.3(Jul 31, 2018)

    Here are some details what's in release:

    • Fixed: Vkontakte profile picture & nickname path,
    • Fixed: Content-Length header must be a string,
    • Fixed: Upgraded GitLab end point to v4,
    • Fixed: Resource owner map parameters must be public,
    • Fixed: Azure resource owner infos_url should not be empty,
    • Fixed: Don't start sessions twice & don't start sessions if already started,
    • Fixed: Updated BitBucket docs,
    • Added: Further compatibility changes for Symfony 4.1,
    • Added: LinkedIn first- & last- names,
    • Added: Facebook profile picture
    Source code(tar.gz)
    Source code(zip)
  • 0.6.2(Mar 28, 2018)

    Here are some details what's in release:

    • Fixed: VK requires API version now,
    • Fixed: Updated Slack resource owner to use new Slack API methods,
    • Fixed: Changing authorization and access token to v2 for LinkedIn,
    • Fixed: Fix double call of getUserInformation() in ConnectController,
    • Fixed: Fix serialization of AccountNotLinkedException,
    • Fixed: Check for grant_rule value IS_AUTHENTICATED_FULLY in DI configuration,
    • Fixed: Don't execute OAuthProvider::refreshAccessToken() when there is no refresh token
    Source code(tar.gz)
    Source code(zip)
  • 0.6.1(Jan 23, 2018)

    Here are some details what's in release:

    • BC BREAK: Replaced PHPUnit_Framework_TestCase with PHPUnit\Framework\TestCase in tests,
    • Added: Implemented getUserInformation() for Dropbox v2,
    • Fixed: Headers passed to httpRequest() method in various resource owners,
    • Fixed: Marked some services as public to make code compatible with Symfony 4
    Source code(tar.gz)
    Source code(zip)
  • 0.6.0(Dec 1, 2017)

    Finally a long awaited version 0.6.0 arrived!

    Here are some details what's in release:

    • BC BREAK: Fully replaced Buzz library with usage of HTTPlug & Guzzle 6,
    • BC BREAK: hwi.http_client config options are remove. HTTP configuration must rely on the HTTPlug client,
    • BC BREAK: Template engine other than Twig are no longer supported,
    • BC BREAK: Option hwi_oauth.templating_engine was removed,
    • Added: Symfony 4 support,
    • Added: php-http/httplug-bundle support, to auto-provide needed HTTPlug services and get full Symfony integration,
    • Added: hwi.http.client and hwi.http.message_factory config keys to provide your own HTTPlug services,
    • Added: HWIOAuthEvents class with definition of bundle events,
    • Added: ResourceOwnerInterface::addPaths() method for easier managing paths in resource owners,
    • Fixed: Update Facebook API to v2.8
    Source code(tar.gz)
    Source code(zip)
  • 0.5.3(Jan 8, 2017)

    Note: this is last bugfix release for version 0.5, please upgrade to version 0.6.

    Here are some details what's in release:

    • Fixed: Bitbucket2 resource owner,
    • Fixed: GitHub resource owner documentation,
    • Fixed: Don't require any form for the connect feature,
    • Fixed: Uncaught exception with custom error page,
    • Fixed: php-cs-fixer updated to latest version & run on base code
    Source code(tar.gz)
    Source code(zip)
  • 0.5.2(Dec 12, 2016)

    Here are some details what's in release:

    • Fixed: Prevent uncaught exception when redirecting to invalid route,
    • Fixed: Add more details too exception when account was not linked,
    • Fixed: Odnoklassinki resource owner,
    • Fixed: Office365 resource owner,
    • Fixed: StackExchange resource owner,
    • Fixed: WeChat resource owner,
    • Fixed: WindowsLive resource owner
    Source code(tar.gz)
    Source code(zip)
  • 0.5.1(Nov 1, 2016)

    Here are some details what's in release:

    • Fixed error that could occur with message "302 Header already sent",
    • Exclude tests from Composer autoloader
    Source code(tar.gz)
    Source code(zip)
  • 0.5.0(Sep 11, 2016)

    Finally a long awaited version 0.5.0 arrived!

    Here are some details what's in release:

    • Fixed: OAuthHelper should fallback to new Request in case of receiving null,
    • Fixed: Better FOSUserBundle integration,
    • Fixed: Serialization issue in WechatResourceOwner,
    • Fixed: Incorrect refresh token in WechatResourceOwner,
    • Fixed: Broken TrelloResourceOwner,
    • Fixed: Removed dead code in OAuthProvider,
    • Fixed: Update Facebook API to v2.7,
    • Added: Symfony 3 support,
    • Added: Redirect to target_path after successful registration/connection,
    • Added: Asana resource owner,
    • Added: Bitbucket resource owner,
    • Added: Clever resource owner,
    • Added: Itembase resource owner,
    • Added: Jawbon resource owner,
    • Added: Office365 resource owner,
    • Added: Wunderlist resource owner,
    • Added: Hungarian translation
    Source code(tar.gz)
    Source code(zip)
  • 0.4.3(Sep 11, 2016)

    Note: this is last bugfix release for version 0.4, please upgrade to version 0.5

    Here are some details what's in release:

    • Fixed: Request parameters are not copied into new Request on forward
    • Fixed: Fixed scope deprecating message
    • Fixed: Resolved deprecated message in ConnectController
    • Fixed: Removed usage of deprecated code in tests
    Source code(tar.gz)
    Source code(zip)
  • 0.4.2(Jul 27, 2016)

    Here are some details what's in release:

    • Fixed: Change Discogs URL from http to https
    • Fixed: Update Facebook API URLs to not use outdated ones
    Source code(tar.gz)
    Source code(zip)
  • 0.4.1(Mar 8, 2016)

    Here are some details what's in release:

    • Fixed: Remove usage of deprecated Twig function form_enctype & replace with usage of form_start/form_end,
    • Fixed: Mark as not fully compatible with Symfony ~3.0,
    • Fixed: Multiple firewalls can now have different resource owners,
    • Fixed: Wrong URL generated for Safesforce resource owner,
    • Added: include_email option into Twitter resource owner,
    • Added: Hungarian translation,
    • Added: Documentation about FOSUser integration
    Source code(tar.gz)
    Source code(zip)
  • 0.4.0(Dec 4, 2015)

    Finally a long awaited version 0.4.0 arrived!

    Here are some details what's in release:

    • [BC break] Added UserResponseInterface#getFirstName() method, also a new default path firstname was added, this path holds the first name of user,
    • [BC break] Added UserResponseInterface#getLastName() method, also a new default path lastname was added, this path holds the last name of user,
    • [BC break] Added UserResponseInterface::getOAuthToken() & basic implementation in AbstractUserResponse,
    • [BC break] GenericOAuth1ResourceOwner::getRequestToken() is now public method (was protected),
    • Added: configuration parameter firewall_name (will be removed in next major version) renamed to firewall_names to support multiple firewalls,
    • Added: configuration parameter: failed_auth_path which contains route name, on which user will be redirected after failure when connecting accounts (i.e. user denies connection),
    • Added: appsecret_proof functionality support to the Facebook resource owner,
    • Added: sandbox functionality support to the Salesforce resource owner,
    • Added Auth0 resource owner,
    • Added Azure resource owner,
    • Added BufferApp resource owner,
    • Added Deezer resource owner,
    • Added Discogs resource owner,
    • Added EveOnline resource owner,
    • Added Fiware resource owner,
    • Added Hubic resource owner,
    • Added Paypal resource owner,
    • Added Reddit resource owner,
    • Added Runkeeper resource owner,
    • Added Slack resource owner,
    • Added Spotify resource owner,
    • Added Soundcloud resource owner,
    • Added Strava resource owner,
    • Added Toshl resource owner,
    • Added Trakt resource owner,
    • Added Wechat resource owner,
    • Added Wordpress resource owner,
    • Added Xing resource owner,
    • Added Youtube resource owner,
    • Fixed: Revoking tokens for Facebook & Google resource owners,
    • Fixed: Instagram allows only GET calls to fetch user details,
    • Fixed: ResourceOwnerMap no longer depends on deprecated ContainerAware class,
    • Fixed: Wrong usage of json_decode in Mail.ru resource owner,
    • Fixed: Transform storage exceptions in OAuth1 resource owners into AuthenticationException
    • Fixed: Default scopes & fields for VKontakte resource owner
    Source code(tar.gz)
    Source code(zip)
  • 0.3.9(Aug 28, 2015)

    • Fix: Remove deprecated Twig features
    • Fix: Undefined variable in FOSUBUserProvider::refreshUser
    • Fix: Restore property accessor for Symfony 2.3
    Source code(tar.gz)
    Source code(zip)
  • 0.3.8(May 4, 2015)

    • Fix: Remove BC break for Symfony < 2.5,
    • Fix: Compatibility issues with Symfony 2.6+,
    • Fix: Don't use deprecated graph URLs for FacebookResourceOwner
    Source code(tar.gz)
    Source code(zip)
  • 0.3.7(Nov 15, 2014)

    • Fix: SessionStorage::save() could throw php error,
    • Fix: OAuthToken::isExpired() always returned false,
    • Fix: FoursquareResourceOwner, TwitchResourceOwner, SensioConnectResourceOwner not working with bearer header,
    • Fix: Don't use deprecated fields in FacebookResourceOwner,
    • Fix: FOSUBUserProvider::refreshUser() always returning old user
    Source code(tar.gz)
    Source code(zip)
  • 0.3.6(Jun 2, 2014)

    Bugfix release:

    • Fix: InstagramResourceOwner regression while getting user details,
    • Fix: Add smooth migration for session (de)serialization
    Source code(tar.gz)
    Source code(zip)
  • 0.3.5(May 30, 2014)

    Bugfix release:

    • Fix: LinkedinResourceOwner regression while getting user details,
    • Fix: OAuth revoke functionality to be available wider,
    • Fix: Removed undocumented functionality from SinaWeiboResourceOwner,
    • Fix: Always remove default ports from URLs to match OAuth 1.0a, Spec: 9.1.2
    Source code(tar.gz)
    Source code(zip)
  • 0.3.4(May 12, 2014)

    Bugfix release:

    • Fix: Instagram OAuth redirect to one url,
    • Fix: FOSUBUserProvider should also implement UserProviderInterface,
    • Fix: YahooResourceOwner infos_url to use new format,
    • Fix: Send authorization via headers instead of URL parameter,
    • Fix: GithubResourceOwner revoke method,
    • Fix: Add login routing documentation note
    Source code(tar.gz)
    Source code(zip)
  • 0.3.3(Feb 17, 2014)

    Bugfix release:

    • Fix: Incorrect redirect URL when no parameters are set,
    • Fix: Add missing parameter prompt for GoogleResourceOwner,
    • Fix: WordpressResourceOwner user details API call,
    • Fix: PHP Notice when oauth_callback_confirmed was set too false,
    • Fix: PHP Fatal when session returns boolean instead of object,
    • Fix: Add missing query parameters for FacebookResourceOwner
    Source code(tar.gz)
    Source code(zip)
Owner
Hardware Info
Hardware Info
EvaOAuth provides a standard interface for OAuth1.0(a) / OAuth2.0 client authorization, it is easy to integrate with any PHP project by very few lines code.

EvaOAuth EvaOAuth provides a standard interface for OAuth1.0 / OAuth2.0 client authorization, it is easy to integrate with any PHP project by very few

AlloVince 261 Jan 17, 2022
:atom: Social (OAuth1\OAuth2\OpenID\OpenIDConnect) sign with PHP :shipit:

SocialConnect Auth Getting Started :: Documentation :: Demo Open source social sign on PHP. Connect your application(s) with social network(s). Code e

SocialConnect 518 Dec 28, 2022
:atom: Social (OAuth1\OAuth2\OpenID\OpenIDConnect) sign with PHP :shipit:

SocialConnect Auth Getting Started :: Documentation :: Demo Open source social sign on PHP. Connect your application(s) with social network(s). Code e

SocialConnect 458 Apr 1, 2021
Social (OAuth1\OAuth2\OpenID\OpenIDConnect) sign with PHP

Open source social sign on PHP. Connect your application(s) with social network(s).

SocialConnect 517 Dec 11, 2022
PHPoAuthLib provides oAuth support in PHP 7.2+ and is very easy to integrate with any project which requires an oAuth client.

PHPoAuthLib NOTE: I'm looking for someone who could help to maintain this package alongside me, just because I don't have a ton of time to devote to i

David Desberg 1.1k Dec 27, 2022
Discord-oauth2 - At the end of oAuth2, which I have been researching and reading for a long time,

Discord-oauth2 - At the end of oAuth2, which I have been researching and reading for a long time, I finally found the way to connect with discord and get information, that's how I did it. If I'm wrong, feel free to email me so I can correct it.

Uğur Mercan 2 Jan 1, 2022
StartZ oauth2-etsy compatible League of PHP OAuth2

Etsy Provider for OAuth 2.0 Client This package provides Etsy OAuth 2.0 support for the PHP League's OAuth 2.0 Client. Requirements The following vers

StartZ 2 Nov 10, 2022
EAuth extension allows to authenticate users by the OpenID, OAuth 1.0 and OAuth 2.0 providers

EAuth extension allows to authenticate users with accounts on other websites. Supported protocols: OpenID, OAuth 1.0 and OAuth 2.0.

Maxim Zemskov 330 Jun 3, 2022
Laravel wrapper around OAuth 1 & OAuth 2 libraries.

Introduction Laravel Socialite provides an expressive, fluent interface to OAuth authentication with Facebook, Twitter, Google, LinkedIn, GitHub, GitL

The Laravel Framework 5.2k Dec 27, 2022
OAuth 1/2 Provider implementations for chillerlan/php-oauth-core. PHP 7.4+

chillerlan/php-oauth-providers Documentation See the wiki for advanced documentation. Requirements PHP 7.4+ a PSR-18 compatible HTTP client library of

chillerlan 4 Dec 2, 2022
The Salla OAuth Client library is designed to provide client applications with secure delegated access to Salla Merchant stores.

Salla Provider for OAuth 2.0 Client This package provides Salla OAuth 2.0 support for the PHP League's OAuth 2.0 Client. To use this package, it will

Salla 14 Nov 27, 2022
Easy integration with OAuth 2.0 service providers.

OAuth 2.0 Client This package provides a base for integrating with OAuth 2.0 service providers. The OAuth 2.0 login flow, seen commonly around the web

The League of Extraordinary Packages 3.4k Dec 31, 2022
This library extends the 'League OAuth2 Client' library to provide OpenID Connect Discovery support for supporting providers that expose a .well-known configuration endpoint.

OpenID Connect Discovery support for League - OAuth 2.0 Client This library extends the League OAuth2 Client library to provide OpenID Connect Discove

null 3 Jan 8, 2022
Symfony bundle which provides OAuth 2.0 authorization/resource server capabilities

Symfony bundle which provides OAuth 2.0 authorization/resource server capabilities. The authorization and resource server actors are implemented using the thephpleague/oauth2-server library.

Trikoder 253 Dec 21, 2022
PHP 5.3+ oAuth 1/2 Client Library

PHPoAuthLib NOTE: I'm looking for someone who could help to maintain this package alongside me, just because I don't have a ton of time to devote to i

David Desberg 1.1k Dec 27, 2022
OAuth 1 Client

OAuth 1.0 Client OAuth 1 Client is an OAuth RFC 5849 standards-compliant library for authenticating against OAuth 1 servers. It has built in support f

The League of Extraordinary Packages 907 Dec 16, 2022
Buddy Provider for the OAuth 2.0 Client

Buddy Provider for OAuth 2.0 Client This package provides Buddy OAuth 2.0 support for the PHP League's OAuth 2.0 Client. Installation To install, use

Buddy 0 Jan 19, 2021
Laravel Passport is an OAuth2 server and API authentication package that is simple and enjoyable to use

Introduction Laravel Passport is an OAuth2 server and API authentication package that is simple and enjoyable to use. Official Documentation Documenta

The Laravel Framework 3.1k Dec 31, 2022