IBX-5705: OAuth server

code_samples/user_management/oauth_google/config/custom_services.yaml

@@ -1,4 +1,6 @@
 services:
+    #…
+
     App\OAuth\GoogleResourceOwnerMapper:
         tags:
             - { name: ibexa.oauth2_client.resource_owner_mapper, identifier: google }

code_samples/user_management/oauth_google/config/packages/knpu_oauth2_client.yaml

@@ -1,11 +1,10 @@
 knpu_oauth2_client:
     clients:
-        # Configure your clients as described here: https://github.com/knpuniversity/oauth2-client-bundle#configuration
+        # configure your clients as described here: https://github.com/knpuniversity/oauth2-client-bundle#configuration
         google:
             type: google
             client_id: '%env(OAUTH_GOOGLE_CLIENT_ID)%'
             client_secret: '%env(OAUTH_GOOGLE_CLIENT_SECRET)%'
-            # Redirect route:
             redirect_route: ibexa.oauth2.check
             redirect_params:
                 identifier: google

code_samples/user_management/oauth_google/config/packages/security.yaml

@@ -1,46 +1,39 @@
-# To get started with security, check out the documentation:
-# https://symfony.com/doc/current/security.html
 security:
-    # https://symfony.com/doc/current/security.html#b-configuring-how-users-are-loaded
-    providers:
-        ibexa:
-            id: ibexa.security.user_provider
-    #!        in_memory:
-    #!            memory: ~
+    #…
 
     firewalls:
-        # disables authentication for assets and the profiler, adapt it according to your needs
-        dev:
-            pattern: ^/(_(profiler|wdt)|css|images|js)/
-            security: false
+        #…
 
-        ibexa_forgot_password:
-            pattern: /user/(forgot-password|reset-password)
-            security: false
+        # Uncomment ibexa_oauth2_connect, ibexa_oauth2_front rules and comment ibexa_front firewall
+        # to enable OAuth2 authentication
 
-        oauth2_connect:
+        ibexa_oauth2_connect:
             pattern: /oauth2/connect/*
             security: false
 
-        ibexa_front:
+        ibexa_oauth2_front:
             pattern: ^/
             user_checker: Ibexa\Core\MVC\Symfony\Security\UserChecker
             anonymous: ~
             ibexa_rest_session: ~
             guard:
                 authenticators:
-                    - 'Ibexa\Bundle\OAuth2Client\Security\Authenticator\OAuth2Authenticator'
+                    - Ibexa\Bundle\OAuth2Client\Security\Authenticator\OAuth2Authenticator
+                    - Ibexa\PageBuilder\Security\EditorialMode\TokenAuthenticator
+                entry_point: Ibexa\Bundle\OAuth2Client\Security\Authenticator\OAuth2Authenticator
             form_login:
                 require_previous_session: false
                 csrf_token_generator: security.csrf.token_manager
             logout: ~
 
-        main:
-            anonymous: ~
-            # activate different ways to authenticate
-
-            # https://symfony.com/doc/current/security.html#a-configuring-how-your-users-will-authenticate
-            #http_basic: ~
-
-            # https://symfony.com/doc/current/security/form_login_setup.html
-            #form_login: ~
+        #ibexa_front:
+        #    pattern: ^/
+        #    user_checker: Ibexa\Core\MVC\Symfony\Security\UserChecker
+        #    anonymous: ~
+        #    ibexa_rest_session: ~
+        #    form_login:
+        #        require_previous_session: false
+        #        csrf_token_generator: security.csrf.token_manager
+        #    guard:
+        #        authenticator: 'Ibexa\PageBuilder\Security\EditorialMode\TokenAuthenticator'
+        #    logout: ~

docs/templating/twig_function_reference/url_twig_functions.md

@@ -69,7 +69,7 @@ For more information about the use of `ibexa.url.alias` as a parameter of the [S
 
 ### `ibexa_oauth2_connect_path()`
 
-`ibexa_oauth2_connect_path()` generates a relative path for the given [OAuth2 route](oauth_authentication.md).
+`ibexa_oauth2_connect_path()` generates a relative path for the given [OAuth2 client](oauth_client.md).
 
 |Argument|Type|Description|
 |------|------|------|
@@ -79,7 +79,7 @@ For more information about the use of `ibexa.url.alias` as a parameter of the [S
 
 ### `ibexa_oauth2_connect_url()`
 
-`ibexa_oauth2_connect_url()` generates an absolute URL for the given [OAuth2 route](oauth_authentication.md).
+`ibexa_oauth2_connect_url()` generates an absolute URL for the given [OAuth2 client](oauth_client.md).
 
 |Argument|Type|Description|
 |------|------|------|

docs/users/diagram_source/oauth2-client.drawio

@@ -0,0 +1,64 @@
+<mxfile host="Electron" modified="2024-03-05T08:22:51.705Z" agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) draw.io/23.1.5 Chrome/120.0.6099.109 Electron/28.1.0 Safari/537.36" etag="GS28jJ9jpQwuaofspZy1" version="23.1.5" type="device">
+  <diagram name="Page-1" id="HCu4IDgJjuJ1dES_PF9C">
+    <mxGraphModel dx="1604" dy="796" grid="1" gridSize="10" guides="1" tooltips="1" connect="1" arrows="1" fold="1" page="1" pageScale="1" pageWidth="1169" pageHeight="827" math="0" shadow="0">
+      <root>
+        <mxCell id="0" />
+        <mxCell id="1" parent="0" />
+        <mxCell id="LfG-qxr215mkKre9bOdj-2" value="&lt;font color=&quot;#222222&quot;&gt;IBEXA DXP&lt;br&gt;&lt;font style=&quot;font-size: 14px;&quot;&gt;OA&lt;/font&gt;UTH 2 CLIENT&lt;/font&gt;" style="rounded=1;whiteSpace=wrap;horizontal=1;verticalAlign=top;shadow=1;fillColor=#FFF2CC;strokeWidth=3;strokeColor=#D8B95D;html=1;" parent="1" vertex="1">
+          <mxGeometry x="-1000" y="50" width="120" height="180" as="geometry" />
+        </mxCell>
+        <mxCell id="LfG-qxr215mkKre9bOdj-3" value="&lt;font color=&quot;#222222&quot;&gt;RESOURCE SERVER&lt;/font&gt;" style="shape=cylinder3;whiteSpace=wrap;html=1;boundedLbl=1;backgroundOutline=1;size=15;fillColor=#ffe5c9;strokeColor=#E8D0B7;strokeWidth=3;" parent="1" vertex="1">
+          <mxGeometry x="-980" y="150" width="80" height="70" as="geometry" />
+        </mxCell>
+        <mxCell id="LfG-qxr215mkKre9bOdj-4" value="&lt;font color=&quot;#222222&quot;&gt;USERS&lt;br&gt;(RESOURCE OWNERS)&lt;/font&gt;" style="shape=cylinder3;whiteSpace=wrap;html=1;boundedLbl=1;backgroundOutline=1;size=15;fillColor=#ffe5c9;strokeColor=#E8D0B7;strokeWidth=3;" parent="1" vertex="1">
+          <mxGeometry x="-980" y="90" width="80" height="80" as="geometry" />
+        </mxCell>
+        <mxCell id="LfG-qxr215mkKre9bOdj-5" value="&lt;font color=&quot;#222222&quot;&gt;3&lt;sup&gt;RD&lt;/sup&gt; PARTY&lt;br&gt;&lt;font style=&quot;font-size: 14px;&quot;&gt;OA&lt;/font&gt;UTH 2 SERVER&lt;/font&gt;" style="rounded=1;whiteSpace=wrap;html=1;shadow=1;fillColor=#EAFFE9;strokeWidth=3;strokeColor=#DDE9A7;" parent="1" vertex="1">
+          <mxGeometry x="-660" y="110" width="80" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="LfG-qxr215mkKre9bOdj-7" value="&lt;font color=&quot;#222222&quot;&gt;REQUEST USER AUTHENTICATION&lt;/font&gt;" style="text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;rotation=10;" parent="1" vertex="1">
+          <mxGeometry x="-786" y="68" width="60" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="LfG-qxr215mkKre9bOdj-8" value="&lt;p style=&quot;line-height: 200%;&quot;&gt;&lt;font color=&quot;#222222&quot;&gt;LOAD AN INTERNAL USER&lt;br&gt;ACCESS RESOURCE&lt;/font&gt;&lt;/p&gt;" style="text;html=1;align=right;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="1" vertex="1">
+          <mxGeometry x="-1160" y="146" width="157" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="LfG-qxr215mkKre9bOdj-9" value="" style="endArrow=classic;html=1;rounded=0;exitX=1.017;exitY=0.211;exitDx=0;exitDy=0;exitPerimeter=0;entryX=0;entryY=0.25;entryDx=0;entryDy=0;curved=1;strokeColor=#E4D4E8;strokeWidth=6;" parent="1" source="LfG-qxr215mkKre9bOdj-2" target="LfG-qxr215mkKre9bOdj-5" edge="1">
+          <mxGeometry width="50" height="50" relative="1" as="geometry">
+            <mxPoint x="-560" y="290" as="sourcePoint" />
+            <mxPoint x="-510" y="240" as="targetPoint" />
+            <Array as="points">
+              <mxPoint x="-770" y="88" />
+            </Array>
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="LfG-qxr215mkKre9bOdj-10" value="" style="endArrow=classic;html=1;rounded=0;exitX=0;exitY=0.5;exitDx=0;exitDy=0;entryX=1;entryY=0;entryDx=0;entryDy=52.5;entryPerimeter=0;curved=1;strokeColor=#E4D4E8;strokeWidth=6;" parent="1" source="LfG-qxr215mkKre9bOdj-5" target="LfG-qxr215mkKre9bOdj-4" edge="1">
+          <mxGeometry width="50" height="50" relative="1" as="geometry">
+            <mxPoint x="-560" y="290" as="sourcePoint" />
+            <mxPoint x="-510" y="240" as="targetPoint" />
+            <Array as="points">
+              <mxPoint x="-780" y="160" />
+            </Array>
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="LfG-qxr215mkKre9bOdj-11" value="" style="endArrow=classic;html=1;rounded=0;exitX=0;exitY=0;exitDx=0;exitDy=52.5;exitPerimeter=0;entryX=0;entryY=0.5;entryDx=0;entryDy=0;entryPerimeter=0;curved=1;strokeColor=#E4D4E8;strokeWidth=6;" parent="1" source="LfG-qxr215mkKre9bOdj-4" target="LfG-qxr215mkKre9bOdj-3" edge="1">
+          <mxGeometry width="50" height="50" relative="1" as="geometry">
+            <mxPoint x="-560" y="290" as="sourcePoint" />
+            <mxPoint x="-510" y="240" as="targetPoint" />
+            <Array as="points">
+              <mxPoint x="-1000" y="160" />
+            </Array>
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="LfG-qxr215mkKre9bOdj-12" value="" style="html=1;verticalLabelPosition=bottom;align=center;labelBackgroundColor=#ffffff;verticalAlign=top;strokeWidth=2;strokeColor=#9D73AA;shadow=0;dashed=0;shape=mxgraph.ios7.icons.location;fillColor=#E4D4E8;" parent="1" vertex="1">
+          <mxGeometry x="-952" y="20" width="24" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="LfG-qxr215mkKre9bOdj-13" value="&lt;font color=&quot;#222222&quot;&gt;RESOURCE OWNER&lt;/font&gt;" style="text;html=1;align=right;verticalAlign=middle;whiteSpace=wrap;rounded=0;fontStyle=1" parent="1" vertex="1">
+          <mxGeometry x="-1050" y="20" width="97" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="LfG-qxr215mkKre9bOdj-6" value="&lt;font color=&quot;#222222&quot;&gt;AUTHENTICATE USER&lt;/font&gt;" style="text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="1" vertex="1">
+          <mxGeometry x="-849" y="145" width="137" height="30" as="geometry" />
+        </mxCell>
+      </root>
+    </mxGraphModel>
+  </diagram>
+</mxfile>