RE: Got Access Token but auth fails.

[Methraen]

When I try to authenticate I get UserBadge with Oauth client_public_id instead of getting user's identifier (email in my case) so auth fails... any ideas (with v4.0.3)

probably related to #10

[michel1011]

I got the same issue. It seems to give the public_id instead of the email of the user. (I'm using the password grant)
And I'm using version 3.1.2 because of Symfony 5.4 LTS.

[drekinov]

Symfony 5.4 and v3 of current package/fork
i have some success which is not fully tested but seems to work.

Override Security/Authenticator/Oauth2Authenticator.php with service container

<service id="fos_oauth_server.security.authenticator.manager" class="\App\Infrastructure\Symfony\Security\Oauth2Authenticator"></service>

then \App\Infrastructure\Symfony\Security\Oauth2Authenticator: copy package Oauth2Authenticator and make following changes:

# public function authenticate
return new SelfValidatingPassport(
                new UserBadge($client->getUserIdentifier(), function () use ($client) {
                    return $client;
                }), [$accessTokenBadge]
            )

public function createAuthenticatedToken(PassportInterface $passport, string $firewallName): TokenInterface
    {
        /** @var AccessTokenBadge $accessTokenBadge */
        $accessTokenBadge = $passport->getBadge(AccessTokenBadge::class);
        $token = new OAuthToken($accessTokenBadge->getRoles());
        $token->setToken($accessTokenBadge->getAccessToken()->getToken());
        $token->setAuthenticated(true);
        $user = $accessTokenBadge->getAccessToken()->getUser();
        if ($user === null) {
            $user = new ClientCredentialsDummyUser();
        }
        $token->setUser($user);

        return $token;
    }

ClientCredentialsDummyUser is empty class implementing Symfony\Component\Security\Core\User\UserInterface

i should mention that solution is partly inspired by thephpleague/oauth2-server-bundle and solution for Symfony 5.4 compatibility with FOSOAuthServerBundle

[BladeMF]

It's better for the createAuthenticatedToken to be like this:

	public function createAuthenticatedToken(PassportInterface $passport, string $firewallName): TokenInterface
	{
		/** @var AccessTokenBadge $accessTokenBadge */
		$accessTokenBadge = $passport->getBadge(AccessTokenBadge::class);
		$token = new OAuthToken($accessTokenBadge->getRoles());
		$token->setToken($accessTokenBadge->getAccessToken()->getToken());
		if (!empty($user = $accessTokenBadge->getAccessToken()->getUser())) {
			$token->setUser($user);
		}

		return $token;
	}

The user in the token should be the authenticated user and not the OAuthClient.

[budby]

@Methraen Hi! We also faced this problem. But we don't understand why getUserIdentifier() is taken from the client and not from the user... don't want to do another fork to fix this.

[drekinov]

as addition with Symfony 6.x
createAuthenticatedToken should be renamed as createToken
it seems working but token is not OauthToken but default PostAuthenticatedToken and as side effect you loose access to token string and etc after authenication