-
Notifications
You must be signed in to change notification settings - Fork 19
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RE: Got Access Token but auth fails. #11
Comments
I got the same issue. It seems to give the public_id instead of the email of the user. (I'm using the password grant) |
Symfony 5.4 and v3 of current package/fork Override Security/Authenticator/Oauth2Authenticator.php with service container <service id="fos_oauth_server.security.authenticator.manager" class="\App\Infrastructure\Symfony\Security\Oauth2Authenticator"></service> then \App\Infrastructure\Symfony\Security\Oauth2Authenticator: copy package Oauth2Authenticator and make following changes: # public function authenticate
return new SelfValidatingPassport(
new UserBadge($client->getUserIdentifier(), function () use ($client) {
return $client;
}), [$accessTokenBadge]
)
public function createAuthenticatedToken(PassportInterface $passport, string $firewallName): TokenInterface
{
/** @var AccessTokenBadge $accessTokenBadge */
$accessTokenBadge = $passport->getBadge(AccessTokenBadge::class);
$token = new OAuthToken($accessTokenBadge->getRoles());
$token->setToken($accessTokenBadge->getAccessToken()->getToken());
$token->setAuthenticated(true);
$user = $accessTokenBadge->getAccessToken()->getUser();
if ($user === null) {
$user = new ClientCredentialsDummyUser();
}
$token->setUser($user);
return $token;
} ClientCredentialsDummyUser is empty class implementing Symfony\Component\Security\Core\User\UserInterface i should mention that solution is partly inspired by thephpleague/oauth2-server-bundle and solution for Symfony 5.4 compatibility with FOSOAuthServerBundle |
It's better for the public function createAuthenticatedToken(PassportInterface $passport, string $firewallName): TokenInterface
{
/** @var AccessTokenBadge $accessTokenBadge */
$accessTokenBadge = $passport->getBadge(AccessTokenBadge::class);
$token = new OAuthToken($accessTokenBadge->getRoles());
$token->setToken($accessTokenBadge->getAccessToken()->getToken());
if (!empty($user = $accessTokenBadge->getAccessToken()->getUser())) {
$token->setUser($user);
}
return $token;
} The user in the token should be the authenticated user and not the OAuthClient. |
@Methraen Hi! We also faced this problem. But we don't understand why getUserIdentifier() is taken from the client and not from the user... don't want to do another fork to fix this. |
as addition with Symfony 6.x |
When I try to authenticate I get UserBadge with Oauth client_public_id instead of getting user's identifier (email in my case) so auth fails... any ideas (with v4.0.3)
probably related to #10
The text was updated successfully, but these errors were encountered: