Integrating with Symfony 4 and FOSUserBundle #183
Comments
Would you please post your security.yaml configuration for further debugging?
The controller (which is part of the bundle) and is configured behind the
The bundle does that automatically. You have added the Google Authenticator
I'd guess you're not in the two-factor authentication stage at that point. The bundle would redirect you to that route, when it needs to ask for an authentication code. |
Hey Scheb, thank you for such fast reply. I am going to share with you my whole project as I think it will be hard to troubleshoot with a single file. Here is my git repository: https://github.com/AmbushIV/arb2 As far as I understand since I am building a simple API only backend I need to check after a succesful login if the google authenticator is enabled via isGoogleAuthenticatorEnabled and then use getGoogleAuthenticatorSecret to get "a secret value" (i guess this is the code the user has to enter via google authenticator") that I have to send to my frontend. As I don't know how 2fa works in the backend I wonder how does the backend know which is the correct code the user entered (since these change frequently). Thank you for your time! |
Hey @scheb I'm also trying to setup this bundle to work with fos-user-bundle and google authenticator but I'm getting errors. I've followed the default setup and I can confirm fos-user-bundle is creating an instance of core Here's what's in my security yaml:
|
Never mind I figured it out, I needed to configure my routes to be |
@scheb I have one small issue, everything is working fine except the |
@wh1pp3rz We had a similar issue in #168. Is your cancel link pointing to Compare: https://github.com/scheb/two-factor-app/blob/master/config/packages/security.yaml |
@scheb I did all that but still I have the issue. Here's my logout route as defined in
Here's my firewall config:
and Here's my access control:
|
@wh1pp3rz Well, no idea. Looks good to me. You'd need to debug why the logout process isn't triggered, when calling that path. |
@AmbushIV Can't see anything in that application. It's all commented-out config, no idea what you're actually testing with. And since you're saying it's an "API only backend": I'm not sure if this will play well together with the bundle. There are some mechanics, which rely on redirecting the user to a form, and to my understanding this redirect would happen within a backend API call. So instead of returning a HTML form, you'd probably need to return an API response (JSON?), which tells the frontend to show the 2fa form. |
@scheb Thank you for your reply. Indeed I need to return an API response after login to trigger the 2fa check and then to confirm the corect code with the backend. You think it's possible to do this with your bundle? |
@scheb the logout is called but for some reason, the logout is redirecting back to |
@wh1pp3rz is the route really |
@AmbushIV Best solution for you would be to implement & configure custom authentication handlers, which return an API response instead of the default behavior. See https://github.com/scheb/two-factor-bundle/blob/master/Resources/doc/configuration.md success_handler: acme.custom_success_handler # Use a custom success handler instead of the default one
failure_handler: acme.custom_failure_handler # Use a custom failure handler instead of the default one
# Use a custom authentication required handler instead of the default one
# This can be used to modify the default behavior of the bundle, which is always redirecting to the
# two-factor authentication form, when two-factor authentication is required.
authentication_required_handler: acme.custom_auth_reqired_handler Interfaces to be implemented would be:
|
@scheb the route |
@wh1pp3rz Well, in that case I'm out of ideas. |
Hey there Scheb, after a few days I decided I should make an issue here to ask for some clarifications. I consider the steps for the integration of your package to not be so clear when it comes to Symfony 4.
What I have done so far:
Now... I have already updated my user registration process in order for them to have a secret key generated and I also generated the QR codes in the backend (even though I am going to use React as a frontend engine).
What I am missing is this:
When I go to localhost:8000/2fa I get the following error: "A Token was not found in the TokenStorage".
I am kind of a newbie to Symfony and backend overall and I am either missing steps or the documentation is not very beginner friendly. I intend to make a tutorial for beginners once I get it up and running with React (since there are no tutorials regarding this).
Thank you for your time (I would also love to talk with you in private chat if you want to).
The text was updated successfully, but these errors were encountered: