Develop Reference

Unrecognized option access_token under security.firewalls.main

I've switched recently to Symfony 6.2 and want to use the newly introduces AccessTokenHandler for Bearer Authentication.
So all the cache is cleared after updating and I'm following the guide at https://symfony.com/doc/current/security/access_token.html.
This is part of my security.yaml:
security:
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
access_token:
token_handler: App\Security\AccessTokenHandler
token_extractors: header
lazy: true
provider: app_user_provider
form_login:
login_path: app_login
check_path: app_login
logout:
path: app_logout
But when I make some requests to my page, it says
Unrecognized option "access_token" under "security.firewalls.main".
Available options are "access_denied_handler", "access_denied_url",
"context", "custom_authenticators", "entry_point", "form_login",
"form_login_ldap", "host", "http_basic", "http_basic_ldap",
"json_login", "json_login_ldap", "lazy", "login_link",
"login_throttling", "logout", "methods", "pattern", "provider",
"remember_me", "remote_user", "request_matcher", "required_badges",
"security", "stateless", "switch_user", "user_checker", "x509".
So this looks like the changes to symfony 6.2 are not working. Or am I missing something?

how can i solve below symfony dependency error

The service "hwi_oauth.security.oauth_utils" has a dependency on a non-existent service "hwi_oauth.resource_ownerma
p.main".
This is the error i got after executing the below command. and now this error have been displayed for every single command via prompt
composer require hwi/oauth-bundle php-http/guzzle6-adapter php-http/httplug-bundle

Did you configure the bundle as described in the documentation?
https://github.com/hwi/HWIOAuthBundle/blob/master/Resources/doc/3-configuring_the_security_layer.md#b-configure-the-oauth-firewall
You probably need to add the firewall configuration:
# app/config/security.yml
security:
firewalls:
secured_area:
anonymous: ~
oauth:
resource_owners:
facebook: "/login/check-facebook"
google: "/login/check-google"
my_custom_provider: "/login/check-custom"
my_github: "/login/check-github"
login_path: /login
use_forward: false
failure_path: /login
oauth_user_provider:
service: my.oauth_aware.user_provider.service
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }

The security context contains no authentication token ESI and Symfony2

I'm using ESI (Edge Side Includes) to speed up my page but every time that I want to check if the user is loged in or not I get this error:
AuthenticationCredentialsNotFoundException: The security context contains no authentication token. One possible reason may be that
there is no firewall configured for this URL.
In my config.yml file I have this:
**esi: true<br>
fragments: { path: /_proxy }<br>
trusted_proxies: [127.0.0.1]**
Does someone knows how to solve it? I already tried to set a firewall for the /_proxy urls but I think that this is not the solution.
These are my firewalls:
main:
pattern: ^/
form_login:
check_path: /user/login_check
login_path: /user/login
provider: chain_provider
failure_path: null
logout:
path: /user/logout
target: /
success_handler: logout_success_handler
invalidate_session: true
anonymous: ~
security: true
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
Thanks

InvalidConfigurationException: The child node "key" at path "security.firewalls.main.remember_me" must be configured

I tried to update my vendor bundles in symfony2 using php composer.phar update, but when I did so I received an error after this line:
Updating the "app/config/parameters.yml" file
The error I get is:
[Symfony\Component\Config\Definition\Exception\InvalidConfigurationException]
The child node "key" at path "security.firewalls.main.remember_me" must be configured.
Script Sensio\Bundle\DistributionBundle\Composer\ScriptHandler::clearCache handling the post-update-cmd event terminated with an exception
[RuntimeException]
An error occurred when executing the "'cache:clear --no-warmup'" command.
My security.yml file has the following in its firewall section:
firewalls:
main:
pattern: ^/
provider: fos_userbundle
form_login:
csrf_provider: form.csrf_provider
always_use_default_target_path: false
default_target_path: webplio_site_dashboard_index
#success_handler: webplio_site.login_success_handler
check_path: /login_check
login_path: /login
logout: true
remember_me: true
anonymous: true
remember_me:
key: "%secret%"
lifetime: 31536000 # 365 days in seconds
path: /
domain: ~ # Defaults to the current domain from $_SERVER
where secret is defined in my parameters.yml file
My question then is what else do I need to do in order to configure the child node "key" at path "security.firewalls.main.remember_me"?

You need to change from
remember_me:
key: "%secret%"
to
remember_me:
secret: "%secret%"

Move your remember_me: true to
form_login:
...
remember_me: true
Check the security-reference as to see why.

Change key to secret and it works

redirect_uri_mismatch the second time I run the login

I am using HWIOAuthBundle to create users via oauth.
The first time I connect everything ok, I create the user and does the redirect properly on the set: http://localhost/rememberme/web/app_dev.php/login/check-google
From the second time I connect more with google returns me an error:
Error:redirect_uri_mismatch
The redirect URI in the request: http://localhost/rememberme/web/app_dev.php/oauth/connect/service/google did not match a registered redirect URI
cookie_policy_enforce=false
scope=https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile
response_type=code
access_type=online
redirect_uri=http://localhost/rememberme/web/app_dev.php/oauth/connect/service/google
display=page
client_id= *****
It seems that once you are a registered user changes the link of the redirect.
Why does this happen?
Is it possible to solve?
EDIT
This is my configuration:
Security.yml:
firewalls:
main:
pattern: ^/
oauth:
resource_owners:
facebook: "/login/check-facebook"
google: "/login/check-google"
login_path: /login
failure_path: /login
default_target_path: acme_user_default_index
oauth_user_provider:
service: hwi_oauth.user.provider.fosub_bridge
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
default_target_path: acme_user_default_index
remember_me: true
logout: true
anonymous: true
remember_me:
key: %secret%
lifetime: 31536000 # 365 days in seconds
path: /
domain: ~
always_remember_me: true
config.yml:
hwi_oauth:
connect:
confirmation: true
firewall_name: main
resource_owners:
facebook:
type: facebook
client_id: %oauth.facebook.client_id%
client_secret: %oauth.facebook.client_secret%
scope: "email"
infos_url: "https://graph.facebook.com/me?fields=username,name,email,picture.type(square)"
paths:
email: email
profilepicture: picture.data.url
options:
display: popup
google:
type: google
client_id: %oauth.google.client_id%
client_secret: %oauth.google.client_secret%
scope: "https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile"
paths:
email: email
profilepicture: picture
fosub:
username_iterations: 5
properties:
facebook: facebookId
google: googleId

You should add the redirect_uri
to Redirect URIs in https://console.developers.google.com/project/[your_project_name]/apiui/credential

You can put more than one redirect redirect_uri in your google apps credential.
! DO NOT create a new client id !
just edit the settings of your current client and add a redirect_uri below (in the text area) your first one on a new line.
I had the same problem and this fixed it

You have two distincts urls: a first one, defined under oauth.resource_owners in security.yml which is called when the user is not logged and a second one which is called when the user is already logged.
The logic is done in OAuthUtils->getAuthorizationUrl()
Unfortunately it doesn't seem possible to override the redirect url when you are already logged, so you have to add http://HOST/app[_dev].php/login/service/facebook as a second "Authorized redirect URIs" in your Google Developer Console.