I'm learning how to develop with Symfony2 and I would like to create a RESTful Oauth server (No a Oauth client for Facebook,twitter etc...).
I saw FOSOAuthServerBundle but it doesn't look like a Oauth provider...
Could you recommend me a good bundle for that?
The best oAuth server provider I used id for symfony2 is FOSOAuthServerBundle.
It will provide all Oauth functionality for you.
The configuration is little bit tricky,
This blog will help you to configure the oAuth Server by using FOSOAuthServerBundle .
Related
I work on API Platform as simple API and it's pretty easy to use !
Because I have other applications which use Keycloak as OpenID provider I need to integrate a Oauth2 provider or a Keycloak Provider ....
I see in configuration in docs there is a key "oauth" and we can specify clientId, secret and other values but I don't know where this conf is use. There isn't a 403 but still 200 with "enabled: true" on requests...
May be I could use this provider
https://github.com/stevenmaguire/oauth2-keycloak for Symfony but I don't understand where I can add it in API Platform.
I'm only a beginner on apiPlatform and in Symfony Too.
If Someone could help me... It would be awazing !
Thank You (modifié)
I am new to Identitysever3 but I have worked with OAuth and OpenId.
I need to create a MVC client that will interact with QBO (Quickbooks Online). QBO uses OAuth by it's own.To start with I followed the github sample project from QBO community to use QBO REST API. This MVC app has OAuth stuff in MVC controller.
Now I need to create actual MVC project that will interact with QBO. I am after best practices to authorize my project. Here my authorize server would be QBO. So is my app is the right candidate to use Identityserver3?
My understanding is that I need to add Identityserver 3 project in my solution and use authorize server URI, client Id and client secret provided by QBO.
I assume Identityserver 3 is a framework that is the best way to use OAuth and OpenID connect as a separate project so it can be reused in other solutions. AND it's not an Authorization server, am I correct?
waiting for help please.
I assume Identityserver 3 is a framework that is the best way to use OAuth and OpenID connect as a separate project so it can be reused in other solutions. AND it's not an Authorization server.
This statement is not correct. In fact IdentityServer3 implements OAuth2 and OpenIdConnect and is an authorization server. If you have QBO as authorization server, you don't need to use identityserver3.
what you need is a client for OAuth2 and OpenIdConnect. You can use IdentityModel which is implemented by the same team that implements IdentityServer3.
In HWioauth Bundle we must provide infos_url but drupal doesn't seems to have such api url, and all said oauth2 require ssl. Is it neccessarily required that my app doesn't seem to get authorization_code from the oauth server(drupal site as a oauth server)
Yes, it's necessary for production environment. Because OAuth 2.0 use the client_id, secret_id and passwords in request URL as query variables.
But if you are using it development mode in your computer it will work. Https not a requirement for OAuth logic, it's about only security.
We are using symfony2 as our framework to built the application which has different firewalls like admin, client and customer.
Now I want to built SSO using SAML(CAS) or OPENID in symfony2. Which will communicate with my application and provide the authentication and with other applications also through web service.
Please suggest some bundles which are already built for SSO and which is better SAML or OPENID.
Thank you in Advance.
Disclaimer: I'm the Chairman of CAS and founder of CAS in the cloud (https://www.casinthecloud.com).
I'm not sure if you want to use CAS, SAML or OpenID protocols, but here is an example of a CAS client for Symfony: https://wiki.jasig.org/display/CASC/Symfony+CAS+Client. It might help.
I am using Spring MVC project in the server to provide APIs to access data from both mobile-app and web-app.
Done research on security with Oauth 2.0 and thought Authorization code flow is suitable for both app's mentioned above, but little confusion on that. Can anyone tell which flow is best suitable for this type of scenario?
info:I need to implement Oauth 2.0 in server-side(Spring MVC project deployed in AWS).
If you are implementing your own authorization server and you already handle your consumerDB, I don't think you need an authorization code grant type of oAuth2. You can use Client Credential or ROPC. Authorization code is used when the log in is handled by a 3rd party (auth server).
There are 4 grant types in oAuth2 which is meant for different scenarios.. Refer : Securing an existing API with our own solution