follow the guide here https://github.com/hwi/HWIOAuthBundle
hwi_oauth:
resource_owners:
github:
type: github
client_id: %client_github_id%
client_secret: %client_github_secret%
scope: "user:email"
options:
csrf: true
google:
type: google
client_id: %client_google_id%
client_secret: %client_google_secret%
scope: "https://www.googleapis.com/auth/userinfo.profile"
user_response_class: \Our\Custom\Response\Class
paths:
email: email
profilepicture: picture
options:
access_type: offline
facebook:
type: facebook
client_id: %client_facebook_id%
client_secret: %client_facebook_secret%
scope: ""
twitter:
type: twitter
client_id: %client_twitter_id%
client_secret: %client_twitter_secret%
scope: ""
firewall_name: main
fosub:
# try 30 times to check if a username is available (foo, foo1, foo2 etc)
username_iterations: 30
# mapping between resource owners (see below) and properties
properties:
github: githubId
google: gplusUid
facebook: facebookUid
twitter: twitterUid
# if you want to use 'connect' and do not use the FOSUB integration, configure these separately
connect: ~
# confirmation: true # should show confirmation page or not
# registration_form_handler: my_registration_form_handler
# registration_form: my_registration_form
# account_connector: my_link_provider # can be the same as your user provider
# optional HTTP Client configuration
http_client:
timeout: 5
verify_peer: false
ignore_errors: true
max_redirects: 5
# allows to switch templating engine for bundle views
#templating_engine: "php"#security.yml
security:
acl:
connection: default
providers:
fos_userbundle:
id: fos_user.user_manager
encoders:
FOS\UserBundle\Model\UserInterface: sha512
firewalls:
# Disabling the security for the web debug toolbar, the profiler and Assetic.
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
# -> custom firewall for the admin area of the URL
admin:
pattern: /admin(.*)
context: user
form_login:
provider: fos_userbundle
login_path: /admin/login
use_forward: false
check_path: /admin/login_check
failure_path: null
logout:
path: /admin/logout
anonymous: true
# -> end custom configuration
# default login area for standard users
# This firewall is used to handle the public login area
# This part is handled by the FOS User Bundle
old-main:
pattern: .*
context: user
form_login:
provider: fos_userbundle
login_path: /login
use_forward: false
check_path: /login_check
failure_path: null
logout: true
anonymous: true
main:
pattern: ^/
form_login:
provider: fos_userbundle
login_path: /login/
use_forward: false
check_path: /login_check
failure_path: null
anonymous: true
logout: true
oauth:
resource_owners:
github: "/login/check-github"
google: "/login/check-google"
facebook: "/login/check-facebook"
twitter: "/login/check-twitter"
login_path: /login
failure_path: /login
# FOSUB integration
oauth_user_provider:
service: hwi_oauth.user.provider.fosub_bridge
access_control:
# Admin login page needs to be access without credential
- { path: ^/admin/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/logout$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/login_check$, role: IS_AUTHENTICATED_ANONYMOUSLY }
# The WDT has to be allowed to anonymous users to avoid requiring the login with the AJAX request
- { path: ^/wdt/, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/profiler/, role: IS_AUTHENTICATED_ANONYMOUSLY }
# AsseticBundle paths used when using the controller for assets
- { path: ^/js/, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/css/, role: IS_AUTHENTICATED_ANONYMOUSLY }
# URL of FOSUserBundle which need to be available to anonymous users
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/login_check$, role: IS_AUTHENTICATED_ANONYMOUSLY } # for the case of a failed login
- { path: ^/user/new$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/user/check-confirmation-email$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/user/confirm/, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/user/confirmed$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/user/request-reset-password$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/user/send-resetting-email$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/user/check-resetting-email$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/user/reset-password/, role: IS_AUTHENTICATED_ANONYMOUSLY }
# Secured part of the site
# This config requires being logged for the whole site and having the admin role for the admin part.
# Change these rules to adapt them to your needs
- { path: ^/admin/, role: ROLE_ADMIN }
- { path: ^/.*, role: IS_AUTHENTICATED_ANONYMOUSLY }
#routing.yml
app:
resource: @AppBundle/Controller/
type: annotation
acme_default:
resource: "@AcmeBundle/Resources/config/routing.yml"
hwi_oauth_connect:
resource: "@HWIOAuthBundle/Resources/config/routing/connect.xml"
prefix: /login
hwi_oauth_redirect:
resource: "@HWIOAuthBundle/Resources/config/routing/redirect.xml"
prefix: /connect
hwi_oauth_login:
resource: "@HWIOAuthBundle/Resources/config/routing/login.xml"
prefix: /login