-
-
Save ajgarlag/1f84d29ee0e1a92c8878f44a902338cd to your computer and use it in GitHub Desktop.
| <?php | |
| //src/Controller/DecisionController.php | |
| namespace App\Controller; | |
| use App\EventSubscriber\SignedAuthorizationRequestSubscriber; | |
| use League\Bundle\OAuth2ServerBundle\Manager\ClientManagerInterface; | |
| use League\Bundle\OAuth2ServerBundle\Manager\Doctrine\ClientManager; | |
| use Symfony\Bundle\FrameworkBundle\Controller\AbstractController; | |
| use Symfony\Component\HttpFoundation\Request; | |
| use Symfony\Component\HttpFoundation\Response; | |
| use Symfony\Component\HttpFoundation\UriSigner; | |
| use Symfony\Component\HttpKernel\Attribute\MapQueryParameter; | |
| use Symfony\Component\HttpKernel\Exception\BadRequestHttpException; | |
| use Symfony\Component\Routing\Attribute\Route; | |
| use Symfony\Component\Security\Http\Attribute\IsGranted; | |
| class DecisionController extends AbstractController | |
| { | |
| public function __construct( | |
| private readonly UriSigner $uriSigner, | |
| private readonly ClientManagerInterface $clientManager, | |
| private readonly string $authorizationRoute, | |
| ) { | |
| } | |
| #[Route('/oauth2/authorize/decision', name: 'oauth2_authorize_decision')] | |
| #[IsGranted('ROLE_USER')] | |
| public function __invoke(Request $request) | |
| { | |
| Request $request, | |
| #[MapQueryParameter('client_id')] string $clientId, | |
| #[MapQueryParameter('redirect_uri')] string $redirectUri, | |
| #[MapQueryParameter('scope')] string $scope = '', | |
| ): Response { | |
| $client = $this->clientManager->find($clientId); | |
| if (null === $client) { | |
| throw new BadRequestHttpException(); | |
| } | |
| $scopes = '' === $scope ? array_map(strval(...), $client->getScopes()) : explode(' ', $scope); | |
| return $this->render('oauth2/authorize_decision.html.twig', [ | |
| 'client' => $client, | |
| 'redirect_uri' => $redirectUri, | |
| 'scopes' => $scopes, | |
| 'allow_uri' => $this->buildDecidedUri($request, true), | |
| 'deny_uri' => $this->buildDecidedUri($request, false), | |
| ]); | |
| } | |
| private function buildDecidedUri(Request $request, bool $allowed) | |
| { | |
| $currentQuery = $request->query->all(); | |
| $decidedQuery = array_merge($currentQuery, [SignedAuthorizationRequestSubscriber::ATTRIBUTE_DECISION => $this->buildDecisionValue($allowed)]); | |
| $decidedUri = $this->generateUrl($this->authorizationRoute, $decidedQuery); | |
| return $this->uriSigner->sign($decidedUri); | |
| } | |
| private function buildDecisionValue(bool $allowed): string | |
| { | |
| return $allowed ? SignedAuthorizationRequestSubscriber::ATTRIBUTE_DECISION_ALLOW : ''; | |
| } | |
| } |
You have two options:
- Manually wire the
$uriSignerargument touri_signerservice (https://symfony.com/doc/current/service_container.html#services-manually-wire-args). - Define an alias called
Symfony\Component\HttpKernel\UriSignerfor theuri_signerservice
Ok, that worked.
this is what I added to services.yaml
App\Application\Service\OAuth2\SignedAuthorizationRequestSubscriber:
arguments:
$uriSigner: 'bla'
$decisionRoute: 'http://127.0.0.1:8000'
tags:
- { name: kernel.event_listener, event: trikoder.oauth2.authorization_request_resolve, method: processSignedAuthorizationRequest }However when I hit /authorize method processSignedAuthorizationRequest never gets called.
If you could provide the working example it would be awesome.
Tks again
Sorry, that $uriSigner: 'bla' is not working =/
"Argument 1 passed to App\\Application\\Service\\OAuth2\\SignedAuthorizationRequestSubscriber::__construct() must be an instance of Symfony\\Component\\HttpKernel\\UriSigner, string given, called in //var/cache/dev/ContainerHKNUUVZ/getSignedAuthorizationRequestSubscriberService.php on line 11"
}
Hi, Why you have duplicate keys in array 151, 152 lines on SignedAuthorizationRequestSubscriber?
@zhukovsergei It's a bug, it should be:
return [
OAuth2Events::AUTHORIZATION_REQUEST_RESOLVE => [
['processSignedAuthorizationRequest', 100],
['redirectToDecisionRoute', 50],
],
];
@ajgarlag, https://gist.github.com/ajgarlag/1f84d29ee0e1a92c8878f44a902338cd#file-signedauthorizationrequestsubscriber-php-L141
Argument must implement interface Psr\Http\Message\ResponseInterface, instead of Symfony\Component\HttpFoundation\RedirectResponse
Symfony: 5.1.18
The question is closed.
$this->container->get('security.token_storage')->getToken()->getUser()
@fishmandev how did you fix it?
@ajgarlag do you have any idea?
I guess it's about PSR standart for Symfony5. $event only accept PSR ResponseInterface but not HTTPFoundation based RedirectResponse.
to solve error
Argument must implement interface Psr\Http\Message\ResponseInterface, instead of Symfony\Component\HttpFoundation\RedirectResponse
do
composer require nyholm/psr7
add this on the top
//src/EventListener/SignedAuthorizationRequestSubscriber.ph
use Nyholm\Psr7\Response;change this line
https://gist.github.com/ajgarlag/1f84d29ee0e1a92c8878f44a902338cd#file-signedauthorizationrequestsubscriber-php-L141
$event->setResponse(
new RedirectResponse(
$this->urlGenerator->generate($this->decisionRoute, $params)
)
);to
$url = $this->urlGenerator->generate($this->decisionRoute, $params);
$headers = ["Location"=>$url];
$response = new Response(301,$headers);
$event->setResponse($response);hope this help, even a bit late @mssoylu
hey @ajgarlag , what did you put in your services.yaml to make this work?
I am receiving the following error, any color on what may be causing it?