PHPackages                             wakeonweb/kong-oauth2-server-bundle - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. wakeonweb/kong-oauth2-server-bundle

ActiveSymfony-bundle[Authentication &amp; Authorization](/categories/authentication)

wakeonweb/kong-oauth2-server-bundle
===================================

Kong OAuth2 Server Bundle

v1.0.0(7y ago)050MITPHP

Since Nov 7Pushed 7y ago1 watchersCompare

[ Source](https://github.com/WakeOnWeb/kong-oauth2-server-bundle)[ Packagist](https://packagist.org/packages/wakeonweb/kong-oauth2-server-bundle)[ RSS](/packages/wakeonweb-kong-oauth2-server-bundle/feed)WikiDiscussions master Synced 2mo ago

READMEChangelog (1)Dependencies (1)Versions (2)Used By (0)

WakeOnWebKongOAuth2ServerBundle
===============================

[](#wakeonwebkongoauth2serverbundle)

**Note:** The bundle handle the technical communication with Kong and provide an authorization page. The other security stuffs should be managed by the application (form login, reset password, etc.).

Configuration
-------------

[](#configuration)

*/.env*

```
KONG_ADMIN_URL=http://localhost:8001
KONG_API_URL=https://localhost:8443
KONG_PROVISION_KEY=34cbcb435c02b87c9cd9d68ac6c86e2c

```

*/config/packages/wakeonweb\_kong\_oauth2\_server.yaml*

```
wakeonweb_kong_oauth2_server:
    kong:
        admin_url: '%env(KONG_ADMIN_URL)%'
        api_url: '%env(KONG_API_URL)%'
        provision_key: '%env(KONG_PROVISION_KEY)%'
    cancel_path: /logout

```

*/config/routes/wakeonweb\_kong\_oauth2\_server.yaml*

```
wakeonweb_kong_oauth2_server.authenticate:
    path: /authenticate
    controller: WakeOnWeb\Bundle\KongOAuth2ServerBundle\Controller\AuthenticateController

wakeonweb_kong_oauth2_server.login:
    path: /api/login
    controller: WakeOnWeb\Bundle\KongOAuth2ServerBundle\Controller\LoginController

```

*/config/packages/security.yaml*

```
security:
    # ...

    firewalls:
        anonymous: true
        api:
            pattern: ^/api/login$
            anonymous: ~
            json_login:
                check_path: /api/login
        main:
            form_login:
                login_path: /login
                check_path: /login

    access_control:
        - { path: /api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: /login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: /, roles: IS_AUTHENTICATED_FULLY }

```

OAuth2
------

[](#oauth2)

The OAuth2 specification describe 4 grant types:

- Authorization Code Grant
- Implicit Grant
- Resource Owner Password Credentials Grant
- Client Credentials Grant

3 of them are supported out of the box. The "Client Credentials Grant" is way to specific at the moment and will be implemented later.

### Authorization Code Grant

[](#authorization-code-grant)

The "Authorization Code Grant" workflow is handled by the `WakeOnWeb\Bundle\KongOAuth2ServerBundle\Controller\AuthenticateController`. Just be sure to add a routing to this controller in order to handle it.

*/config/routes/wakeonweb\_kong\_oauth2\_server.yaml*

```
wakeonweb_kong_oauth2_server.authenticate:
    path: /authenticate
    controller: WakeOnWeb\Bundle\KongOAuth2ServerBundle\Controller\AuthenticateController

```

The client application will have to route the end user to the following url: `http://sso.com/authorize?client_id=&response_type=code`. Kong &amp; the bundle will do the rest.

### Implicit Grant

[](#implicit-grant)

The "Implicit Grant" workflow is handled by the `WakeOnWeb\Bundle\KongOAuth2ServerBundle\Controller\AuthenticateController`. Just be sure to add a routing to this controller in order to handle it.

*/config/routes/wakeonweb\_kong\_oauth2\_server.yaml*

```
wakeonweb_kong_oauth2_server.authenticate:
    path: /authenticate
    controller: WakeOnWeb\Bundle\KongOAuth2ServerBundle\Controller\AuthenticateController

```

The client application will have to route the end user to the following url: `http://sso.com/authorize?client_id=&response_type=token`. Kong &amp; the bundle will do the rest.

### Resource Owner Password Credentials Grant

[](#resource-owner-password-credentials-grant)

The "Resource Owner Password Credentials Grant" workflow is handled by the `WakeOnWeb\Bundle\KongOAuth2ServerBundle\Controller\LoginController`. Just be sure to add a routing to this controller in order and a security firewall to handle it.

*/config/routes/wakeonweb\_kong\_oauth2\_server.yaml*

```
wakeonweb_kong_oauth2_server.login:
    path: /api/login
    controller: WakeOnWeb\Bundle\KongOAuth2ServerBundle\Controller\LoginController

```

*/config/packages/security.yaml*

```
security:
    # ...

    firewalls:
        anonymous: true
        api:
            pattern: ^/api/login$
            anonymous: ~
            json_login:
                check_path: /api/login

    access_control:
        - { path: /api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: /, roles: IS_AUTHENTICATED_FULLY }

```

### Client Credentials Grant

[](#client-credentials-grant)

*not supported yet*

IdentityResolver
----------------

[](#identityresolver)

The user identity can be resolved from the `UserInterface` using an `IdentityResolver`. A "username as identity" strategy is used per default. This means that the `UserInterface::getUsername()` result will be used as the user id. You can change this behavior by implementing your own `IdentityResolver`.

*src/User/IdentityAsIs.php*

```