Я пытаюсь использовать FOSOAuthServerBundle с FR3DLdapBundle и FOSUserBundle.
Интеграция между FR3DLdapBundle и FOSUserBundle работает хорошо, и я могу использовать LDAP для аутентификации моих пользователей.
Теперь мне нужно интегрировать FOSOAuthServerBundle в мое решение, потому что я хочу реализовать единый вход для 2 разных угловых приложений.
Если я пытаюсь использовать сохраненный пароль в таблице FosuUser, логин работает хорошо после интеграции FOSOAuthServerBundle, но логин LDAP больше не работает.
{
"error": "invalid_grant",
"error_description": "Invalid username and password combination"
}
Может ли кто-нибудь мне помочь? (очевидно пароль правильный)
Вот мои настройки:
config.yml:
#config.yml:
imports:
- { resource: parameters.yml }
- { resource: security.yml }
- { resource: services.yml }
- { resource: "@ApiBundle/Resources/config/services.yml" }
parameters:
locale: en
fos_oauth_server:
db_driver: orm # Drivers available: orm, mongodb, or propel
client_class: ApiBundle\Entity\Client
access_token_class: ApiBundle\Entity\AccessToken
refresh_token_class: ApiBundle\Entity\RefreshToken
auth_code_class: ApiBundle\Entity\AuthCode
service:
user_provider: fos_user.user_provider.username_email
framework:
translator: ~
secret: '%secret%'
router:
resource: '%kernel.project_dir%/app/config/routing.yml'
strict_requirements: ~
form: ~
csrf_protection: ~
validation: { enable_annotations: true }
templating:
engines: ['twig']
default_locale: '%locale%'
trusted_hosts: ~
session:
handler_id: session.handler.native_file
save_path: '%kernel.project_dir%/var/sessions/%kernel.environment%'
fragments: ~
http_method_override: true
assets: ~
php_errors:
log: true
# Twig Configuration
twig:
debug: '%kernel.debug%'
strict_variables: '%kernel.debug%'
# Doctrine Configuration
doctrine:
dbal:
driver: oci8
host: '%database_host%'
port: '%database_port%'
dbname: '%database_name%'
user: '%database_user%'
password: '%database_password%'
charset: UTF8
orm:
auto_generate_proxy_classes: '%kernel.debug%'
naming_strategy: doctrine.orm.naming_strategy.underscore
auto_mapping: true
# Swiftmailer Configuration
swiftmailer:
transport: '%mailer_transport%'
host: '%mailer_host%'
username: '%mailer_user%'
password: '%mailer_password%'
spool: { type: memory }
# Nelmio API documentation
nelmio_api_doc: ~
nelmio_cors:
paths:
'^/v1/':
allow_credentials: true
allow_origin: ['*']
allow_headers: ['Origin', 'X-Requested-With', 'Content-Type', 'Accept', 'Authorization']
allow_methods: ['POST','GET','DELETE','PUT', 'OPTIONS']
expose_headers: []
max_age: 3600
# FOSRestBundle
fos_rest:
routing_loader:
default_format: json # All responses should be JSON formated
include_format: false # We do not include format in request, so that all responses
param_fetcher_listener: true
body_listener:
array_normalizer: fos_rest.normalizer.camel_keys
format_listener: true
view:
view_response_listener: force
exception:
enabled: true
codes:
'Symfony\Component\Routing\Exception\ResourceNotFoundException': 404
body_converter:
enabled: true
fos_user:
db_driver: orm
firewall_name: api_login
user_class: ApiBundle\Entity\User
from_email:
address: "%mailer_user%"
sender_name: "%mailer_user%"
fr3d_ldap:
service:
user_hydrator: app.ldap.user_hydrator
ldap_manager: app.ldap.ldap_manager
driver:
host: ldaps.myldap.net
port: 636
username: "%ldap_user%"
password: "%ldap_password%"
accountDomainName: mydn.net
accountDomainNameShort: mydn
useSsl: true
user:
usernameAttribute: employeeNumber
baseDn: OU=User,OU=Accounts,OU=Company,DC=mydn,DC=net
attributes:
- { ldap_attr: mail, user_method: setEmail }
lexik_jwt_authentication:
secret_key: '%kernel.project_dir%/config/jwt/private.pem' # required for token creation
public_key: '%kernel.project_dir%/config/jwt/public.pem' # required for token verification
pass_phrase: 'my_pass_phrase'
token_ttl: 84000
security.yml:
#security.yml
# To get started with security, check out the documentation:
# https://symfony.com/doc/current/security.html
security:
#Preserve plain text password in token for refresh the user.
#Analyze the security considerations before turn off this setting.
erase_credentials: false
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
chain_provider:
chain:
providers: [fr3d_ldapbundle,fos_userbundle]
fr3d_ldapbundle:
id: fr3d_ldap.security.user.provider
fos_userbundle:
id: fos_user.user_provider.username_email
firewalls:
oauth_authorize:
pattern: ^/oauth/v2/auth
fr3d_ldap: ~
form_login:
provider: chain_provider
check_path: /oauth/v2/auth/login
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
require_previous_session: false
stateless: true
anonymous: true
oauth_token:
pattern: ^/oauth/v2/token
security: false
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
fr3d_ldap: ~
api:
pattern: ^/api
fos_oauth: true
stateless: true
anonymous: false # can be omitted as its default value
main:
pattern: ^/
fr3d_ldap: ~
form_login:
provider: fos_userbundle
# csrf_provider: security.csrf.token_manager # Use form.csrf_provider instead for Symfony <2.4
logout: true
anonymous: true
# activate different ways to authenticate
# https://symfony.com/doc/current/security.html#a-configuring-how-your-users-will-authenticate
#http_basic: ~
# https://symfony.com/doc/current/security/form_login_setup.html
#form_login: ~
access_control:
- { path: ^/v1/admin, roles: ROLE_LM }
- { path: ^/v1/login_check, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/v1, roles: IS_AUTHENTICATED_FULLY }
- { path: ^/v1/control, roles: IS_AUTHENTICATED_FULLY, methods: [POST, PUT, GET, DELETE, OPTIONS] }
- { path: ^/v1/control/, roles: IS_AUTHENTICATED_FULLY, methods: [POST, PUT, GET, DELETE, OPTIONS] }
- { path: ^/api, roles: [ IS_AUTHENTICATED_FULLY ] }
routing.yml:
api:
resource: "@ApiBundle/Controller/"
type: annotation
prefix: /v1/
app:
resource: '@AppBundle/Controller/'
type: annotation
NelmioApiDocBundle:
resource: "@NelmioApiDocBundle/Resources/config/routing.yml"
prefix: /doc
api_login_check:
path: /v1/login_check
fos_user_security:
resource: "@FOSUserBundle/Resources/config/routing/security.xml"
fos_oauth_server_token:
resource: "@FOSOAuthServerBundle/Resources/config/routing/token.xml"
fos_oauth_server_authorize:
resource: "@FOSOAuthServerBundle/Resources/config/routing/authorize.xml"
Спасибо