FOSOAuthServerBundle

FOSOAuthServerBundle copied to clipboard

Don’t hand out token to disabled/locked users

23

PR #277 added preAuth checks so disabled and locked users are now properly denied authentication. However, these checks only apply _after_ the user has received an OAuth token. So disabled/locked...

ddeboer

Sf4.3 with an old legacy code base and db. We want to setup Oauth Server, the issue is the legacy code base got 3, may be 4 "user" entities (in...

meshenka

URL Encoding issue in redirect_url check

8

I am trying to use a `redirect_url` that contains query parameters with the Authorization Code Grant flow. The redirects in the browser succeed, here is what chrome is requesting: http://127.0.0.1:8080/app_dev.php/oauth/v2/auth?client_id=39691&response_type=code&redirect_uri=http://127.0.0.1:8091/authResponse?continue%3Dhttp://localhost:4200/assets/oauth.html%26client_id%3D39691...

netmikey

[Symfony 4] Installation

2

Are there any docs covering installation on Symfony 4? I haven't found a recipe for Flex, should I be aware of any caveats?

er1z

How access api protest without access_token

1

Hey i have a question, i want access to my oauth secure route without access_token but without access_token how can i do that ? It s for a partner, i...

Noido

0 I'm using Symfony 4. I'm using API Platform and FOSOAuthBundle. I can create a client and make a token but I can't access to Authorization Form #security.yaml ## firewalls:...

sam09torres

Controller "fos_oauth_server.controller.authorize" does neither exist as service nor as class

2

Hi. I try to use `FOSOAuthServerBundle` in Symfony 4. I use `dev-master` and get the following error when accessing the route `oauth/v2/auth` ``` Controller "fos_oauth_server.controller.authorize" does neither exist as service...

zpete

Manually authenticate user with given AccessToken (from Amazon Alexa)

1

Hi, I am working on creating an Amazon Alexa Skill which allows users to query data from their user account at my `Symfony 3.4` based web service. The user management...

SDPrio

Client secret should be nullable

2

From the code, `Client::checkSecret($secret)` compares given secret to internal secret when set. To authorize identification from clients without access to secret (for example: javascript or mobile), the checkSecret should succeed,...

bburnichon

Add support for public clients

15

Not having public clients makes the bundle almost unusable for JavaScript or desktop based apps.

odbayar