yii2-authclient icon indicating copy to clipboard operation
yii2-authclient copied to clipboard

Published 20 hours ago verified publisher icon yiisoft

Problem with clientCollection prop of yii\authclient\widgets\AuthChoice

Open SOHELAHMED7 opened this issue 7 years ago • 3 comments

When I set clientCollection https://www.yiiframework.com/extension/yiisoft/yii2-authclient/doc/api/2.1/yii-authclient-widgets-authchoice#$clientCollection-detail

in

AuthChoice https://www.yiiframework.com/extension/yiisoft/yii2-authclient/doc/api/2.1/yii-authclient-widgets-authchoice

like below

What steps will reproduce the problem?

Step 1: set in components array in web config file as

    'authClientCollection' => [
        'class' => yii\authclient\Collection::class,
        'clients' => [
            'github' => [
                'class' => yii\authclient\clients\GitHub::class,
                'clientId' => '-',
                'clientSecret' => '--',
                'scope' => 'user:email',
            ],
        ],
    ],

    // for the same above github registered app
    'myRepoAuthClientCollection' => [
        'class' => yii\authclient\Collection::class,
        'clients' => [
            'github' => [
                'class' => yii\authclient\clients\GitHub::class,
                'clientId' => '-',
                'clientSecret' => '--',
                'scope' => 'user:email,repo',
            ],
        ],
    ],

Step: 2 Set SiteController (or AuthController or any controller for login signup) (common for both above config)

public function actions()
{
    return [
        'oauth' => [
            'class' => AuthAction::class,
            'successCallback' => [$this, 'authSuccess'],
            'clientCollection' => 'myRepoAuthClientCollection'
        ],

Note: for signin signup process scope user:email is enough but to get repo access we need scope repo see above config (link)

Step 3: set this in any view file

<?= yii\authclient\widgets\AuthChoice::widget([
    'baseAuthUrl' => ['site/oauth'],
    'clientCollection' => 'myRepoAuthClientCollection'
]); ?>

What's expected?

github.com should ask user for repo permission

What do you get instead?

github.com is not asking user for repo permission. it just take config from authClientCollection

as of now how I solved the issue

Create separate controller and its action that only control myRepoAuthClientCollection, say NewController

public function actions()
{
    return [
        'oauth_new' => [
            'class' => AuthAction::class,
            'successCallback' => [$this, 'authSuccessNew'],                
            'clientCollection' => 'myRepoAuthClientCollection'
        ],


// in view file
<?= yii\authclient\widgets\AuthChoice::widget([
    'baseAuthUrl' => ['new/oauth_new'],
    'clientCollection' => 'myRepoAuthClientCollection'
]); ?>

it works fine.

Feel free to ask more details if needed

even i tried to use same authClientCollection like

Yii::$app->get('authClientCollection')->getClients()['github']->scope = 'user:email,repo';

but didn't worked

Additional info

Q A
Yii version 2.0.15.1
Yii Auth Client version 2.1.0
Yii HTTP Client version 2.0.7
PHP version 7.1
Operating system ubuntu 18.04

SOHELAHMED7 avatar Nov 26 '18 16:11 SOHELAHMED7

This is because the AuthChoise widget uses the authClientCollection only to created links to the AuthAction. You need two different AuthActions if we have auth with different permissions. I do not think there is something we can change in the auth-client extension about this. If you have any idea how this could be changed in auth-client extension, feel free to propose a soluition.

cebe avatar Nov 27 '18 10:11 cebe

It seems then clientCollection of AuthChoice is not useful anymore, right? if so it can be made private

and

this event can be used to change the scope runtime?

SOHELAHMED7 avatar Nov 27 '18 12:11 SOHELAHMED7

How about this approach

SiteController

public function actions()
{
    return [
        'oauth' => [
            'class' => AuthAction::class,
            'successCallback' => [$this, 'authSuccessNew'],

            // below new prop (type: array) added to AuthAction Class
            // only one scope can be used at a time ie creating a widget AuthChoice 
            // this can be used to validate which scope (say 'repo') to apply out of available 2 below
            'availableScopes' => ['user:email', 'repo'],
        ],

usage

<?= yii\authclient\widgets\AuthChoice::widget([
    'baseAuthUrl' => ['auth/oauth', 'customScope' => 'user:email'],
    'popupMode' => false,
]) ?>

this can be added after https://github.com/yiisoft/yii2-authclient/blob/master/src/AuthAction.php#L208

if (in_array(Yii::$app->getRequest()->getQueryParam('customScope'), $this->availableScopes, true)) {
    $client->scope = Yii::$app->getRequest()->getQueryParam('customScope');
}

share your views

we are adding a GET param

is it secure enough?

SOHELAHMED7 avatar Nov 27 '18 13:11 SOHELAHMED7