oauth2-server-bundle icon indicating copy to clipboard operation
oauth2-server-bundle copied to clipboard

Published 20 hours ago verified publisher icon thephpleague

oauth2: true gets ignored.

Open ciprian-marius opened this issue 2 years ago • 4 comments

behind firewalls i added api: pattern: ^/api security: true stateless: true oauth2: true

This basically does nothing. Is there any fix for this? this library is not usable in the current state

ciprian-marius avatar Feb 20 '23 16:02 ciprian-marius

luckily i asked around on symfony slack channel and some guys were able to help me sort this out. depending on your set up you would need a line on access_control in security.yaml

  • { path: /api/test, role: ROLE_OAUTH2_EMAIL }

Would be nice if the documentation could specify this.

ciprian-marius avatar Feb 20 '23 17:02 ciprian-marius

Thanks for sharing your solution.

Would be nice if the documentation could specify this.

I agree. Looks like an easy pick, PR welcome.

chalasr avatar Feb 20 '23 17:02 chalasr

I hope this helps anyone person looking this up or adding it to the docs.

The pattern in security.yaml as far as I understand is ROLE_OAUTH2_<SCOPE>. So if you have a client with scope user, email or abc then the corresponding access control roles would be: ROLE_OAUTH2_USER, ROLE_OAUTH2_EMAIL, ROLE_OAUTH2_ABC.

tobias47n9e avatar Jun 07 '24 09:06 tobias47n9e

It definitely should be in docs.

dannn98 avatar Jul 07 '24 12:07 dannn98