-
-
Save ajgarlag/1f84d29ee0e1a92c8878f44a902338cd to your computer and use it in GitHub Desktop.
{# templates/oauth2/decide.html.twig #} | |
{% extends 'base.html.twig' %} | |
{% block body %} | |
<div> | |
<a href="{{ allow_uri }}">Allow</a> | <a href="{{ deny_uri }}">Deny</a> | |
</div> | |
{% endblock %} |
<?php | |
//src/Controller/DecisionController.php | |
namespace App\Controller; | |
use Symfony\Component\HttpFoundation\Request; | |
use Symfony\Component\HttpKernel\UriSigner; | |
use App\EventListener\SignedAuthorizationRequestSubscriber; | |
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController; | |
use Symfony\Component\Routing\Annotation\Route; | |
class DecisionController extends AbstractController | |
{ | |
/** | |
* @var UriSigner | |
*/ | |
private $uriSigner; | |
/** | |
* @var string | |
*/ | |
private $authorizationRoute; | |
public function __construct(UriSigner $uriSigner, string $authorizationRoute = 'oauth2_authorize') | |
{ | |
$this->uriSigner = $uriSigner; | |
$this->authorizationRoute = $authorizationRoute; | |
} | |
/** | |
* @Route("/oauth2/authorize/decide", name="oauth2_decision") | |
*/ | |
public function decisionAction(Request $request) | |
{ | |
return $this->render('oauth2/decide.html.twig', [ | |
'allow_uri' => $this->buildDecidedUri($request, true), | |
'deny_uri' => $this->buildDecidedUri($request, false), | |
]); | |
} | |
private function buildDecidedUri(Request $request, bool $allowed) | |
{ | |
$currentQuery = $request->query->all(); | |
$decidedQuery = array_merge($currentQuery, [SignedAuthorizationRequestSubscriber::ATTRIBUTE_DECISION => $this->buildDecisionValue($allowed)]); | |
$decidedUri = $this->generateUrl($this->authorizationRoute, $decidedQuery); | |
return $this->uriSigner->sign($decidedUri); | |
} | |
private function buildDecisionValue(bool $allowed): string | |
{ | |
return $allowed ? SignedAuthorizationRequestSubscriber::ATTRIBUTE_DECISION_ALLOW : ''; | |
} | |
} |
You have two options:
- Manually wire the
$uriSigner
argument touri_signer
service (https://symfony.com/doc/current/service_container.html#services-manually-wire-args). - Define an alias called
Symfony\Component\HttpKernel\UriSigner
for theuri_signer
service
Ok, that worked.
this is what I added to services.yaml
App\Application\Service\OAuth2\SignedAuthorizationRequestSubscriber:
arguments:
$uriSigner: 'bla'
$decisionRoute: 'http://127.0.0.1:8000'
tags:
- { name: kernel.event_listener, event: trikoder.oauth2.authorization_request_resolve, method: processSignedAuthorizationRequest }
However when I hit /authorize method processSignedAuthorizationRequest never gets called.
If you could provide the working example it would be awesome.
Tks again
Sorry, that $uriSigner: 'bla' is not working =/
"Argument 1 passed to App\\Application\\Service\\OAuth2\\SignedAuthorizationRequestSubscriber::__construct() must be an instance of Symfony\\Component\\HttpKernel\\UriSigner, string given, called in //var/cache/dev/ContainerHKNUUVZ/getSignedAuthorizationRequestSubscriberService.php on line 11"
}
Hi, Why you have duplicate keys in array 151, 152 lines on SignedAuthorizationRequestSubscriber?
@zhukovsergei It's a bug, it should be:
return [
OAuth2Events::AUTHORIZATION_REQUEST_RESOLVE => [
['processSignedAuthorizationRequest', 100],
['redirectToDecisionRoute', 50],
],
];
@ajgarlag, https://gist.github.com/ajgarlag/1f84d29ee0e1a92c8878f44a902338cd#file-signedauthorizationrequestsubscriber-php-L141
Argument must implement interface Psr\Http\Message\ResponseInterface, instead of Symfony\Component\HttpFoundation\RedirectResponse
Symfony: 5.1.18
The question is closed.
$this->container->get('security.token_storage')->getToken()->getUser()
@fishmandev how did you fix it?
@ajgarlag do you have any idea?
I guess it's about PSR standart for Symfony5. $event only accept PSR ResponseInterface but not HTTPFoundation based RedirectResponse.
to solve error
Argument must implement interface Psr\Http\Message\ResponseInterface, instead of Symfony\Component\HttpFoundation\RedirectResponse
do
composer require nyholm/psr7
add this on the top
//src/EventListener/SignedAuthorizationRequestSubscriber.ph
use Nyholm\Psr7\Response;
change this line
https://gist.github.com/ajgarlag/1f84d29ee0e1a92c8878f44a902338cd#file-signedauthorizationrequestsubscriber-php-L141
$event->setResponse(
new RedirectResponse(
$this->urlGenerator->generate($this->decisionRoute, $params)
)
);
to
$url = $this->urlGenerator->generate($this->decisionRoute, $params);
$headers = ["Location"=>$url];
$response = new Response(301,$headers);
$event->setResponse($response);
hope this help, even a bit late @mssoylu
hey @ajgarlag , what did you put in your services.yaml to make this work?
I am receiving the following error, any color on what may be causing it?