Instantly share code, notes, and snippets.

@tjamps /README.md
Last active Aug 24, 2018

Embed
What would you like to do?
Basic RESTful API with Symfony 2 + FOSRestBundle (JSON format only) + FOSUserBundle + FOSOauthServerBundle

Basic RESTful API with Symfony 2 + FOSRestBundle (JSON format only) + FOSUserBundle + FOSOauthServerBundle

The API we are creating in this gist will follow these rules :

  • The API only returns JSON responses
  • All API routes require authentication
  • Authentication is handled via OAuth2 with password Grant Type only (no need for Authorization pages and such).
  • API versioning is managed via a subdomain (e.g. v1.api.example.com)

The API will be written in PHP with the Symfony 2 framework. The following SF2 bundles are used :

Install SF2 and the bundles

The first step is to download Symfony and the related bundles. I willl use the Symfony Installer and Composer (installed globally)

symfony new api
cd api
composer require friendsofsymfony/rest-bundle
composer require jms/serializer-bundle
composer require nelmio/api-doc-bundle
composer require friendsofsymfony/user-bundle
composer require friendsofsymfony/oauth-server-bundle

Add the following lines to app/AppKernel.php to enable the downloaded bundles :

// app/AppKernel.php
class AppKernel extends Kernel
{
    public function registerBundles()
    {
        $bundles = array(
            // ...
            new FOS\RestBundle\FOSRestBundle(),
            new FOS\UserBundle\FOSUserBundle(),
            new FOS\OAuthServerBundle\FOSOAuthServerBundle(),
            new JMS\SerializerBundle\JMSSerializerBundle(),
            new Nelmio\ApiDocBundle\NelmioApiDocBundle(),
        );

        // ...
    }
}

## Configure bundles

A bit of configuration is required now.

NOTE : the classes under the Acme\ApiBundle\Entity namespace will be created in just a minute.

Configuration

Add the following to app/config/config.yml :

# app/config/config.yml
nelmio_api_doc: ~

fos_rest:
    routing_loader:
        default_format: json                            # All responses should be JSON formated
        include_format: false                           # We do not include format in request, so that all responses
                                                        # will eventually be JSON formated

fos_user:
    db_driver: orm
    firewall_name: api                                  # Seems to be used when registering user/reseting password,
                                                        # but since there is no "login", as so it seems to be useless in
                                                        # our particular context, but still required by "FOSUserBundle"
    user_class: Acme\ApiBundle\Entity\User

fos_oauth_server:
    db_driver:           orm
    client_class:        Acme\ApiBundle\Entity\Client
    access_token_class:  Acme\ApiBundle\Entity\AccessToken
    refresh_token_class: Acme\ApiBundle\Entity\RefreshToken
    auth_code_class:     Acme\ApiBundle\Entity\AuthCode
    service:
        user_provider: fos_user.user_manager             # This property will be used when valid credentials are given to load the user upon access token creation

### Security

Add the following to app/config/security.yml :

# app/config/security.yml

security:
    encoders:
        FOS\UserBundle\Model\UserInterface: sha512

    providers:
        fos_userbundle:
            id: fos_user.user_provider.username        # fos_user.user_provider.username_email does not seem to work (OAuth-spec related ("username + password") ?)
    firewalls:
        oauth_token:                                   # Everyone can access the access token URL.
            pattern: ^/oauth/v2/token
            security: false
        api:
            pattern: ^/                                # All URLs are protected
            fos_oauth: true                            # OAuth2 protected resource
            stateless: true                            # Do no set session cookies
            anonymous: false                           # Anonymous access is not allowed

You can add more access_control properties here.

Routing

Add the following to app/config/routing.yml :

# app/config/routing.yml
NelmioApiDocBundle:
    resource: "@NelmioApiDocBundle/Resources/config/routing.yml"
    prefix:   /api/doc

fos_oauth_server_token:
    resource: "@FOSOAuthServerBundle/Resources/config/routing/token.xml"

API Bundle

NOTE : this step is not strictly required : you are actually free to organize your code as you want. I am using only one bundle here for the sake of simplicity, but feel free to follow what you heart says ;)

Next we need to create entities to handle user, access tokens, etc... We are going to create a bundle for that purpose :

php app/console generate:bundle --namespace=Acme/ApiBundle

Next step is creating the entities.

User entity

This entity is required by FOSUserBundle and will also be used by FOSOAuthServerBundle. As stated in the documentation, you are free to do (almost) whatever you want to with this class. The one used in this gist is just a simple copy/paste of the class available in the documentation, but with the following changes :

  • it extends FOS\UserBundle\Entity\User and not FOS\UserBundle\Model\User (further doctrine schema update did not work for me with the later)
  • the name of the table is customized : @ORM\Table("users")
<?php
// src/Acme/ApiBundle/Entity/User.php

namespace Acme\ApiBundle\Entity;

use FOS\UserBundle\Entity\User as BaseUser;
use Doctrine\ORM\Mapping as ORM;

/**
 * User
 *
 * @ORM\Table("users")
 * @ORM\Entity
 */
class User extends BaseUser
{
    /**
     * @var integer
     *
     * @ORM\Column(name="id", type="integer")
     * @ORM\Id
     * @ORM\GeneratedValue(strategy="AUTO")
     */
    protected $id;


    /**
     * Get id
     *
     * @return integer
     */
    public function getId()
    {
        return $this->id;
    }
}

## Other entities

These entities are required by the FOSOAuthServerBundle. They are simple copy/paste from the documentation with namespace adjustements. Notice the table names have been adjusted too. Also, make sure the targetEntity parameter of the @ORM\ManyToOne annotation points to the user entity you created in the previous step :

<?php
// src/Acme/ApiBundle/Entity/Client.php

namespace Acme\ApiBundle\Entity;

use FOS\OAuthServerBundle\Entity\Client as BaseClient;
use Doctrine\ORM\Mapping as ORM;

/**
 * @ORM\Table("oauth2_clients")
 * @ORM\Entity
 */
class Client extends BaseClient
{
    /**
     * @ORM\Id
     * @ORM\Column(type="integer")
     * @ORM\GeneratedValue(strategy="AUTO")
     */
    protected $id;

    public function __construct()
    {
        parent::__construct();
    }
}
<?php
// src/Acme/ApiBundle/Entity/AccessToken.php

namespace Acme\ApiBundle\Entity;

use FOS\OAuthServerBundle\Entity\AccessToken as BaseAccessToken;
use Doctrine\ORM\Mapping as ORM;

/**
 * @ORM\Table("oauth2_access_tokens")
 * @ORM\Entity
 */
class AccessToken extends BaseAccessToken
{
    /**
     * @ORM\Id
     * @ORM\Column(type="integer")
     * @ORM\GeneratedValue(strategy="AUTO")
     */
    protected $id;

    /**
     * @ORM\ManyToOne(targetEntity="Client")
     * @ORM\JoinColumn(nullable=false)
     */
    protected $client;

    /**
     * @ORM\ManyToOne(targetEntity="User")
     */
    protected $user;
}
<?php
// src/Acme/ApiBundle/Entity/RefreshToken.php

namespace Acme\ApiBundle\Entity;

use FOS\OAuthServerBundle\Entity\RefreshToken as BaseRefreshToken;
use Doctrine\ORM\Mapping as ORM;

/**
 * @ORM\Table("oauth2_refresh_tokens")
 * @ORM\Entity
 */
class RefreshToken extends BaseRefreshToken
{
    /**
     * @ORM\Id
     * @ORM\Column(type="integer")
     * @ORM\GeneratedValue(strategy="AUTO")
     */
    protected $id;

    /**
     * @ORM\ManyToOne(targetEntity="Client")
     * @ORM\JoinColumn(nullable=false)
     */
    protected $client;

    /**
     * @ORM\ManyToOne(targetEntity="User")
     */
    protected $user;
}
<?php
// src/Acme/ApiBundle/Entity/AuthCode.php

namespace Acme\ApiBundle\Entity;

use FOS\OAuthServerBundle\Entity\AuthCode as BaseAuthCode;
use Doctrine\ORM\Mapping as ORM;

/**
 * @ORM\Table("oauth2_auth_codes")
 * @ORM\Entity
 */
class AuthCode extends BaseAuthCode
{
    /**
     * @ORM\Id
     * @ORM\Column(type="integer")
     * @ORM\GeneratedValue(strategy="AUTO")
     */
    protected $id;

    /**
     * @ORM\ManyToOne(targetEntity="Client")
     * @ORM\JoinColumn(nullable=false)
     */
    protected $client;

    /**
     * @ORM\ManyToOne(targetEntity="User")
     */
    protected $user;
}

You can now update your database schema :

php app/console doctrine:schema:update --force

You should have the following tables created :

mysql> describe users;
+-----------------------+--------------+------+-----+---------+----------------+
| Field                 | Type         | Null | Key | Default | Extra          |
+-----------------------+--------------+------+-----+---------+----------------+
| id                    | int(11)      | NO   | PRI | NULL    | auto_increment |
| username              | varchar(255) | NO   |     | NULL    |                |
| username_canonical    | varchar(255) | NO   | UNI | NULL    |                |
| email                 | varchar(255) | NO   |     | NULL    |                |
| email_canonical       | varchar(255) | NO   | UNI | NULL    |                |
| enabled               | tinyint(1)   | NO   |     | NULL    |                |
| salt                  | varchar(255) | NO   |     | NULL    |                |
| password              | varchar(255) | NO   |     | NULL    |                |
| last_login            | datetime     | YES  |     | NULL    |                |
| locked                | tinyint(1)   | NO   |     | NULL    |                |
| expired               | tinyint(1)   | NO   |     | NULL    |                |
| expires_at            | datetime     | YES  |     | NULL    |                |
| confirmation_token    | varchar(255) | YES  |     | NULL    |                |
| password_requested_at | datetime     | YES  |     | NULL    |                |
| roles                 | longtext     | NO   |     | NULL    |                |
| credentials_expired   | tinyint(1)   | NO   |     | NULL    |                |
| credentials_expire_at | datetime     | YES  |     | NULL    |                |
+-----------------------+--------------+------+-----+---------+----------------+
17 rows in set (0.00 sec)

mysql> describe oauth2_clients;
+---------------------+--------------+------+-----+---------+----------------+
| Field               | Type         | Null | Key | Default | Extra          |
+---------------------+--------------+------+-----+---------+----------------+
| id                  | int(11)      | NO   | PRI | NULL    | auto_increment |
| random_id           | varchar(255) | NO   |     | NULL    |                |
| redirect_uris       | longtext     | NO   |     | NULL    |                |
| secret              | varchar(255) | NO   |     | NULL    |                |
| allowed_grant_types | longtext     | NO   |     | NULL    |                |
+---------------------+--------------+------+-----+---------+----------------+
5 rows in set (0.00 sec)

mysql> describe oauth2_access_tokens;
+------------+--------------+------+-----+---------+----------------+
| Field      | Type         | Null | Key | Default | Extra          |
+------------+--------------+------+-----+---------+----------------+
| id         | int(11)      | NO   | PRI | NULL    | auto_increment |
| client_id  | int(11)      | NO   | MUL | NULL    |                |
| user_id    | int(11)      | YES  | MUL | NULL    |                |
| token      | varchar(255) | NO   | UNI | NULL    |                |
| expires_at | int(11)      | YES  |     | NULL    |                |
| scope      | varchar(255) | YES  |     | NULL    |                |
+------------+--------------+------+-----+---------+----------------+
6 rows in set (0.00 sec)

mysql> describe oauth2_auth_codes;
+--------------+--------------+------+-----+---------+----------------+
| Field        | Type         | Null | Key | Default | Extra          |
+--------------+--------------+------+-----+---------+----------------+
| id           | int(11)      | NO   | PRI | NULL    | auto_increment |
| client_id    | int(11)      | NO   | MUL | NULL    |                |
| user_id      | int(11)      | YES  | MUL | NULL    |                |
| token        | varchar(255) | NO   | UNI | NULL    |                |
| redirect_uri | longtext     | NO   |     | NULL    |                |
| expires_at   | int(11)      | YES  |     | NULL    |                |
| scope        | varchar(255) | YES  |     | NULL    |                |
+--------------+--------------+------+-----+---------+----------------+
7 rows in set (0.00 sec)

mysql> describe oauth2_refresh_tokens;
+------------+--------------+------+-----+---------+----------------+
| Field      | Type         | Null | Key | Default | Extra          |
+------------+--------------+------+-----+---------+----------------+
| id         | int(11)      | NO   | PRI | NULL    | auto_increment |
| client_id  | int(11)      | NO   | MUL | NULL    |                |
| user_id    | int(11)      | YES  | MUL | NULL    |                |
| token      | varchar(255) | NO   | UNI | NULL    |                |
| expires_at | int(11)      | YES  |     | NULL    |                |
| scope      | varchar(255) | YES  |     | NULL    |                |
+------------+--------------+------+-----+---------+----------------+
6 rows in set (0.00 sec)

Add Oauth2 client

The following step consists in adding a new OAuth2 client. The documentation is not very clear on that point, the following code can be injected in a command to create new client. In our case, we need only one client, so I add the client manually with a simple SQL query :

INSERT INTO `oauth2_clients` VALUES (NULL, '3bcbxd9e24g0gk4swg0kwgcwg4o8k8g4g888kwc44gcc0gwwk4', 'a:0:{}', '4ok2x70rlfokc8g0wws8c8kwcokw80k44sg48goc0ok4w0so0k', 'a:1:{i:0;s:8:"password";}');

## Create admin user

We are going to use the command fos:user:create, provided by FOSUserBundle :

$ php app/console fos:user:create
Please choose a username:admin
Please choose an email:admin@example.com
Please choose a password:admin
Created user admin

Create a REST controller

We can now create a REST controller to deliver a very simple resource, so that we can test that our setup is working properly.

The controller

<?php

// src/Acme/ApiBundle/Controller/DemoController.php

namespace Acme\ApiBundle\Controller;

use FOS\RestBundle\Controller\FOSRestController;

class DemoController extends FOSRestController
{
    public function getDemosAction()
    {
        $data = array("hello" => "world");
        $view = $this->view($data);
        return $this->handleView($view);
    }
}

### The route configuration

# src/Acme/ApiBundle/Resources/config/routing.yml
acme_api_demos:
    type: rest
    resource: Acme\ApiBundle\Controller\DemoController

## Check OAuth2 is working

NOTE : the following commands make use of the HTTPie library. Make sure it is installed on your system before using it.

NOTE 2 : the following commands assume you are running Symfony with the built-in HTTP server. Adapt to fit your configuration.

$ http GET http://localhost:8000/app_dev.php/links
HTTP/1.1 401 Unauthorized
Cache-Control: no-store, private
Connection: close
Content-Type: application/json
...

{
    "error": "access_denied",
    "error_description": "OAuth2 authentication required"
}

We are not welcome here :(

We should now request an Access Token using the client and the user we created earlier. Notice the client_id parameter is a concatenation of the client id, an underscore and the client randomId :

$ http POST http://localhost:8000/app_dev.php/oauth/v2/token \
    grant_type=password \
    client_id=1_3bcbxd9e24g0gk4swg0kwgcwg4o8k8g4g888kwc44gcc0gwwk4 \
    client_secret=4ok2x70rlfokc8g0wws8c8kwcokw80k44sg48goc0ok4w0so0k \
    username=admin \
    password=admin
HTTP/1.1 200 OK
Cache-Control: no-store, private
Connection: close
Content-Type: application/json
...

{
    "access_token": "MDFjZGI1MTg4MTk3YmEwOWJmMzA4NmRiMTgxNTM0ZDc1MGI3NDgzYjIwNmI3NGQ0NGE0YTQ5YTVhNmNlNDZhZQ",
    "expires_in": 3600,
    "refresh_token": "ZjYyOWY5Yzg3MTg0MDU4NWJhYzIwZWI4MDQzZTg4NWJjYzEyNzAwODUwYmQ4NjlhMDE3OGY4ZDk4N2U5OGU2Ng",
    "scope": null,
    "token_type": "bearer"
}

We can use the Acces Token we've just been given to authenticate on the next request :

$ http GET http://ledzep.dev:8000/app_dev.php/links \
    "Authorization:Bearer MDFjZGI1MTg4MTk3YmEwOWJmMzA4NmRiMTgxNTM0ZDc1MGI3NDgzYjIwNmI3NGQ0NGE0YTQ5YTVhNmNlNDZhZQ"
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Content-Type: application/json
...

{
    "hello": "world"
}

User information

Get current authenticated user

<?php

use use Symfony\Component\Security\Core\Exception\AccessDeniedException;

// ...
class DemoController extends FOSRestController
{
    // ...
    public function getDemosAction()
    {
        $user = $this->get('security.context')->getToken()->getUser();

        //...
        // Do something with the fully authenticated user.
        // ...
    }
    // ...
}

Check user grants

<?php

use use Symfony\Component\Security\Core\Exception\AccessDeniedException;

// ...
class DemoController extends FOSRestController
{
    // ...
    public function getDemosAction()
    {
        if ($this->get('security.context')->isGranted('ROLE_JCVD') === FALSE) {
            throw new AccessDeniedException();
        }

        // ...
    }
    // ...
}
@Abdelaziz-Khabthani

This comment has been minimized.

Show comment
Hide comment
@Abdelaziz-Khabthani

Abdelaziz-Khabthani Sep 28, 2015

Thanks a lot this is really helpful, but what is the best way to make an OAuth2 client with Symfony that consume this API ?

Abdelaziz-Khabthani commented Sep 28, 2015

Thanks a lot this is really helpful, but what is the best way to make an OAuth2 client with Symfony that consume this API ?

@VincentRoma

This comment has been minimized.

Show comment
Hide comment
@VincentRoma

VincentRoma Oct 20, 2015

Really great work ! For the client, I'm consuming it with AngularJS and it works like a charm

VincentRoma commented Oct 20, 2015

Really great work ! For the client, I'm consuming it with AngularJS and it works like a charm

@lechaabani

This comment has been minimized.

Show comment
Hide comment
@lechaabani

lechaabani Nov 6, 2015

Thank it's a good work, have you an example about the consumption of webservice in front with angularjs

lechaabani commented Nov 6, 2015

Thank it's a good work, have you an example about the consumption of webservice in front with angularjs

@dVaffection

This comment has been minimized.

Show comment
Hide comment
@dVaffection

dVaffection Nov 23, 2015

You may also should consider setting user_id to NULL once he/she is deleted on AccessToken and RefreshToken entities:

@ORM\JoinColumn(name="user_id", referencedColumnName="id", onDelete="SET NULL")

dVaffection commented Nov 23, 2015

You may also should consider setting user_id to NULL once he/she is deleted on AccessToken and RefreshToken entities:

@ORM\JoinColumn(name="user_id", referencedColumnName="id", onDelete="SET NULL")

@gstucki

This comment has been minimized.

Show comment
Hide comment
@gstucki

gstucki Dec 5, 2015

How to use the refresh_token and when ?

Do you have a sample implementation please ?

gstucki commented Dec 5, 2015

How to use the refresh_token and when ?

Do you have a sample implementation please ?

@georgesamy

This comment has been minimized.

Show comment
Hide comment
@georgesamy

georgesamy Jan 3, 2016

Great work!

Can you explain how to post a user (registration process) using rest?

georgesamy commented Jan 3, 2016

Great work!

Can you explain how to post a user (registration process) using rest?

@3kynox

This comment has been minimized.

Show comment
Hide comment
@3kynox

3kynox Jan 4, 2016

Hello, can you expose angular client part too please ?

3kynox commented Jan 4, 2016

Hello, can you expose angular client part too please ?

@Blackskyliner

This comment has been minimized.

Show comment
Hide comment
@Blackskyliner

Blackskyliner Jan 5, 2016

@gstucki the Refresh Tokens are an implementation detail of OAuth2 so just read up the specification on that and you'll get a hang when to use and why: https://tools.ietf.org/html/rfc6749

@georgesamy I guess it's the same as FOSUserBundle states: You create an Action, which then receives the user data, which then somehow creates the User Object and saves it through the UserManager provided by FOSUserBundle. So I would say the question is more FOS specific than relating to this guide.

@3kynox this question seems very generic, but I guess it's in the same league as @lechaabani comment. An example implementation for Angular. In the end it's not too hard. Just implement an REST Interface with the given Skeleton this guide sets up and you are good to go. I don't see why and where should be anything angular specific here... Angular is just consuming a REST compatible API (e.g via the $http service) and thus you just have to adhere to the principles of REST (GET (get entity), PUT (create or update, user chooses Entity ID on creation), POST (create or update, server chooses the Entity ID on creation, DELETE (delete entity)). Bu you just have to implement the Controller/Actions for that and get going.

I feel it's good that this how-to just covers the basics of how to get started and does no extra stuff on how to XYZ. As its only to get bootstrapped not to implement features of your future application.

Blackskyliner commented Jan 5, 2016

@gstucki the Refresh Tokens are an implementation detail of OAuth2 so just read up the specification on that and you'll get a hang when to use and why: https://tools.ietf.org/html/rfc6749

@georgesamy I guess it's the same as FOSUserBundle states: You create an Action, which then receives the user data, which then somehow creates the User Object and saves it through the UserManager provided by FOSUserBundle. So I would say the question is more FOS specific than relating to this guide.

@3kynox this question seems very generic, but I guess it's in the same league as @lechaabani comment. An example implementation for Angular. In the end it's not too hard. Just implement an REST Interface with the given Skeleton this guide sets up and you are good to go. I don't see why and where should be anything angular specific here... Angular is just consuming a REST compatible API (e.g via the $http service) and thus you just have to adhere to the principles of REST (GET (get entity), PUT (create or update, user chooses Entity ID on creation), POST (create or update, server chooses the Entity ID on creation, DELETE (delete entity)). Bu you just have to implement the Controller/Actions for that and get going.

I feel it's good that this how-to just covers the basics of how to get started and does no extra stuff on how to XYZ. As its only to get bootstrapped not to implement features of your future application.

@liverbool

This comment has been minimized.

Show comment
Hide comment
@liverbool

liverbool Jan 11, 2016

Thanks a lot, How i can protect client_id and client_secret in the real wold client-app?

liverbool commented Jan 11, 2016

Thanks a lot, How i can protect client_id and client_secret in the real wold client-app?

@smilesrg

This comment has been minimized.

Show comment
Hide comment
@Syl3nce

This comment has been minimized.

Show comment
Hide comment
@Syl3nce

Syl3nce Jan 27, 2016

Hello, thanks a lot for your help, that work very well 👍 !
Can we use that configuration with a google/fb connexion (with HWIOAuthBundle ?) ? If yes, have you some advises to me ?

Syl3nce commented Jan 27, 2016

Hello, thanks a lot for your help, that work very well 👍 !
Can we use that configuration with a google/fb connexion (with HWIOAuthBundle ?) ? If yes, have you some advises to me ?

@gregorise

This comment has been minimized.

Show comment
Hide comment
@gregorise

gregorise Mar 10, 2016

I've tried this with 3.x (and 2.8 to ensure it's not a compatibility thing) and I get the same error when installed:

composer require friendsofsymfony/user-bundle

Using version ^1.3 for friendsofsymfony/user-bundle
./composer.json has been updated
Loading composer repositories with package information
Updating dependencies (including require-dev)
Your requirements could not be resolved to an installable set of packages.

Problem 1
- Conclusion: don't install friendsofsymfony/user-bundle v1.3.6
- Conclusion: don't install friendsofsymfony/user-bundle v1.3.5
- Conclusion: don't install friendsofsymfony/user-bundle v1.3.4
- Conclusion: don't install friendsofsymfony/user-bundle v1.3.3
- Conclusion: don't install friendsofsymfony/user-bundle v1.3.2
- Conclusion: don't install friendsofsymfony/user-bundle v1.3.1
- Conclusion: remove symfony/http-foundation v3.0.3

gregorise commented Mar 10, 2016

I've tried this with 3.x (and 2.8 to ensure it's not a compatibility thing) and I get the same error when installed:

composer require friendsofsymfony/user-bundle

Using version ^1.3 for friendsofsymfony/user-bundle
./composer.json has been updated
Loading composer repositories with package information
Updating dependencies (including require-dev)
Your requirements could not be resolved to an installable set of packages.

Problem 1
- Conclusion: don't install friendsofsymfony/user-bundle v1.3.6
- Conclusion: don't install friendsofsymfony/user-bundle v1.3.5
- Conclusion: don't install friendsofsymfony/user-bundle v1.3.4
- Conclusion: don't install friendsofsymfony/user-bundle v1.3.3
- Conclusion: don't install friendsofsymfony/user-bundle v1.3.2
- Conclusion: don't install friendsofsymfony/user-bundle v1.3.1
- Conclusion: remove symfony/http-foundation v3.0.3

@JanMikes

This comment has been minimized.

Show comment
Hide comment
@JanMikes

JanMikes Mar 18, 2016

@gregorise i had the same issue, i fixed this by running composer require friendsofsymfony/user-bundle '@dev' which can use symfony 3.0.x

JanMikes commented Mar 18, 2016

@gregorise i had the same issue, i fixed this by running composer require friendsofsymfony/user-bundle '@dev' which can use symfony 3.0.x

@Keloo

This comment has been minimized.

Show comment
Hide comment
@Keloo

Keloo Mar 21, 2016

Do you have examples of request using authorization_code grant type?

Keloo commented Mar 21, 2016

Do you have examples of request using authorization_code grant type?

@kpietrzak-web

This comment has been minimized.

Show comment
Hide comment
@kpietrzak-web

kpietrzak-web Apr 12, 2016

I've implemented this solution on my website but I have one problem. Acces token have one hour expiration time. Of course I can change it to more hours, maybe days, but still in some moment people who's logged on website will be logout without any information. Should I use resresh token or change exiration time of current access token? And how can I do this?

kpietrzak-web commented Apr 12, 2016

I've implemented this solution on my website but I have one problem. Acces token have one hour expiration time. Of course I can change it to more hours, maybe days, but still in some moment people who's logged on website will be logout without any information. Should I use resresh token or change exiration time of current access token? And how can I do this?

@zball

This comment has been minimized.

Show comment
Hide comment
@zball

zball Apr 16, 2016

@kpietrzak-web Use the refresh_token grant type and just request a new access token. From my own research it seems for security purposes it's best to request a new access token as opposed to just setting the expiration way in the future.

zball commented Apr 16, 2016

@kpietrzak-web Use the refresh_token grant type and just request a new access token. From my own research it seems for security purposes it's best to request a new access token as opposed to just setting the expiration way in the future.

@zball

This comment has been minimized.

Show comment
Hide comment
@zball

zball Apr 16, 2016

Since I had to do this anyway, I put a working demo up:
https://github.com/zball/FOSREST-User-OAuth-Skeleton

zball commented Apr 16, 2016

Since I had to do this anyway, I put a working demo up:
https://github.com/zball/FOSREST-User-OAuth-Skeleton

@imanalopher

This comment has been minimized.

Show comment
Hide comment
@imanalopher

imanalopher commented May 1, 2016

@zball, i like it

@SAMBOWN

This comment has been minimized.

Show comment
Hide comment
@SAMBOWN

SAMBOWN May 31, 2016

How did you get a success access_token when your client_id is wrong. 1_3bcbxd9e24g0gk4swg0kwgcwg4o8k8g4g888kwc44gcc0gwwk4 this client_id was passed as your resources parameter but you inserted 3bcbxd9e24g0gk4swg0kwgcwg4o8k8g4g888kwc44gcc0gwwk4 in your database. where did "1_" come from.

SAMBOWN commented May 31, 2016

How did you get a success access_token when your client_id is wrong. 1_3bcbxd9e24g0gk4swg0kwgcwg4o8k8g4g888kwc44gcc0gwwk4 this client_id was passed as your resources parameter but you inserted 3bcbxd9e24g0gk4swg0kwgcwg4o8k8g4g888kwc44gcc0gwwk4 in your database. where did "1_" come from.

@akrami

This comment has been minimized.

Show comment
Hide comment
@akrami

akrami Jun 2, 2016

this tutorial is awesome,
some mistakes
but AWESOME!

akrami commented Jun 2, 2016

this tutorial is awesome,
some mistakes
but AWESOME!

@Asaku

This comment has been minimized.

Show comment
Hide comment
@Asaku

Asaku Jun 16, 2016

Hey guys great tuto.
I need to login with email he can be possible with the configuration fosuserbudle ?

Asaku commented Jun 16, 2016

Hey guys great tuto.
I need to login with email he can be possible with the configuration fosuserbudle ?

@barden42

This comment has been minimized.

Show comment
Hide comment
@barden42

barden42 Jun 23, 2016

Hi,

Thank you for your tuto. It work for me on the API side, but I don't know how to connect my front office.
I would like to create a login page on this front office and connect my user through the API (and get the authentication token for future request).
Can you explain it please ?

barden42 commented Jun 23, 2016

Hi,

Thank you for your tuto. It work for me on the API side, but I don't know how to connect my front office.
I would like to create a login page on this front office and connect my user through the API (and get the authentication token for future request).
Can you explain it please ?

@jiresse

This comment has been minimized.

Show comment
Hide comment
@jiresse

jiresse Jul 13, 2016

Superb Thank You Very Much !!

jiresse commented Jul 13, 2016

Superb Thank You Very Much !!

@Nebnoma

This comment has been minimized.

Show comment
Hide comment
@Nebnoma

Nebnoma Jul 14, 2016

It's been a long time i was looking for something like that. Great! Thank you!

Nebnoma commented Jul 14, 2016

It's been a long time i was looking for something like that. Great! Thank you!

@nothingaa

This comment has been minimized.

Show comment
Hide comment
@nothingaa

nothingaa Aug 3, 2016

@SAMBOWN The 1 is the id of the table

nothingaa commented Aug 3, 2016

@SAMBOWN The 1 is the id of the table

@nothingaa

This comment has been minimized.

Show comment
Hide comment
@nothingaa

nothingaa Aug 3, 2016

Thanks for the guide.

Instead of adding manually the oauth_client, you can just change the sample code to

$clientManager = $this->get('fos_oauth_server.client_manager.default');
$client = $clientManager->createClient();
$client->setAllowedGrantTypes(array('password'));
$clientManager->updateClient($client);

You can look at the documentation of OAuth to know which params are required with each grant type.
https://tools.ietf.org/html/rfc6749

nothingaa commented Aug 3, 2016

Thanks for the guide.

Instead of adding manually the oauth_client, you can just change the sample code to

$clientManager = $this->get('fos_oauth_server.client_manager.default');
$client = $clientManager->createClient();
$client->setAllowedGrantTypes(array('password'));
$clientManager->updateClient($client);

You can look at the documentation of OAuth to know which params are required with each grant type.
https://tools.ietf.org/html/rfc6749

@diriy

This comment has been minimized.

Show comment
Hide comment
@diriy

diriy Aug 9, 2016

Symfony 3.1 is used by me. Where can I get Acme\ApiBundle\Entity? Should I create new bundle or find and use some existed instead? You wrote: NOTE : the classes under the Acme\ApiBundle\Entity namespace will be created in just a minute. but I got the following error and no Acme in my folder list:
MappingException in MappingException.php line 96: Class 'Acme\ApiBundle\Entity\Client' does not exist
What should I do?

diriy commented Aug 9, 2016

Symfony 3.1 is used by me. Where can I get Acme\ApiBundle\Entity? Should I create new bundle or find and use some existed instead? You wrote: NOTE : the classes under the Acme\ApiBundle\Entity namespace will be created in just a minute. but I got the following error and no Acme in my folder list:
MappingException in MappingException.php line 96: Class 'Acme\ApiBundle\Entity\Client' does not exist
What should I do?

@david-vde

This comment has been minimized.

Show comment
Hide comment
@david-vde

david-vde Aug 16, 2016

Hello I have a big problem.

I followed the tutorial and when token are saved in the database user_id and client_id are set to 0 for refresh token and access token, and I guess for auth_code also but not tested

Have you an idea about this problem?

Thanks

david-vde commented Aug 16, 2016

Hello I have a big problem.

I followed the tutorial and when token are saved in the database user_id and client_id are set to 0 for refresh token and access token, and I guess for auth_code also but not tested

Have you an idea about this problem?

Thanks

@xoniq

This comment has been minimized.

Show comment
Hide comment
@xoniq

xoniq Aug 17, 2016

@David-Vander-Elst

Looks like a wrong constraint between the token and the user entity.
Did you replace this:

    /**
     * @ORM\ManyToOne(targetEntity="User")
     */

With the correct entity you are using in your project?
(For example: @ORM\ManyToOne(targetEntity="AppBundle\Entity\User"))

Located in the bottom of the files:

  • /Entity/AccessToken.php
  • /Entity/RefreshToken.php
  • /Entity/AuthCode.php

@diriy

Acme\ApiBundle is an fictional bundle, as mentioned in this guide, just to isolate the API stuff. This could also be AppBundle.
In this case Acme\ApiBundle\Entity could be AppBundle\Entity and there you have to create those four entities by yourself. (Also mentioned in the guide. I suggest you follow the guide from top to bottom one more time, and closely read and check every step)

xoniq commented Aug 17, 2016

@David-Vander-Elst

Looks like a wrong constraint between the token and the user entity.
Did you replace this:

    /**
     * @ORM\ManyToOne(targetEntity="User")
     */

With the correct entity you are using in your project?
(For example: @ORM\ManyToOne(targetEntity="AppBundle\Entity\User"))

Located in the bottom of the files:

  • /Entity/AccessToken.php
  • /Entity/RefreshToken.php
  • /Entity/AuthCode.php

@diriy

Acme\ApiBundle is an fictional bundle, as mentioned in this guide, just to isolate the API stuff. This could also be AppBundle.
In this case Acme\ApiBundle\Entity could be AppBundle\Entity and there you have to create those four entities by yourself. (Also mentioned in the guide. I suggest you follow the guide from top to bottom one more time, and closely read and check every step)

@FlorianKromer

This comment has been minimized.

Show comment
Hide comment
@FlorianKromer

FlorianKromer Sep 4, 2016

Thank you !
As suggested by @nothingaa, you can create a doctrine fixture to create a Client.
In security.yml you can excluse the doc url from NelmioDocBundle

firewalls:
       api:
            pattern: ^/api(?!/doc)                     # All URLs are protected except api/doc

FlorianKromer commented Sep 4, 2016

Thank you !
As suggested by @nothingaa, you can create a doctrine fixture to create a Client.
In security.yml you can excluse the doc url from NelmioDocBundle

firewalls:
       api:
            pattern: ^/api(?!/doc)                     # All URLs are protected except api/doc
@DIOHz0r

This comment has been minimized.

Show comment
Hide comment
@DIOHz0r

DIOHz0r Oct 23, 2016

@tjamps and all developers....

To allow user to login by username or email at the API you have to change this two settings in this guide...

# app/config/security.yml
    providers:
        fos_userbundle:
            id: fos_user.user_provider.username_email

and

# app/config/config.yml
fos_oauth_server:
    service:
        fos_user.user_provider.username_email

DIOHz0r commented Oct 23, 2016

@tjamps and all developers....

To allow user to login by username or email at the API you have to change this two settings in this guide...

# app/config/security.yml
    providers:
        fos_userbundle:
            id: fos_user.user_provider.username_email

and

# app/config/config.yml
fos_oauth_server:
    service:
        fos_user.user_provider.username_email
@rodrigolopezguerra

This comment has been minimized.

Show comment
Hide comment
@rodrigolopezguerra

rodrigolopezguerra Dec 22, 2016

@DIOHz0r thanks ! take in account that fos_user.user_manager is deprecated and will give you and error.

as described in : FriendsOfSymfony/FOSUserBundle#2272

i used fos_user.user_provider.username , and worked like a charm

rodrigolopezguerra commented Dec 22, 2016

@DIOHz0r thanks ! take in account that fos_user.user_manager is deprecated and will give you and error.

as described in : FriendsOfSymfony/FOSUserBundle#2272

i used fos_user.user_provider.username , and worked like a charm

@JasonBenett

This comment has been minimized.

Show comment
Hide comment
@JasonBenett

JasonBenett Jan 7, 2017

It works for me with Symfony3, except the "service" part of the the "fos_oauth_server" section in config.yml. It has to be updated as described by @DIOHz0r

This is my first complex API so THANK YOU!

JasonBenett commented Jan 7, 2017

It works for me with Symfony3, except the "service" part of the the "fos_oauth_server" section in config.yml. It has to be updated as described by @DIOHz0r

This is my first complex API so THANK YOU!

@grago

This comment has been minimized.

Show comment
Hide comment
@grago

grago Jan 26, 2017

Just got this working after days of searching for the most suitable solution for my client/server application. Thanks a lot for this great tutorial

grago commented Jan 26, 2017

Just got this working after days of searching for the most suitable solution for my client/server application. Thanks a lot for this great tutorial

@xorgxx

This comment has been minimized.

Show comment
Hide comment
@xorgxx

xorgxx Feb 8, 2017

hi, thank's for this tuto !!. for me in SF3.2 it das not work, it give back .json but never ask for security level.

xorgxx commented Feb 8, 2017

hi, thank's for this tuto !!. for me in SF3.2 it das not work, it give back .json but never ask for security level.

@lkainers

This comment has been minimized.

Show comment
Hide comment
@lkainers

lkainers Feb 10, 2017

in SF 3
if ($this->get('security.context')->isGranted('ROLE_JCVD') === FALSE)
does not work, but
if ($this->get('security.token_storage')->getToken()->getUser()->hasRole('ROLE_JCVD') === FALSE)
does

lkainers commented Feb 10, 2017

in SF 3
if ($this->get('security.context')->isGranted('ROLE_JCVD') === FALSE)
does not work, but
if ($this->get('security.token_storage')->getToken()->getUser()->hasRole('ROLE_JCVD') === FALSE)
does

@clavier-souris

This comment has been minimized.

Show comment
Hide comment
@clavier-souris

clavier-souris Feb 20, 2017

@lkainers You should use

if ($this->get('security.authorization_checker')->isGranted('ROLE_JCVD') === FALSE){
// Do things
}

or if in Controller extending SF3 base controller

if ($this->isGranted('ROLE_JCVD') === FALSE){
// Do things
}

This is because AuthorizationChecker::isGranted() does not only check Role existence. There can be Voters that check arbitrary properties in your application

clavier-souris commented Feb 20, 2017

@lkainers You should use

if ($this->get('security.authorization_checker')->isGranted('ROLE_JCVD') === FALSE){
// Do things
}

or if in Controller extending SF3 base controller

if ($this->isGranted('ROLE_JCVD') === FALSE){
// Do things
}

This is because AuthorizationChecker::isGranted() does not only check Role existence. There can be Voters that check arbitrary properties in your application

@JohannesTriooz

This comment has been minimized.

Show comment
Hide comment
@JohannesTriooz

JohannesTriooz Mar 24, 2017

Hello symfony comunity!
I am new with symfony and made already some testprojects and liveprojects. It works really fine. But now i have to write an API for a very big project. So i googled and found this result here. I am using the current smyfony 3 version. If i follow step by step this "tutorial" and start with the line "http GET http://localhost:8000/app_dev.php/links" i get a 404 error. The Exception is "No route found for "GET /links". Can please anybody help me with this problem?

Tank you for your attention.

JohannesTriooz commented Mar 24, 2017

Hello symfony comunity!
I am new with symfony and made already some testprojects and liveprojects. It works really fine. But now i have to write an API for a very big project. So i googled and found this result here. I am using the current smyfony 3 version. If i follow step by step this "tutorial" and start with the line "http GET http://localhost:8000/app_dev.php/links" i get a 404 error. The Exception is "No route found for "GET /links". Can please anybody help me with this problem?

Tank you for your attention.

@dariassoft

This comment has been minimized.

Show comment
Hide comment
@dariassoft

dariassoft Mar 25, 2017

@JohannesTriooz first you must do this from terminal to Run your application:
1. Execute the php bin/console server:start command.
2. Browse to the http://localhost:8000 URL.

dariassoft commented Mar 25, 2017

@JohannesTriooz first you must do this from terminal to Run your application:
1. Execute the php bin/console server:start command.
2. Browse to the http://localhost:8000 URL.

@Pherserk

This comment has been minimized.

Show comment
Hide comment
@Pherserk

Pherserk May 2, 2017

This way _wdt and _profiler are under security, a special rule should be added to allow them in security.yml to make them always accessibile.

Pherserk commented May 2, 2017

This way _wdt and _profiler are under security, a special rule should be added to allow them in security.yml to make them always accessibile.

@Nebnoma

This comment has been minimized.

Show comment
Hide comment
@Nebnoma

Nebnoma Jun 26, 2017

Please does somebody know how to use it for connection throught web or mobile application?

Nebnoma commented Jun 26, 2017

Please does somebody know how to use it for connection throught web or mobile application?

@petargeorgiev123

This comment has been minimized.

Show comment
Hide comment
@petargeorgiev123

petargeorgiev123 Aug 13, 2017

Calling http://localhost:8000/app_dev.php/oauth/v2/token I am getting this error. I have changed the /Entity to /Model into User.php 'use FOS\UserBundle\Model\User as BaseUser'; since the Entity is not found

Type error: Argument 5 passed to FOS\OAuthServerBundle\Storage\OAuthStorage::__construct() must implement interface Symfony\Component\Security\Core\User\UserProviderInterface or be null, instance of FOS\UserBundle\Doctrine\UserManager given

Any clue which can be the error?

petargeorgiev123 commented Aug 13, 2017

Calling http://localhost:8000/app_dev.php/oauth/v2/token I am getting this error. I have changed the /Entity to /Model into User.php 'use FOS\UserBundle\Model\User as BaseUser'; since the Entity is not found

Type error: Argument 5 passed to FOS\OAuthServerBundle\Storage\OAuthStorage::__construct() must implement interface Symfony\Component\Security\Core\User\UserProviderInterface or be null, instance of FOS\UserBundle\Doctrine\UserManager given

Any clue which can be the error?

@petargeorgiev123

This comment has been minimized.

Show comment
Hide comment
@petargeorgiev123

petargeorgiev123 Aug 13, 2017

Found a solution.
Please replace user_provider: fos_user.user_manager with user_provider: fos_user.user_provider.username

petargeorgiev123 commented Aug 13, 2017

Found a solution.
Please replace user_provider: fos_user.user_manager with user_provider: fos_user.user_provider.username

@ddfire

This comment has been minimized.

Show comment
Hide comment
@ddfire

ddfire Aug 23, 2017

Hello,
How i use the refresh_token ??? can anyone please point me to a curl example or any example on how to use the refresh_token to get a new token using this bundles? thanks!!!!!

ddfire commented Aug 23, 2017

Hello,
How i use the refresh_token ??? can anyone please point me to a curl example or any example on how to use the refresh_token to get a new token using this bundles? thanks!!!!!

@bi40

This comment has been minimized.

Show comment
Hide comment
@bi40

bi40 Aug 28, 2017

Good Tutorial ;)

bi40 commented Aug 28, 2017

Good Tutorial ;)

@spam312sn

This comment has been minimized.

Show comment
Hide comment
@spam312sn

spam312sn Sep 24, 2017

Thank's! But in app/config/config.yml should be

fos_oauth_server:
    service:
        user_provider: fos_user.user_provider

Instead of fos_user.user_manager

FriendsOfSymfony/FOSOAuthServerBundle/issues/445

spam312sn commented Sep 24, 2017

Thank's! But in app/config/config.yml should be

fos_oauth_server:
    service:
        user_provider: fos_user.user_provider

Instead of fos_user.user_manager

FriendsOfSymfony/FOSOAuthServerBundle/issues/445

@shoebaamir7

This comment has been minimized.

Show comment
Hide comment
@shoebaamir7

shoebaamir7 Oct 15, 2017

How can I fix it..!
At this step "php app/console doctrine:schema:update --force", I'm getting this error

PHP Fatal error: Uncaught Symfony\Component\Debug\Exception\ClassNotFoundException: Attempted to load class "AcmeApiBundle" from namespace "Acme\ApiBundle". Did you forget a "use" statement for another namespace? in C:\xampp\htdocs\api\app\AppKernel.php:25 Stack trace: #0 C:\xampp\htdocs\api\vendor\symfony\symfony\src\Symfony\Component\HttpKernel\Kernel.php(431): AppKernel->registerBundles() #1 C:\xampp\htdocs\api\vendor\symfony\symfony\src\Symfony\Component\HttpKernel\Kernel.php(128): Symfony\Component\HttpKernel\Kernel->initializeBundles() #2 C:\xampp\htdocs\api\vendor\symfony\symfony\src\Symfony\Bundle\FrameworkBundle\Console\Application.php(67): Symfony\Component\HttpKernel\Kernel->boot() #3 C:\xampp\htdocs\api\vendor\symfony\symfony\src\Symfony\Component\Console\Application.php(120): Symfony\Bundle\FrameworkBundle\Console\Application->doRun(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput)) #4 C:\xampp\htdocs\api\app\console(27): Symfony\Component\Console\Applicatio in C:\xampp\htdocs\api\app\AppKernel.php on line 25

shoebaamir7 commented Oct 15, 2017

How can I fix it..!
At this step "php app/console doctrine:schema:update --force", I'm getting this error

PHP Fatal error: Uncaught Symfony\Component\Debug\Exception\ClassNotFoundException: Attempted to load class "AcmeApiBundle" from namespace "Acme\ApiBundle". Did you forget a "use" statement for another namespace? in C:\xampp\htdocs\api\app\AppKernel.php:25 Stack trace: #0 C:\xampp\htdocs\api\vendor\symfony\symfony\src\Symfony\Component\HttpKernel\Kernel.php(431): AppKernel->registerBundles() #1 C:\xampp\htdocs\api\vendor\symfony\symfony\src\Symfony\Component\HttpKernel\Kernel.php(128): Symfony\Component\HttpKernel\Kernel->initializeBundles() #2 C:\xampp\htdocs\api\vendor\symfony\symfony\src\Symfony\Bundle\FrameworkBundle\Console\Application.php(67): Symfony\Component\HttpKernel\Kernel->boot() #3 C:\xampp\htdocs\api\vendor\symfony\symfony\src\Symfony\Component\Console\Application.php(120): Symfony\Bundle\FrameworkBundle\Console\Application->doRun(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput)) #4 C:\xampp\htdocs\api\app\console(27): Symfony\Component\Console\Applicatio in C:\xampp\htdocs\api\app\AppKernel.php on line 25

@shoebaamir7

This comment has been minimized.

Show comment
Hide comment
@shoebaamir7

shoebaamir7 Oct 15, 2017

Fixed the issue,
replaced autoload part with:

"autoload": {
"psr-4": {
"": "src/"
},
"classmap": [
"app/AppKernel.php",
"app/AppCache.php"
]
},

shoebaamir7 commented Oct 15, 2017

Fixed the issue,
replaced autoload part with:

"autoload": {
"psr-4": {
"": "src/"
},
"classmap": [
"app/AppKernel.php",
"app/AppCache.php"
]
},

@dmcfaul

This comment has been minimized.

Show comment
Hide comment
@dmcfaul

dmcfaul Nov 3, 2017

Great guide! One issue I ran into with this: if you're consuming/authenticating the api from a javascript app you'll probably need to handle CORS issues. I installed the NelmioCorsBundle (https://github.com/nelmio/NelmioCorsBundle) and after tweaking it's config section to point to the /oauth/* routes it worked perfectly!

dmcfaul commented Nov 3, 2017

Great guide! One issue I ran into with this: if you're consuming/authenticating the api from a javascript app you'll probably need to handle CORS issues. I installed the NelmioCorsBundle (https://github.com/nelmio/NelmioCorsBundle) and after tweaking it's config section to point to the /oauth/* routes it worked perfectly!

@blixit

This comment has been minimized.

Show comment
Hide comment
@blixit

blixit Nov 9, 2017

Great !! I spent a week trying to set the bundle config, setting and resetting the security (providers, listenners, ...)
Reading your document saved my weekend THANK YOU !!

blixit commented Nov 9, 2017

Great !! I spent a week trying to set the bundle config, setting and resetting the security (providers, listenners, ...)
Reading your document saved my weekend THANK YOU !!

@rsehbani

This comment has been minimized.

Show comment
Hide comment
@rsehbani

rsehbani Nov 30, 2017

its more interesting for the begining

rsehbani commented Nov 30, 2017

its more interesting for the begining

@tups

This comment has been minimized.

Show comment
Hide comment
@tups

tups Dec 27, 2017

Thank you, it really helped me to start my API.

tups commented Dec 27, 2017

Thank you, it really helped me to start my API.

@hristonev

This comment has been minimized.

Show comment
Hide comment
@hristonev

hristonev Mar 3, 2018

Guys, how to get current Client in FOSRestController (my Controller)? I can get User via security.token_storage but since I'll have resource restrictions based on client I need client_id too.

hristonev commented Mar 3, 2018

Guys, how to get current Client in FOSRestController (my Controller)? I can get User via security.token_storage but since I'll have resource restrictions based on client I need client_id too.

@ncync

This comment has been minimized.

Show comment
Hide comment
@ncync

ncync Mar 19, 2018

Hi!
Thank you, it really helped me to start my API, so i have an update:
to solve this error: "oauth2 Call to a member function loadUserByUsername" use this:

app/config/config.yml

fos_oauth_server:
...

service:
    user_provider: fos_user.user_provider.username

ncync commented Mar 19, 2018

Hi!
Thank you, it really helped me to start my API, so i have an update:
to solve this error: "oauth2 Call to a member function loadUserByUsername" use this:

app/config/config.yml

fos_oauth_server:
...

service:
    user_provider: fos_user.user_provider.username
@mamura

This comment has been minimized.

Show comment
Hide comment
@mamura

mamura Apr 16, 2018

I'm doing this tutorial right now and this is my first error, still in bundle confiurations:
The child node "from_email" at path "fos_user" must be configured.

mamura commented Apr 16, 2018

I'm doing this tutorial right now and this is my first error, still in bundle confiurations:
The child node "from_email" at path "fos_user" must be configured.

@mamura

This comment has been minimized.

Show comment
Hide comment
@mamura

mamura Apr 16, 2018

I fix it add this lines in config.yml file under fos_user configs

from_email:
address: you@example.com
sender_name: You

mamura commented Apr 16, 2018

I fix it add this lines in config.yml file under fos_user configs

from_email:
address: you@example.com
sender_name: You

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment