How to use HWIOAuth for stateless API authentication?

[tsogoo]

Q	A
Bug?	no
New Feature?	yes
Support question?	yes
Version	1.3 / 1.4 / 2.x

Actual Behavior

Need an example code or New feature for Symfony Headless Applications.

Expected Behavior

If we need to create Custom Controller or Command what code should we write? I think there need to be functional or simple service
that return access token or Exception.

Possible Solutions

I wrote my idea in #1300 .

I'm also looking for answer for this. My current solution is that I firstly use react-social-login to login or register facebook or google app and get user's token, and profile. then POSTed it to My custom Symfony route with custom controller. then I use HWIOauth's

use HWI\Bundle\OAuthBundle\Security\Core\Authentication\Token\OAuthToken;
use HWI\Bundle\OAuthBundle\Security\Core\Authentication\Provider\OAuthProvider;
use Symfony\Component\Security\Core\User\UserChecker;
use Sylius\Bundle\CoreBundle\OAuth\UserProvider;

from source code. And checked tokens, authenticate() and returns created access token. It works! But I need more pretty official solution or example article. HWIOauth, please do it for us :).

If it possible I just wanna call new feature method(it checks social provider's token and process authentication) to return my Symfony system's access token. If you interested I'll share my custom controller's code.

[Seb33300]

This is how we managed to use stateless authentication with LexikJWTAuthenticationBundle:

# security.yaml
security:
    firewalls:
        api_login:
            lazy: true
            provider: your_provider
            pattern: ^/api/login
            stateless: true
            oauth:
                check_path: /api/login
                success_handler: lexik_jwt_authentication.handler.authentication_success
                failure_handler: lexik_jwt_authentication.handler.authentication_failure
                resource_owners:
                    facebook: /api/login-facebook
                    google:   /api/login-google
                    apple:    /api/login-apple
                login_path:   /
                require_previous_session: false
                oauth_user_provider:
                    service: App\Repository\UserRepository

If you need it to be used with a mobile app, your mobile app has to:

1. Retrieve the authorization code
2. Submit it to the URL set in the resource_owners in the security.yaml.
   For example, to login with Google:
   GET /api/login-google?code={authorization-code} => the response will be a JWT

The code param must be set in the query (not as a POST param) because it's hardcoded like this in this bundle.

We are able to make it working as expected with Google and Apple.

But we cannot find a way to generate an authorization code for facebook from the mobile app (react native), if someone has an idea on how to do this? (Using https://github.com/thebergamo/react-native-fbsdk-next, we can only retrieve an access token)

[phtmgt]

@Seb33300 Could you share some more details? I am trying this and I always get a failed authentication. From google I get access_token, not an authorization code, is this the same?

[Seb33300]

@plamenh With Google the authorization code is called serverAuthCode (GET /api/login-google?code={serverAuthCode})
This code is returned by the google sign in method.
(eg using this library: https://github.com/react-native-google-signin/google-signin#3-userinfo)

[phtmgt]

Thanks for the tip. I got the service auth code with a different method. However, I still get 'failed authentication' and cannot debug it. Bummer. What version of symfony are you using? When I try setting lazy and stateless, I get these are not valid options.

[phtmgt]

Ok, nevermind, it's a problem with the code. I get "invalid_grant" from Google.

[Nek-]

Thanks @Seb33300 it works indeed out of the box for apple. For facebook we decided to create a custom oauth resource owner that instantiate internally the FacebookResourceOwner (extension is not possible because it is final in next version). We redefined the getAccessToken() method (to use code parameter from query, it's hardcoded no other name is possible).
It's a little hacky but works well.

[Seb33300]

@Nek- Yeah, I ended with the same solution.

[indjeto]

I had the same issue and resolved it in a similar way, decorating hwi_oauth.resource_owner.facebook service.

[github-actions]

Message to comment on stale issues. If none provided, will not mark issues stale

[Nek-]

Hum, I think this is indeed stale but shouldn't! Also it's definitely not only a support request.

[github-actions]

Message to comment on stale issues. If none provided, will not mark issues stale

[github-actions]

This issue was closed because it has been stalled for 5 days with no activity.