How to use Symfony2 HWIOAuth Bundle with Vkontakte

November 17, 2015 | 2 Comments | Programming | Bundle HWIOauth Security Social Symfony2 Vkontakte

In this article I want to introduce to you HWIOAuth Bundle which will help us to create sign in with social network credentials on Symfony2. I have chosen Vkontakte as custom provider for our login system. It doesn’t matter which provider has been chosen, setup will be the same.

I prepared simple authentication system for this task with entity provider. But it’s unnecessary.

First, we need to install bundle from composer:

Installation

1. Install package from composer:

composer require hwi/oauth-bundle

2. Add bundle in AppKernel.php:

public function registerBundles()
{
    $bundles = array(
       // ...
        new HWI\Bundle\OAuthBundle\HWIOAuthBundle(),
    );
}

3. Import routing. I would suggest here to have custom login url because default one can be used for other security providers.

hwi_oauth_redirect:
    resource: "@HWIOAuthBundle/Resources/config/routing/redirect.xml"
    prefix:   /connect

hwi_oauth_login:
    resource: "@HWIOAuthBundle/Resources/config/routing/login.xml"
    prefix:   /login-social

Bundle setup

On this step you’ll need to add our firewall which will handle our credentials. It can be configured in security.yml file. For more information see Security chapter in Symfony cookbook.

Add this in app/config/config.yml where default is your firewall name:

hwi_oauth:
      firewall_name: default

   Provider setup

Next, setup our provider i.e. give your application API keys. For Vkontakte you can get keys in Developer resource.

Configuration should look like:

hwi_oauth:
    firewall_name: default
    resource_owners:
        vkontakte:
            type:                vkontakte
            client_id:           %vk_id%
            client_secret:       %vk_secret%
            scope:               "nickname,photo_50,email"

Don’t forget to place parameters %vk_id% and %vk_secret% in parameters.yml file. In this case your keys will be secured from public access.

Setup security level

The last thing in our configuration is security level. Example configuration with standard and OAuth login:

security:
     encoders:
         AppBundle\Entity\User:
             algorithm: bcrypt
 
     role_hierarchy:
         ROLE_ADMIN:       ROLE_USER
         ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
 
     providers:
         user:
             entity:
                 class: AppBundle:User
                 property: name
         hwi:
             id: hwi_oauth.user.provider
 
     firewalls:
         dev:
             pattern:  ^/(_(profiler|wdt)|css|images|js)/
             security: false
 
         default:
             pattern:    ^/
             provider: user
             anonymous: ~
 
             form_login:
                 login_path: login
                 check_path: login_check
             oauth:
 
                 resource_owners:
                     vkontakte: vk_check
 
                 login_path: /login-social
 
                 oauth_user_provider:
                     service: hwi_oauth.user.provider
 
             logout:
                 path: logout
 
     access_control:
         - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
         - { path: ^/admin, roles: ROLE_USER }

The key part here is oauth part in our firewall. Also we need to add vk_check route:

vk_check:
    path: /login/check-vk

You can extend or use own providers for users. Just define it’s as Symfony2 Service. More information about built-in HWIOAuth Services can be found in official documentation.

Conclusion

Link to login is simple:

/connect/vkontakte

Application will ask your permissions defined in our scope and you will be authenticated after accept.

This setup is allowing you to build simple social network authentication without deep knowledge of OAuth protocol. But if you want to create more complex things you should know OAuth as well as Symfony 2 Security component.