How to use Symfony2 HWIOAuth Bundle with Vkontakte
November 17, 2015 | 2 Comments | Programming | Bundle HWIOauth Security Social Symfony2 Vkontakte
In this article I want to introduce to you HWIOAuth Bundle which will help us to create sign in with social network credentials on Symfony2. I have chosen Vkontakte as custom provider for our login system. It doesn’t matter which provider has been chosen, setup will be the same.
I prepared simple authentication system for this task with entity provider. But it’s unnecessary.
First, we need to install bundle from composer:
Installation
- Install package from composer:
composer require hwi/oauth-bundle
- Add bundle in AppKernel.php:
public function registerBundles() { $bundles = array( // ... new HWI\Bundle\OAuthBundle\HWIOAuthBundle(), ); }
- Import routing. I would suggest here to have custom login url because default one can be used for other security providers.
hwi_oauth_redirect: resource: "@HWIOAuthBundle/Resources/config/routing/redirect.xml" prefix: /connect hwi_oauth_login: resource: "@HWIOAuthBundle/Resources/config/routing/login.xml" prefix: /login-social
Bundle setup
On this step you’ll need to add our firewall which will handle our credentials. It can be configured in security.yml file. For more information see Security chapter in Symfony cookbook.
Add this in app/config/config.yml where default is your firewall name:
hwi_oauth: firewall_name: default
Provider setup
Next, setup our provider i.e. give your application API keys. For Vkontakte you can get keys in Developer resource.
Configuration should look like:
hwi_oauth: firewall_name: default resource_owners: vkontakte: type: vkontakte client_id: %vk_id% client_secret: %vk_secret% scope: "nickname,photo_50,email"
Don’t forget to place parameters %vk_id% and %vk_secret% in parameters.yml file. In this case your keys will be secured from public access.
Setup security level
The last thing in our configuration is security level. Example configuration with standard and OAuth login:
security: encoders: AppBundle\Entity\User: algorithm: bcrypt role_hierarchy: ROLE_ADMIN: ROLE_USER ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH] providers: user: entity: class: AppBundle:User property: name hwi: id: hwi_oauth.user.provider firewalls: dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false default: pattern: ^/ provider: user anonymous: ~ form_login: login_path: login check_path: login_check oauth: resource_owners: vkontakte: vk_check login_path: /login-social oauth_user_provider: service: hwi_oauth.user.provider logout: path: logout access_control: - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/admin, roles: ROLE_USER }
The key part here is oauth part in our firewall. Also we need to add vk_check route:
vk_check: path: /login/check-vk
You can extend or use own providers for users. Just define it’s as Symfony2 Service. More information about built-in HWIOAuth Services can be found in official documentation.
Conclusion
Link to login is simple:
/connect/vkontakte
Application will ask your permissions defined in our scope and you will be authenticated after accept.
This setup is allowing you to build simple social network authentication without deep knowledge of OAuth protocol. But if you want to create more complex things you should know OAuth as well as Symfony 2 Security component.
2 COMMENTS
Thank you for useful article!
There is one thing I would add to it. There was a bug in HWIOauth vkontakte support. It was fixed in 0.4.0 version of HWIOAuthBundle.
So use ^0.4.0 with vkontakte. Hope it saves time 🙂
Jam
Hi. Don’t get acount photo (photo_50). How can I do that?