Добрый вечер.
Имеется проект на Symfony 5.3.
К проекту подключён
tricoder/oauth2-bundle и
swagger.
На странице localhost:8080/docs/ вывод документации к api сайта.
Если со страницы документации отправить тестовый запрос к адресу /tocken, то ответ 200 и возвращается токен
запрос
curl -X 'POST' \
'http://localhost:8080/token' \
-H 'accept: application/json' \
-H 'Content-Type: application/json' \
-d '{
"grant_type": "password",
"username": "admin@admin.com",
"password": "password",
"client_id": "app",
"client_secret": "secret",
"access_type": "string"
}'
ответ
{
"token_type": "Bearer",
"expires_in": 3600,
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiJhcHAiLCJqdGkiOiJkND.......",
"refresh_token": "def50200908df002c1681a983023859e5d30b5a36989aca2b00be20eаab6........"
}
При попытке авторизоваться по адресу /authorize для тестирования закрытых адресов получаю ответ 401.
Хотя клиент тот же, что и для запроса токена.
{
"error": "invalid_client",
"error_description": "Client authentication failed",
"message": "Client authentication failed"
}
ответ
Cache-Control max-age=0, must-revalidate, private
Connection keep-alive
Content-Type application/json
Date Sun, 10 Oct 2021 15:33:31 GMT
Expires Sun, 10 Oct 2021 15:33:31 GMT
Server nginx
Transfer-Encoding chunked
X-Debug-Token 68448c
X-Debug-Token-Link http://localhost:8080/_profiler/68448c
X-Robots-Tag noindex
запрос
Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Encoding gzip, deflate
Accept-Language ru-RU,ru;q=0.8,en-US;q=0.5,en;q=0.3
Cache-Control max-age=0
Connection keep-alive
Host localhost:8080
Referer http://localhost:8080/login
Sec-Fetch-Dest document
Sec-Fetch-Mode navigate
Sec-Fetch-Site same-origin
Sec-Fetch-User ?1
Upgrade-Insecure-Requests 1
User-Agent Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:93.0) Gecko/20100101 Firefox/93.0
В базе создан соответствующий клиент.
Для поиска пользователя созданы resolver-ы
namespace App\Security\OAuth\Server;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Trikoder\Bundle\OAuth2Bundle\Event\AuthorizationRequestResolveEvent;
use Trikoder\Bundle\OAuth2Bundle\OAuth2Events;
final class RequestResolver implements EventSubscriberInterface
{
public static function getSubscribedEvents(): array
{
return [
OAuth2Events::AUTHORIZATION_REQUEST_RESOLVE => 'onRequestResolve',
];
}
public function onRequestResolve(AuthorizationRequestResolveEvent $event): void
{
$user = $event->getUser();
if (null === $user) {
return;
}
$event->resolveAuthorization(AuthorizationRequestResolveEvent::AUTHORIZATION_APPROVED);
}
}
namespace App\Security\OAuth\Server;
use App\Model\User\Service\PasswordHasher;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\Security\Core\User\UserProviderInterface;
use Trikoder\Bundle\OAuth2Bundle\Event\UserResolveEvent;
use Trikoder\Bundle\OAuth2Bundle\OAuth2Events;
final class UserResolver implements EventSubscriberInterface
{
private $userProvider;
private $hasher;
public function __construct(UserProviderInterface $userProvider, PasswordHasher $hasher)
{
$this->userProvider = $userProvider;
$this->hasher = $hasher;
}
public static function getSubscribedEvents(): array
{
return [
OAuth2Events::USER_RESOLVE => 'onUserResolve',
];
}
public function onUserResolve(UserResolveEvent $event): void
{
$user = $this->userProvider->loadUserByUsername($event->getUsername());
if (null === $user) {
return;
}
if (!$user->getPassword()) {
return;
}
if (!$this->hasher->validate($event->getPassword(), $user->getPassword())) {
return;
}
$event->setUser($user);
}
}
Оба resolver-a зарегистрированы с системе
"trikoder.oauth2.authorization_request_resolve" event
-----------------------------------------------------
------- ---------------------------------------------------------------------------------------------------------------- ----------
Order Callable Priority
------- ---------------------------------------------------------------------------------------------------------------- ----------
#1 Trikoder\Bundle\OAuth2Bundle\EventListener\AuthorizationRequestUserResolvingListener::onAuthorizationRequest() 1024
#2 App\Security\OAuth\Server\RequestResolver::onRequestResolve() 0
------- ---------------------------------------------------------------------------------------------------------------- ----------
"trikoder.oauth2.user_resolve" event
------------------------------------
------- --------------------------------------------------------- ----------
Order Callable Priority
------- --------------------------------------------------------- ----------
#1 App\Security\OAuth\Server\UserResolver::onUserResolve() 0
------- --------------------------------------------------------- ----------
Как победить проблему?