我尝试使用基于令牌的身份验证创建REST API应用程序。调用
/ouath2/v2/token?client_id=CLIENT_ID&client_secret=CLIENT_SECRET&grant_type=client_credentials
返回access_token,它没问题。
但是,当我尝试在下一个api请求中使用它时,服务器引发异常,并且需要完全身份验证才能访问此资源。'信息。我尝试了几种方法来使用access_token:在查询(/api/action?access_token=ACCESS_TOKEN)中,在标题(Authorization: Bearer ACCESS_TOKEN)中,但所有这些方法都无效。
你能告诉我配置有什么问题吗?
使用FOSOAuthServerBundle&&和FOSUserBundle:fos_user:
db_driver: orm
firewall_name: main
user_class: AppBundle\Entity\User
fos_oauth_server:
db_driver: orm
client_class: AppBundle\Entity\Client
access_token_class: AppBundle\Entity\AccessToken
refresh_token_class: AppBundle\Entity\RefreshToken
auth_code_class: AppBundle\Entity\AuthCode
service:
user_provider: testApp.user.provider
options:
supported_scopes: user
security.yml:
main:
anonymous: ~
oauth_token:
pattern: ^/oauth/v2/token
security: false
api:
pattern: ^/api
fos_oauth: true
stateless: true
anonymous: false # can be omitted as its default value
access_control:
- { path: ^/api, roles: [ IS_AUTHENTICATED_FULLY ] }