我正在使用Symfony4。我正在使用API平台和FOSOAuthBundle。 我可以创建一个客户端并制作一个令牌,但无法访问授权表
#security.yaml
##
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
oauth_token:
host: api.forheavent.test
pattern: ^/oauth/v2/token
security: false
oauth_authorize:
host: api.forheavent.test
pattern: ^/oauth/v2/auth
anonymous: ~
#form_login:
# provider: db_provider
# check_path: /oauth/v2/auth
# login_path: /oauth/v2/auth
api: #api resources
host: api.forheavent.test
pattern: ^/
provider: db_provider
fos_oauth: true
stateless: true
anonymous: true # can be omitted as its default value
main:#regular website
anonymous: ~
host: ^forheavent.test$
context: user
form_login:
login_path: login
check_path: /login_check
username_parameter: email
password_parameter: password
provider: db_provider
guard:
entry_point: App\Security\LoginFormAuthenticator
authenticators:
- App\Security\LoginFormAuthenticator
logout:
path: logout
target: index
access_control:
- { path: ^/fr/connexion, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https}
- { path: ^/oauth/v2/auth, roles: [ IS_AUTHENTICATED_ANONYMOUSLY ], host: api.forheavent.test }
- { path: ^/(?!oauth.*$).*, roles: [ IS_AUTHENTICATED_FULLY ], host: api.forheavent.test} #Urls except starting with oauth (Ex routes for authorization and token)
#fos_oauth_server.yaml
fos_oauth_server:
db_driver: orm # Drivers available: orm, mongodb, or propel
client_class: App\Entity\Client
access_token_class: App\Entity\AccessToken
refresh_token_class: App\Entity\RefreshToken
auth_code_class: App\Entity\AuthCode
service:
user_provider: security.user.provider.concrete.db_provider
当我尝试访问:https://api.forheavent.test/oauth/v2/auth?client_id=1_1212121212
我不断收到此错误:“访问此资源需要完全身份验证。” 我想访问默认控制器并访问我的身份验证页面。
我尝试的另一件事是放置默认的form_login,因为如果我从身份验证防火墙中删除匿名选项,Symfony需要身份验证者侦听器...但是实际上我不想要它 我已经阅读了许多问题,文档,tutos,但我无法克服。 预先感谢