authserver

Archived

This repo is archived. You can view files and clone it, but cannot push or open issues/pull-requests.

Lars Vierbergen 1544c09bdd Make registration with external account (and prefilled/forced fields) configurable		7 years ago
Controller	Move account disconnecting from oauth account to external account	7 years ago
DependencyInjection	Make registration with external account (and prefilled/forced fields) configurable	7 years ago
Entity	Make it possible to automatically validate email addresses when they are received from an authentication provider.	7 years ago
EventListener	Make registration with external account (and prefilled/forced fields) configurable	7 years ago
ExternalAccount	Move account disconnecting from oauth account to external account	7 years ago
ResourceOwner	Add parameter to trust or not trust the verification of email addresses from an external service.	7 years ago
Resources	Make registration with external account (and prefilled/forced fields) configurable	7 years ago
Routing	Initial commit	8 years ago
Security/Core/User	Make registration with external account (and prefilled/forced fields) configurable	7 years ago
.gitignore	Install bundle as authserver plugin	8 years ago
AuthserverOAuthAccountBundle.php	Initial commit	8 years ago
LICENSE.md	Move more logic to ExternalAccountBundle for a more centralized view	7 years ago
composer.json	Move more logic to ExternalAccountBundle for a more centralized view	7 years ago
readme.md	Explain registration autofill logic	7 years ago

readme.md

Authserver: OAuth account plugin

This Authserver plugin that provides external authentication with OAuth services. All services supported by the HWIOAuthBundle can be used, including custom providers that are not available in the HWIOAuthBundle.

Installation

./plugin.sh install vierbergenlars/authserver-oauth-account-bundle

For more details, see the Authserver plugin documentation.

Configuration

You can configure the bundle in the authserver app/config/parameters.yml file.

Add a new array key under oauth.resource_owners for each OAuth service that you want to support. The name of a service is arbitrary and is not used to derive the type of service.

For each service, the config and the service_name properties are required.

oauth:
    resource_owners:

        # Prototype
        name:
            config:               [] # Required, HWIOauthBundle resource owner configuration
            service_name:         ~ # Required
            icon:                 null
            trust_email_verification: false
            login_button:
                label:                null
                style:                default
                icon:                 null
            connect_button:
                label:                null
                style:                default
                icon:                 null

config is passed straight through to HWIOAuthBundle, and is used there as resource owner configuration. Constraints on this configuration are handled and processed by the HWIOAuthBundle, so errors in this configuration result in a message with the wrong error path specified.

service_name is the friendly name of the service that will be shown to users in the interface.

icon is the FontAwesome icon name to use for the service. If left blank, no icon will be shown.

trust_email_verification determines whether email addresses provided by the OAuth provider will be automatically marked as verified when they are used during registration. If true, no verification email will be sent, and the email address will be marked als verified on registration. If false, a verification email will be sent to the user before the email address is considered verified.

login_button and connect_button can be used to further tweak the looks of the login button and the connect button on the user profile. label specifies the text shown on the button. (Defaults to $service_name Login and Connect with $service_name) style specifies the bootstrap style to use for the button (class name btn-$style is used). Without custom css, its value must be one of default, primary, success, info, warning, danger. icon is the FontAwesome icon name to use for the service. It defaults to the icon provided on the service name.

Registration

When a logged-out user logs in with an external account that is not linked to an existing account, they will be redirected to the registration page. Since the user already has a means to log in, the registration form will not ask to set an account password. However, the user is still able to set their password afterwards from their profile page.

Prefilling email addresses during registration

If there is a property mapped to email available when logging in to register a new account, the email address is automatically filled in into the form.

When trust_email_verification is enabled on a resource owner and the user does not modify the prefilled email address, it will immediately be marked as verified.

Email rules and registration rules still apply to the email address when provided by the resource owner. If the email rules configuration rejects the email address, or the registration rules do not allow the mail address to self-register, the email address received from the resource owner will not be filled in the form.

Example

oauth:
    resource_owners:
        fb:
            config:
                type: facebook
                client_id: xxxxxxxxxxxx
                client_secret: xxxxxxxxxxx
                scope: email
                infos_url:     "https://graph.facebook.com/me?fields=id,name,email,picture.type(square)"
                paths:
                    email:          email
                    profilepicture: picture.data.url
            trust_email_verification: true
            service_name: 'Facebook'
            icon: facebook-official