4.6 KiB
Authserver: OAuth account plugin
This Authserver plugin that provides external authentication with OAuth services. All services supported by the HWIOAuthBundle can be used, including custom providers that are not available in the HWIOAuthBundle.
Installation
./plugin.sh install vierbergenlars/authserver-oauth-account-bundle
For more details, see the Authserver plugin documentation.
Configuration
You can configure the bundle in the authserver app/config/parameters.yml file.
Add a new array key under oauth.resource_owners for each OAuth service that you want to support.
The name of a service is arbitrary and is not used to derive the type of service.
For each service, the config and the service_name properties are required.
oauth:
resource_owners:
# Prototype
name:
config: [] # Required, HWIOauthBundle resource owner configuration
service_name: ~ # Required
icon: null
trust_email_verification: false
login_button:
label: null
style: default
icon: null
connect_button:
label: null
style: default
icon: null
config is passed straight through to HWIOAuthBundle, and is used there as resource owner configuration.
Constraints on this configuration are handled and processed by the HWIOAuthBundle, so errors in this configuration result
in a message with the wrong error path specified.
service_name is the friendly name of the service that will be shown to users in the interface.
icon is the FontAwesome icon name to use for the service. If left blank, no icon will be shown.
trust_email_verification determines whether email addresses provided by the OAuth provider will be automatically marked as verified when they are used during registration. If true, no verification email will be sent, and the email address will be marked als verified on registration. If false, a verification email will be sent to the user before the email address is considered verified.
login_button and connect_button can be used to further tweak the looks of the login button and the connect button on the user profile.
label specifies the text shown on the button. (Defaults to $service_name Login and Connect with $service_name)
style specifies the bootstrap style to use for the button (class name btn-$style is used). Without custom css, its value must be one of default, primary, success, info, warning, danger.
icon is the FontAwesome icon name to use for the service. It defaults to the icon provided on the service name.
Registration
When a logged-out user logs in with an external account that is not linked to an existing account, they will be redirected to the registration page. Since the user already has a means to log in, the registration form will not ask to set an account password. However, the user is still able to set their password afterwards from their profile page.
Prefilling email addresses during registration
If there is a property mapped to email available when logging in to register a new account,
the email address is automatically filled in into the form.
When trust_email_verification is enabled on a resource owner and the user does not modify the prefilled email address,
it will immediately be marked as verified.
Email rules and registration rules still apply to the email address when provided by the resource owner. If the email rules configuration rejects the email address, or the registration rules do not allow the mail address to self-register, the email address received from the resource owner will not be filled in the form.
Example
oauth:
resource_owners:
fb:
config:
type: facebook
client_id: xxxxxxxxxxxx
client_secret: xxxxxxxxxxx
scope: email
infos_url: "https://graph.facebook.com/me?fields=id,name,email,picture.type(square)"
paths:
email: email
profilepicture: picture.data.url
trust_email_verification: true
service_name: 'Facebook'
icon: facebook-official