Important
You are browsing the documentation for version 4.1 of OroCommerce, OroCRM and OroPlatform, which is no longer maintained. Read version 5.1 (the latest LTS version) of the Oro documentation to get up-to-date information.
See our Release Process documentation for more information on the currently supported and upcoming releases.
OroOAuth2ServerBundle¶
OroOAuth2ServerBundle provides OAuth 2.0 authorization and resource server capabilities implemented on top of thephpleague/oauth2-server library.
Currently, Authorization Code, Client Credentials and Password grants are implemented.
See OAuth 2.0 Server Client Credentials Grant and OAuth 2.0 Client Credentials Grant for details of Client Credentials grant.
See OAuth 2.0 Server Client Credentials Grant and OAuth 2.0 Client Credentials Grant for details of the Client Credentials grant.
See OAuth 2.0 Server Resource Owner Password Credentials Grant and OAuth 2.0 Password Grant for details on the Password grant.
Configuration¶
The default configuration of OroOAuth2ServerBundle is illustrated below:
oro_oauth2_server:
authorization_server:
# The lifetime in seconds of the access token.
access_token_lifetime: 3600 # 1 hour
# The lifetime in seconds of the refresh token.
refresh_token_lifetime: 18144000 # 30 days
# The lifetime in seconds of the authorization code.
auth_code_lifetime: 600 # 10 minutes
# Determines if the refresh token grant is enabled.
enable_refresh_token: true
# Determines if the authorization code grant is enabled.
enable_auth_code: true
# The full path to the private key file that is used to sign JWT tokens.
private_key: '%kernel.project_dir%/var/oauth_private.key'
# The string that is used to encrypt refresh token and authorization token payload.
# How to generate an encryption key: https://oauth2.thephpleague.com/installation/#string-password
encryption_key: '%secret%'
# The configuration of CORS requests
cors:
# The amount of seconds the user agent is allowed to cache CORS preflight requests
preflight_max_age: 600
# The list of origins that are allowed to send CORS requests
allow_origins: [] # Example: ['https://foo.com', 'https://bar.com']
resource_server:
# The full path to the public key file that is used to verify JWT tokens.
public_key: '%kernel.project_dir%/var/oauth_public.key'
Note
To use OAuth 2.0 authorization, generate the private and public keys and place them into locations specified in the authorization_server / private_key and resource_server / public_key options. See Generating public and private keys for details on how to generate the keys.
Manage OAuth Applications¶
See Manage OAuth Applications and Manage Storefront OAuth Applications.
Create OAuth Application via Data Fixtures¶
The OAuth applications can be added using data fixtures. For example:
<?php
namespace Oro\Bundle\OAuth2ServerBundle\Migrations\Data\ORM;
use Doctrine\Common\DataFixtures\AbstractFixture;
use Doctrine\Common\Persistence\ObjectManager;
use Oro\Bundle\OAuth2ServerBundle\Entity\Client;
use Oro\Bundle\OAuth2ServerBundle\Entity\Manager\ClientManager;
use Oro\Bundle\OrganizationBundle\Entity\Organization;
use Symfony\Component\DependencyInjection\ContainerAwareInterface;
use Symfony\Component\DependencyInjection\ContainerAwareTrait;
class LoadOAuthApplication extends AbstractFixture implements ContainerAwareInterface
{
use ContainerAwareTrait;
/**
* {@inheritdoc}
*/
public function load(ObjectManager $manager)
{
$client = new Client();
$client->setOrganization($manager->getRepository(Organization::class)->getFirst());
$client->setName('My Application');
$client->setGrants(['password']);
$client->setIdentifier('my_client_id');
$client->setPlainSecret('my_client_secret');
$this->container->get(ClientManager::class)->updateClient($client, false);
$manager->persist($client);
$manager->flush();
}
}
To load data fixtures, use either oro:migration:data:load or oro:platform:update command.