• Part 1 – Principles and Terminology
• Part 2 – Setting up OAuth2 with Symfony2 using FOSOAuthServerBundle
• Part 3 – Using OAuth2 with your bare hands
• Part 4 – Implementing Custom Grant Type
• Part 5 – Implementing OAuth2 Client with Symfony2

Intro

In this article I would like to describe implementation of an OAuth2 Client. Please keep in mind that this is not an authentification provider. To authenticate against third party services there are well maintained bundles that do just that. My target is to provide a solution to consume the API from the OAuth2 Server we provided in the previous articles.

Overview

For this implementation I had two options. To use lightweight OAuth2 client library or to implement Guzzle Plugin. I have chosen the first approach, since it covers several grants at once, when Guzzle plugin will solve the more specific problem, and might be a better solution in your specific case.

In this article I will focus on authorization_code and client_credentials grant types.

• Part 1 – Principles and Terminology
• Part 2 – Setting up OAuth2 with Symfony2 using FOSOAuthServerBundle
• Part 3 – Using OAuth2 with your bare hands
• Part 4 – Implementing Custom Grant Type
• Part 5 – Implementing OAuth2 Client with Symfony2

We need something custom

In the previous part we have tested several standard grant-types that come out-of the box with FOSOAuthServerBundle, but probably you will need something more specific for your application. For example it is common to assign specific user API keys to allow access to the application. That way you don’t expose user password to the API on the other you can control API keys, make them expire, revoke, etc.

It’s possible to define your custom grant-type, which will authenticate the user based on his API key.

Preparations

First, let’s modify the User entity. It needs to hold the API key from now on.

• Part 1 – Principles and Terminology
• Part 2 – Setting up OAuth2 with Symfony2 using FOSOAuthServerBundle
• Part 3 – Using OAuth2 with your bare hands
• Part 4 – Implementing Custom Grant Type
• Part 5 – Implementing OAuth2 Client with Symfony2

Preparations

We’ll need a controller that mimics a dummy API behavior for us.

• Part 1 – Principles and Terminology
• Part 2 – Setting up OAuth2 with Symfony2 using FOSOAuthServerBundle
• Part 3 – Using OAuth2 with your bare hands
• Part 4 – Implementing Custom Grant Type
• Part 5 – Implementing OAuth2 Client with Symfony2

Prerequisites

Let’s assume you already have a project running on Symfony2 with Doctrine2, and you would like to enable some OAuth2 provider functionality on it. In case you still don’t have a running Symfony2 installation, please go through Symfony Book: Installation instructions and get a fresh copy of a Symfony2.

Also your project already, most probably, should has a User Entity, if not you can create something like this one.

• Part 1 – Principles and Terminology
• Part 2 – Setting up OAuth2 with Symfony2 using FOSOAuthServerBundle
• Part 3 – Using OAuth2 with your bare hands
• Part 4 – Implementing Custom Grant Type
• Part 5 – Implementing OAuth2 Client with Symfony2

Why OAuth and a bit of Terminology

Before we dive in into technical aspects of OAuth, let’s get the OAuth terminology straight.

Provider

So you have a functional platform, gathered some data and functionality and now it’s time when you need to provide this data and functionality over an API to your users, mobile devices and other platforms. You will be an OAuth Provider, rather soon.