Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Get refresh token with FOSOAuthServerBundle

Tags:

access-token

oauth-2.0

symfony

fosoauthserverbundle

When asking for the access token using a url like this (client credentials as grant type):

http://api.local/app_dev.php/oauth/v2/token?client_id=<client_id>&client_secret=<secret>&grant_type=client_credentials

I get the following json response:

{
access_token: "XXXXXXXXXXX",
expires_in: 3600,
token_type: "bearer",
scope: "user"
}

The refresh token is missing, any idea why this could be?

My FOSOAuthServerBundle in config.yml:

fos_oauth_server:
    db_driver: orm
    client_class:        Acme\ApiBundle\Entity\Client
    access_token_class:  Acme\ApiBundle\Entity\AccessToken
    refresh_token_class: Acme\ApiBundle\Entity\RefreshToken
    auth_code_class:     Acme\ApiBundle\Entity\AuthCode
    service:
        user_provider: platform.user.provider
        options:
            supported_scopes: user

UPDATE

The Client Entity makes a call to the constructor in the parent entity (located in the FOSOAuthServerBundle):

namespace Acme\ApiBundle\Entity;

use FOS\OAuthServerBundle\Entity\Client as BaseClient;
use Doctrine\ORM\Mapping as ORM;

/**
 * @ORM\Entity
 */
class Client extends BaseClient
{
    /**
     * @ORM\Id
     * @ORM\Column(type="integer")
     * @ORM\GeneratedValue(strategy="AUTO")
     */
    protected $id;

    public function __construct()
    {
        parent::__construct();
    }
}
like image 357
rfc1484 Avatar asked Dec 02 '25 15:12

rfc1484

2 Answers

Florent is right, client_credentials should not include the refresh token by default. It is however, included in the older version that I'm using, that's why I was confused.

I would suggest going for grant type authorization_code or password, if possible. If you really need to expose a refresh token for client_credentials, I guess you could extend/override the OAuth2 class and override the method grantAccessTokenClientCredentials by calling the parent and removing the 'issue_refresh_token' => false from the returned result.

You can override the OAuth2 by putting the following in your services.yml (As long as your bundle has 'FOSOAuthServerBundle' as parent):

parameters:
    fos_oauth_server.server.class: YourNS\YourBundle\Service\YourOauth2
like image 96
Javier C. H. Avatar answered Dec 06 '25 01:12

Javier C. H.

The issue of a refresh token using client_credentials is optional (see RFC6749#section-4.4.3): A refresh token SHOULD NOT be included..

The is not a bug, but the normal behaviour of this bundle.

like image 32
Spomky-Labs Avatar answered Dec 06 '25 01:12

Spomky-Labs
Sign in to Comment

Related questions

How to pass Controller variables to an EventListener in Symfony2?
No hits with from a Zend Search MultiTerm Query? (There should be 3)
Symfony / PHP - Best way to store single value
Symfony Websockets: Logged User always returns anonym within Topic
How to change form in twig input text
Routing redirection not working properly (Symfony 3)
"1064 You have an error in your SQL" while try to execute INSERT using Symfony2 and Doctrine2
Symfony 2.0 Where do i put my base.css file

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!