I'm not very confident with Symfony and oauth authentication...
We got a web application with a standard login that is working as expected. What we are trying to create now is a parallel authenticattion way for the users using a smart card. I'm able to read the smart card but I'm not able to use oauth request in order to retrieve the access and refrsh token.
My idea is to use those data to authenticate ( both saved in the user table ):
- smart card id ( example: 2221 ). This is read from the smart card.
- smart card signature ( this is generating by concatenating name, surname, and other data from the smart card ). My idea was to md5() then this concatenated string. This signature is also saved in the user table.
So, how can I retrieve a valid access and refresh token using this data?
What's the correct grant_type in this situation and what's the other parameters required?
Here my code:
$token = new UsernamePasswordToken($user, $smartCardSignature, 'main', $user->getRoles());
$user = $token->getUser();
$arrayOauthCredentials = array(
"client_id" => $client_id,
"client_secret" => $client_secret,
"grant_type" => "password",
"username" => // ?????
"password" => // ?????
);
$oAuth2GetAccessTokenReq = $this->oAuth2HttpClient->createRequest("POST", $this->getOAuth2Endpoint(self::TOKEN_ACTION), null, $arrayOauthCredentials);
$oAuth2Response = $this->oAuth2HttpClient->send($oAuth2GetAccessTokenReq);
$oAuth2 = json_decode($oAuth2Response->getBody(true));
$accessToken = $oAuth2->access_token;
$refreshToken = $oAuth2->refresh_token;
$session = $request->getSession();
if ($session->has("r_t"))
$session->remove("r_t");
$session->set("r_t", $refreshToken);
$user->setOAuth2Token($accessToken);
$this->em->persist($user);
$this->em->flush($user);
$this->get('security.token_storage')->setToken($token);
Thanks guys