Zf3, apigility and oauth2 together don't works

testuser · August 24, 2019, 9:35am

Accordingly to this docs https://apigility.org/documentation/auth/user-differentiation we should have this config:

return [
    'zf-mvc-auth' => [
        'authentication' => [
            'map' => [
                'DbApi\\V1'  => 'oauth2',
                'ZF\\OAuth2' => 'session',
            ],

where “session” is session adapter which checks if user is logged in. But xdebug shows that ‘ZF\OAuth2’ controller never calls. What have I done wrong? I have done all accordingly to that documentation but oauth2 with apigility doesnot works. I still getting “403 Forbidden” at my rest api pages. Have somebody the working example of zf3, apigility and oauth2? I want to make all my ajax calls to the apigility. Also, I want to make ajax call to the apaigility from the admin panel, which assumed that user is “admin”.

froschdesign · August 30, 2019, 1:06pm

Use Xdebug and check the method __invoke of the class ZF\MvcAuth\Authentication\DefaultAuthenticationListener instead. That should help you find your problem.

testuser · August 30, 2019, 2:49pm

DefaultAuthenticationListener doesn’t help me much. When I open /api/rest/status in browser xdebug shows me that my ‘oauth2’ adapter is calling and it doesn’t call ‘ZF\OAuth2’ cantroller. It calls bshaffer’s getAccessTokenData() method directrly.

testuser · August 30, 2019, 2:52pm

Maybe, I need call ‘ZF\OAuth2’ controller right after sending data from login form? And only after should I be able to open rest urls like /api/rest/status ?

froschdesign · September 6, 2019, 3:11pm

Ignore everything after the listener. It should be helpful if you know and understand which data is used in the listener and what the result is. Use Xdebug to follow the processing.

testuser · September 6, 2019, 6:02pm

Last time I’ve misunderstood how zf-oauth2 works. I thought there is also oauth2 client implementation within zf-oauth2 and was trying to find it with xDebug. I understand now why I am getting “403 Forbidden” but don’t know yet how to fix it. I would like to continue discussion about DefaultAuthenticationListener at the new post.

testuser · September 6, 2019, 6:09pm

What do you mean? How exactly to ignore?

froschdesign · September 7, 2019, 5:57am

Debugging your application and go step by step through the listener. Watch the values and the results. Understanding the processing within the listener is important. Everything after that is irrelevant for now.

I guess your problem is a misconfiguration or a misunderstanding of the operation. Therefore my recommendation to debug the class ZF\MvcAuth\Authentication\DefaultAuthenticationListener.
Then you should find your problem or a way to a possible solution.

testuser · September 7, 2019, 9:35am

As I said, last time I have some expectation from zf-oauth2 which was related to misunderstanding of it work (since I thought zf-oauth2 also implement client part). zf-oauth2 and apigility works as I expected now. But there is some trouble with DefaultAuthenticationListener as I have mentioned in hijacked topics. The question in this topic is outdated now. Thank you.

That is exactly what I am doing.

Topic		Replies	Views
Trouble with "User Differentiation" article API Tools apigility	2	885	August 30, 2019
When I set 'deny_by_default' ('zf-mvc-auth' component) to true, I get 403 "Forbidden" on all pages of the site API Tools apigility	10	1558	March 10, 2020
Zf-oauth2: I've got access_token. What's next? API Tools apigility	3	1184	September 5, 2019
How to implement OAuth2 without Apigility Components & MVC rest , zend-mvc , authentication	2	2114	September 20, 2017
How can I stop throwing "403, 'Forbidden'" by apigility for non-rest/non-rpc controllers? API Tools	2	1089	September 6, 2019

Zf3, apigility and oauth2 together don't works

Related Topics