Xalok Go Documentation

Appearance

CMS API

OAuth2

The API use FOSOAuthServerBundle.

Identity

To connect to the API there must be an associated user, creating it either from admin or for example:

shell
$ ./app/admin/console fos:user:create api.test
Please choose an email:api.test@hiberus.com
Please choose a password:
Created user api.test

Creating a client

For a user to access via OAuth2 you have to create a client, this allows you to create different clients for different situations and disable, update, assign roles, ... as needed. different situations and disable them, update them, assign roles, ... as needed.

For example, to create a new client associated to a user with the rol to authenticate would be:

shell
$ ./app/admin/console fos:oauth-server:create-client --redirect-uri=https://starbase.lo --grant-type=password --grant-type=refresh_token

Client Credentials
==================

 ------------------------------------------------------ ----------------------------------------------------
  Client ID                                              Client Secret
 ------------------------------------------------------ ----------------------------------------------------
  2_2qqpqiqxjso4occ0c884o8004s8880g4w40g8oos80kowwo800   3c8csebc1aqsss4cw400848ckwos8wswoo4cs8k440c0o4kw8k
 ------------------------------------------------------ ----------------------------------------------------

OAuth2 workflow

From here is the usual flow for OAuth2, just as an example, getting a token and using it in an API would be:

Obtain token

shell
$ curl 'http://starbase.lo:8080/oauth/v2/token?grant_type=password&client_id=2_1qr5njdzjh9cgkwcc84gwgk0s8s0gcg08s4gooock84oo4o08w&client_secret=2p2x4b5jaqg4cc0g800o8g0k4c888w0w084wckwcoc4kwosgg0&username=api.test&password=1111'
{
    "access_token":"ZjRmN2RkOGIwYmE1MWIwNGY4MjRhMDgzZjczMjc4NjU1ZjYwM2M0ZWI5YWIwNTM4NWFiOWNlZDY1OWE0MjZkMw",
    "expires_in":3600,
    "token_type":"bearer",
    "scope":null,
    "refresh_token":"NmY4OTFjY2JhYTU4ODg2MDhiYjEzYjM5YThkZjExZWU2MjU3ZWI4MDc3NDk0ZjQ3YWM0OTUwMTI1NGM4MDk1Mg"
}

or, leaving it in an environment variable:

shell
$ export TOKEN=`curl -s 'http://starbase.lo:8080/oauth/v2/token?grant_type=password&client_id=2_1qr5njdzjh9cgkwcc84gwgk0s8s0gcg08s4gooock84oo4o08w&client_secret=2p2x4b5jaqg4cc0g800o8g0k4c888w0w084wckwcoc4kwosgg0&username=api.test&password=1111' | jq -r .access_token`

Authenticate to access a resource

shell
$ curl -s -H "Authorization: Bearer $TOKEN" http://admin.starbase.lo:8080/api/importer/version | xmllint --format -
<?xml version="1.0"?>
<item>
  <success>1</success>
  <version>1.0</version>
</item>