README

Archived because it is no longer used by any publiq applications and has not been updated significantly since 2015.

Silex Service Provider OAuth

This is an UiTID OAuth 1.0 webservice authentication provider for the Silex SecurityServiceProvider.

Usage

There's a demo application which shows you how to integrate & configure this component.

First register the provider in your Silex application. Supply the base url of the desired UiTID API environment, and an OAuth consumer key & secret that are allowed to access the UiTID Credentials API.

$app->register(
    new \CultuurNet\SilexServiceProviderOAuth\OAuthServiceProvider(),
    array(
        'oauth.fetcher.base_url' => 'http://acc2.uitid.be',
        'oauth.fetcher.consumer' => array(
            'key' => 'notsosecretkey',
            'secret' => 'verysecret',
        ),
    )
);

Define a service named oauth.model.provider.nonce_provider that implements CultuurNet\SymfonySecurityOAuth\Model\Provider\NonceProviderInterface. The cultuurnet/symfony-security-oauth-redis package provides an implementation that used Redis for storage. It uses the predis PHP client library for Redis. However, you are free to use your own implementation for a suitable storage mechanism.

$app['predis.client'] = $app->share(
    function () {
        return new \Predis\Client('tcp://127.0.0.1:6379');
    }
);

$app['oauth.model.provider.nonce_provider'] = $app->share(
    function (\Silex\Application $app) {
        return new \CultuurNet\SymfonySecurityOAuthRedis\NonceProvider(
            $app['predis.client']
        );
    }
);

Then configure a firewall to make use of the oauth authentication provider:

$app->register(
  new \Silex\Provider\SecurityServiceProvider(),
  array(
      'security.firewalls' => array(
          'myapi' => array(
              'pattern' => '^/my/api/.*',
              'oauth' => true,
              'stateless' => true,
           ),
      ),
  )
);

For improved performance, you can cache the tokens retrieved from the UiTID Credentials API. The best way to do this is by wrapping the original oauth.model.provider.token_provider service in a decorator that implements the same interface and takes care of caching. Again, you are free to use your own implementation for a suitable storage mechanism. The cultuurnet/symfony-security-oauth-redis package provides an implementation that used Redis.

$app->extend(
    'oauth.model.provider.token_provider',
    function (
        \CultuurNet\SymfonySecurityOAuth\Model\Provider\TokenProviderInterface $tokenProvider,
        \Silex\Application $app
    ) {
        return new \CultuurNet\SymfonySecurityOAuthRedis\TokenProviderCache(
            $tokenProvider,
            $app['predis.client']
        );
    }
);