This course is archived!
The concepts of OAuth2 we're teaching in this tutorial are still valid, but the course project code is ancient.
05.
User Login with OAuth
Keep on Learning!
If you liked what you've learned so far, dive in! Subscribe to get access to this tutorial plus video, code and script downloads.
10 Comments
Coming from the basic PHP track , this feels like a big jump. There should be an intermediate course in PHP.
Hey @Akshit!
Ah, yes, this IS a big jump - you're right. And this is kind of a specialized topic - you either want to learn specifically about OAuth, or you don't.
After the basic PHP track, I would recommend jumping into our object-oriented track :) https://symfonycasts.com/tr...
Also, how did you go from the basic PHP track to this tutorial? I wouldn't recommend this jump - and I want to make sure that we're not accidentally linking from the basic PHP track to this tutorial.
Thanks!
Hi!
I never use Oauth to login, and am very confused with the UX logic here.
Is it really the regular way to do : when the user doesn't exist, we just create an account without telling him?
Or is it just an example and in real life login and registration are separate?
More generally, the "connect" feature seems to me very different than the "API access on behalfs" feature. It's actually so much mixed and the same thing?
Thanks !!!
Hey Francois,
Well, not exactly. When a new user (that wasn't registered on your website) is trying to login via OAuth - usually you may want to open kind of registration page, but prefill it with the data you get from the OAuth provider, e.g. email, name, etc. (usually we do not show password field for them as it's redundant, they already chose OAuth way that replaces password) so that users may edit this information if they needed and then complete registration. Only then you will create a new account for the user and link it to their OAuth provider.
But when the same user returns and trying to login again - this time you will already have their OAuth id in the DB, and you just log them in.
The workflow should be something like this.
About the connect feature - yes, it's a bit different. To connect OAuth provider, the user should be already logged in, and when they approve to connect their OAuth account - you just recored the OAuth ID on the current user, and so, when this user will login later via OAuth - you system will already has their OAuth ID in the DB and just log the related account in.
I hope this helps!
Cheers!
Hi Victor!
Thanks for these explanations!
And then, about what you wrote : "But when the same user returns and trying to login again - this time you will already have their OAuth id in the DB, and you just log them in."
Here, how do you check that it's really him who try to login? I'm missing a
piece I think
Thanks
Hey Francois,
Good question! Well, every time a user click on OAuth social button on your website - you're sending an API request to the OAuth provider, right? And so, the provider is sending back all the info about the users, like his OAuth ID, if the user approved the oauth authorization. That's how you know which user is trying to login via OAuth, you have his ID, and so you can search by the OAuth id in your DB and find the proper user that should be authenticated on your website.
I'd recommend you to look at https://github.com/knpunive... if you're interested in implementing OAuth in a Symfony application :)
Cheers!
Thanks!
Understood :)
Small feedback : it would be very good on the main presentation page of each courses to have the date of publication. There's no real way to know it otherwise, and so you don't really know what you sign for.
And 2nd feedback: It would be cool that you mention this oauth2-client-bundle in the course. Maybe it could be added in the main textual presentation (if you don't want to edit video)? I guess a lot of student who take the course today miss it
Hey Francois,
Great! :)
> Small feedback : it would be very good on the main presentation page of each courses to have the date of publication. There's no real way to know it otherwise, and so you don't really know what you sign for.
Thank you for leaving this little feedback! Yeah, I see your point, though we did it on purpose. This way we want to say that publication date isn't that much important and this content is still relevant. The more important to know which version are used in the course, and that's why we implemented a nice feature where you can click on main dependency name, e.g. on "Symfony 5.0" button on this course: https://symfonycasts.com/sc... - we will show the composer.json content with the exact versions installed. Unfortunately, this OAuth tutorial contains an old file structure, and this does not support this feature, but almost all our other tutorials support it. I hope this is helpful for you.
> And 2nd feedback: It would be cool that you mention this oauth2-client-bundle in the course. Maybe it could be added in the main textual presentation (if you don't want to edit video)? I guess a lot of student who take the course today miss it
Agree, I just double-checked and there's no links to that bundle on this tutorial, we only mention it in comments. So, we will think about a good place where to put a note linking to that bundle, thanks! :)
Cheers!
// src/OAuth2Demo/Client/Controllers/CoopOAuthController.php
// ...
public function receiveAuthorizationCode(Application $app, Request $request)
{
// ...
$meData = json_decode($response->getBody(), true);
$user = $this->getLoggedInUser();
$user->coopAccessToken = $accessToken;
$user->coopUserId = $meData['id'];
$this->saveUser($user);
// ...
Hey Dung,
Could you explain what you're trying to say us a bit?
Cheers!
"Houston: no signs of life"
Start the conversation!