feat: implement OAuth 2.0 login flow

config/bundles.php

@@ -17,4 +17,5 @@ return [
     ApiPlatform\Symfony\Bundle\ApiPlatformBundle::class => ['all' => true],
     Lexik\Bundle\JWTAuthenticationBundle\LexikJWTAuthenticationBundle::class => ['all' => true],
     Symfony\WebpackEncoreBundle\WebpackEncoreBundle::class => ['all' => true],
+    KnpU\OAuth2ClientBundle\KnpUOAuth2ClientBundle::class => ['all' => true],
 ];

config/packages/knpu_oauth2_client.yaml

@@ -0,0 +1,14 @@
+knpu_oauth2_client:
+    clients:
+        oauth:
+            type: generic
+            provider_class: App\Security\OAuthProvider
+            client_id: '%env(OAUTH_CLIENT_ID)%'
+            client_secret: '%env(OAUTH_CLIENT_SECRET)%'
+            redirect_route: oauth_connect_check
+            redirect_params: {}
+            provider_options:
+                baseAuthorizationUrl: '%env(OAUTH_AUTHORIZATION_URL)%'
+                baseAccessTokenUrl: '%env(OAUTH_TOKEN_URL)%'
+                resourceOwnerDetailsUrl: '%env(OAUTH_USERINFO_URL)%'
+                scope: '%env(OAUTH_SCOPE)%'

config/packages/security.yaml

@@ -13,7 +13,8 @@ security:
         dev:
             pattern: ^/(_(profiler|wdt)|css|images|js)/
             security: false
-        login:
+
+        api_login:
             pattern: ^/api/login
             stateless: true
             json_login:
@@ -26,6 +27,10 @@ security:
             stateless: true
             jwt: ~
 
+        main:
+            custom_authenticators:
+                - App\Security\OAuthAuthenticator
+
             # activate different ways to authenticate
             # https://symfony.com/doc/current/security.html#the-firewall
 

config/routes.yaml

@@ -6,3 +6,6 @@ controllers:
 
 api_login:
     path: /api/login
+
+oauth_connect_check:
+    path: /login/oauth/check