I’ve set an OIDC authentication with a custom authenticator as follow:
class SsoAuthenticator implements AuthenticatorInterface, AuthenticationEntryPointInterface
{
private UserProviderInterface $user_provider;
private ?LoggerInterface $logger;
public function __construct(LdapUserRepository $ldap_user_repository, UserProviderInterface $user_provider, LoggerInterface $logger = null)
{
$this->user_provider = $user_provider;
$this->logger = $logger;
$this->ldap_user_repository = $ldap_user_repository;
}
public function start(Request $request, AuthenticationException $authException = null): Response
{
$response = new Response();
$response->headers->set('WWW-Authenticate', sprintf('Basic realm="%s"', 'emmaus.example.com'));
$response->setStatusCode(401);
return $response;
}
public function supports(Request $request): ?bool
{
return $request->headers->has('Authorization') || $request->get('token');
}
public function authenticate(Request $request): Passport
{
$oidc = new Oidc($this->ldap_user_repository);
$token = $request->get('token');
$decoded_token = $oidc->decodeToken($token);
$user_name = $oidc = $oidc->getUserName($decoded_token);
if(!(is_a($this->user_provider, UserProviderInterface::class)))
{
throw new AuthenticationException('error forbidden buddy');
}
$user_badge = new UserBadge($user_name);
$credentials = new BadgeCredentials();
return new Passport($user_badge, $credentials);
}
public function createToken(Passport $passport, string $firewallName): TokenInterface
{
return new UsernamePasswordToken($passport->getUser(), $firewallName, $passport->getUser()->getRoles());
}
public function createAuthenticatedToken(PassportInterface $passport, string $firewallName): TokenInterface
{
return new OidcToken(['ROLE_USER'], null);
}
public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $firewallName): ?Response
{
$oidc = new Oidc($this->ldap_user_repository);
$token = $request->get('token') ? $request->get('token') : $request->get('Authorization');
$decoded_token = $oidc->decodeToken($token);
$user_identifier = $oidc->getUserName($decoded_token);
$user = $this->ldap_user_repository->findOneBy(['username' => $user_identifier]);
$last_name = $user->getLastName();
$first_name = $user->getFirstName();
$roles = $user->getRoles();
$email = $user->getEmail();
$group_results = array();
$groups = $user->getGroupBase();
foreach($groups as $group)
{
array_push($group_results, $group->getName());
}
$token = $request->get('token') ? $request->get('token') : $request->headers->has('Authorization');
$_SESSION['token_lemon_ldap'] = $token;
$data = array(
'roles' => $roles,
'userName' => $user_identifier,
'firstName' => $first_name,
'lastName' => $last_name,
'email' => $email,
'token' => $token,
'groups' => $group_results
);
return new Response(
json_encode($data)
);
}
public function onAuthenticationFailure(Request $request, AuthenticationException $exception): ?Response
{
$oidc = new Oidc($this->ldap_user_repository);
$decoded_token = $oidc->decodeToken($request->get('token'));
try
{
return $this->start($request, $exception);
}catch(UnexpectedValueException $exception)
{
throw new $exception('wrong number of segment');
}
}
}
?>
I’ve the authorization to access resources from API after successful authentication, but when I’m fetching response from controller, it return onAutenticationSucess() response’s data at each request, and can’t access data from controllers, do you have an idea what i’m missing? I’m looking at session or kernel.response, but can’t make my head around a proper solution.
Thanks