Roeland
Posted on February 5, 2024
I had some problems with Google authentication in Symfony 7.
Here are the steps I used to get it working.
Create a new application
symfony new authdemo --version="7.0.*" --webapp
Create 2 controllers with bin/console make:controller
.
RootController
and DashboardController
Change the route for RootController
from /root
to /
.
This will be our public page.
/dashboard
should only be accessible for an authenticated user.
Create the Google credentials
Go to your project on Google cloud console and select 'APIs & Services'.
On the credentials tab you can select 'create credentials' and then 'OAuth client ID'.
In the next screen choose 'Web application' as application type.
Add https://localhost:8000/login/check-google
to 'Authorized redirect URIs' and click 'create'
You now get a 'Client ID' and 'Client secret'.
Create a .env.local
file in the root of your project and add those values like this:
GOOGLE_ID=<Paste you Google ID here>
GOOGLE_SECRET=<Paste your Google secret here>
Install and configure the HWIOAuthBundle
You can find more detailed instructions here
Install the bundle: composer require hwi/oauth-bundle
and execute the recipe to add the needed bundle and routing.
Change config/packages/hwi_oauth.yaml
to look like this:
hwi_oauth:
firewall_names: [main]
resource_owners:
google:
type: google
client_id: '%env(GOOGLE_ID)%'
client_secret: '%env(GOOGLE_SECRET)%'
scope: "email profile"
The client_id and client_secret will be set from you environment variables. In this case the .env.local file we created in the previous step.
Now we need to update config/packages/security.yaml
.
- Add the hwi_oauth provider
- Configure the main firewall to use the new provider with the correct settings
- Add access control rules to protect your application
providers:
hwi_oauth.user.provider:
id: hwi_oauth.user.provider
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
oauth:
resource_owners:
google: "/login/check-google"
login_path: /
use_forward: false
failure_path: /
oauth_user_provider:
service: hwi_oauth.user.provider
provider: hwi_oauth.user.provider
access_control:
- { path: ^/login, roles: PUBLIC_ACCESS }
- { path: ^/connect, roles: PUBLIC_ACCESS }
- { path: ^/(.+), roles: ROLE_USER }
- { path: ^/$, roles: PUBLIC_ACCESS }
With those setting the root page should be public, but /dashboard
should not be accessible. If you try to go to /dashboard
you will be redirected to /
.
Let's add a login link to the root page.
Add this in templates/root/index.html.twig
:
<a href="{ { path('hwi_oauth_service_redirect', {'service': 'google' }) }}">
<span>Login with Google</span>
</a>
You need to add that route somewhere. I added this in config/routes/hwi_oauth_routing.yaml
:
google_login:
path: /login/check-google
That is it!!
Now you should be able to login with google.
After logging in you should see your name in the Symfony Profiler. You should also be allowed to see /dashboard
now.
Please let me know if you have any suggestions to improve this.
Posted on February 5, 2024
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.