Contains various Controller- and Service Providers for Silex projects to integrate UiTID authentication.
You'll need the Session
and UrlGenerator
services provided by Silex:
$app->register(new \Silex\Provider\SessionServiceProvider());
$app->register(new \Silex\Provider\UrlGeneratorServiceProvider());
You will also need to register the ServiceControllerServiceProvider
:
$app->register(new Silex\Provider\ServiceControllerServiceProvider());
This service makes it possible to load controllers as if they are services, so you can use separate classes for your controllers outside of the ControllerProvider classes.
Lastly you will have to register the CultureFeedServiceProvider
, with some additional configuration:
$app->register(new \CultuurNet\UiTIDProvider\CultureFeed\CultureFeedServiceProvider(), array(
'culturefeed.endpoint' => 'http://example.com/,
'culturefeed.consumer.key' => 'example-consumer-key',
'culturefeed.consumer.secret' => 'example-consumer-secret',
));
You will need to register the AuthServiceProvider
and UserServiceProvider
like this:
$app->register(new CultuurNet\UiTIDProvider\Auth\AuthServiceProvider());
$app->register(new CultuurNet\UiTIDProvider\User\UserServiceProvider());
And you will need to mount the AuthControllerProvider
to a path of your liking:
$app->mount(
'culturefeed/oauth',
new \CultuurNet\UiTIDProvider\Auth\AuthControllerProvider()
);
At this point, your visitors can authenticate if you redirect them to http://your-website.com/culturefeed/oauth/connect?destination=http://your-website.com, where your-website.com should obviously be your own domain name.
After authentication, they will be redirected back to the URL set in the destination parameter. In this case, http://your-website.com
.
You can access info for the current user, or other users, by using the following services provided by the UserServiceProvider
that you registered in step 1:
$app['uitid_user_session_service']
: An instance ofCultuurNet\UiTIDProvider\User\UserSessionService
, which can return minimal user info of the currently logged in user.$app['uitid_user_session_data']
: An instance ofCultuurNet\Auth\User
, which contains the user id and access token. (Also known as the "minimal user info".)$app['uitid_user_service']
: An instance ofCultuurNet\UiTIDProvider\User\UserService
, which can return user data by id or username.$app['uitid_user']
: An instance ofCultuurNet\UiTIDProvider\User\User
, which contains all extra info of the currently logged in user.
Optionally, you can mount the UserControllerProvider
to a path of your liking:
$app->mount('uitid', new \CultuurNet\UiTIDProvider\User\UserControllerProvider());
This will provide the following paths (in this example prefixed with uitid
):
uitid/user
: Returns data of the current user in JSON format.uitid/logout
: Invalidates the current session and logs the user out.
You can easily restrict access to paths for non-authenticated users by registering the SecurityServiceProvider
and UiTIDSecurityServiceProvider
:
$app->register(new \Silex\Provider\SecurityServiceProvider());
$app->register(new \CultuurNet\UiTIDProvider\Security\UiTIDSecurityServiceProvider());
Afterwards you'll have to configure the firewall settings. Make sure to allow access to the paths that you mounted in step 1, use the uitid
authenticator, and use the $app['uitid_firewall_user_provider']
as the user provider.
Here's an example of a valid firewall configuration:
$app['security.firewalls'] = array(
'unsecured' => array(
'pattern' => '^/culturefeed/oauth',
),
'secured' => array(
'pattern' => '^.*$',
'uitid' => true,
'users' => $app['uitid_firewall_user_provider'],
),
);
This example will only allow access to the paths beginning wih /culturefeed/oauth
until the user is logged in. All other paths will return a response with status code 403.
More info on firewall configuration can be found in the Silex documentation.