OAuth2 Symfony Api postman not passing by the guard authenticator

279 views Asked by At

I'm building an API with Symfony and I've add OAuth authentication to secure the API. But when I'm testing the API with Postman and trying to get a new Access Token, Postman won't go through the guard authenticator to get the token and return no token and the user is not connected.

Postman OAuth configuration

But when I'm testing with the frontend I access this route to be connected (localhost:8000/api/connect/github) and then this route to get the token (localhost:8000/api/access_token/github) The user is connected and I can see the token here but not on postman.

Here it's the two routes I use to connect a user with OAuth (In my SecurityController) :

/**
 * @Route("/connect/{service}", name="api_connect")
 */
public function connect(string $service): RedirectResponse
{
    /** @var GithubClient $client */
    $client = $this->clientRegistry->getClient($service);
    return $client->redirect(['read:user', 'user:email']);
}

/**
 * @Route("/access_token/{service}", name="api_access_token")
 */
public function accessToken(Request $request, string $service): JsonResponse
{
    try {
        return new JsonResponse(["Access Token" => $request->getSession()->get("Access Token")], 200);
    } catch (IdentityProviderException $e) {
        return new JsonResponse(["Error" => [
            "Message" => $e->getMessage(),
            "Code" => $e->getCode()
        ]
        ]);
    }
}

In my Authenticator I've used these two methods to get the token and pass it through the session and headers :

public function getCredentials(Request $request)
{
    $accesstoken = $this->fetchAccessToken($this->getClient());
    $request->headers->set("Access Token", $accesstoken);
    return $accesstoken;
}

public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $providerKey)
{
    $request->getSession()->set("Access Token", $request->headers->get("Access Token"));
    return null;
}

So in the method accessToken from my SecurityController I tried to get the token in the request headers. It should return me something like this : { "Access Token": "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" }

but instead in Postman, it returns me this :

{ "Access Token": null }

So I'm guessing that Postman isn't going through the Authenticator but I don't understand why, do you guys have any explanation ?

Thank you very much

0

There are 0 answers