Http Oauth Bundle Laravel Package

Getting Started

Minimal Steps

1. Install Dependencies Run:

   composer require dormilich/http-oauth-bundle dormilich/http-client-bundle symfony/http-client symfony/cache
   

2. Configure OAuth Credentials Add OAuth credentials to config/packages/dormilich_http_oauth.yaml:

   dormilich_http_oauth:
       credentials:
           client_id: "your_client_id"
           client_secret: "your_client_secret"
           token_url: "https://oauth-provider.com/token"
           scopes: ["scope1", "scope2"]
   

3. First Use Case: Authenticated HTTP Request Use the Symfony HTTP client with OAuth:

   use Symfony\Contracts\HttpClient\HttpClientInterface;
   
   public function __construct(private HttpClientInterface $client) {}
   
   public function fetchProtectedData()
   {
       $response = $this->client->request('GET', 'https://api.example.com/protected');
       return $response->toArray();
   }
   

Implementation Patterns

Workflows

1. Service Integration Inject HttpClientInterface into services requiring OAuth-protected endpoints:

   public function __construct(private HttpClientInterface $client) {}
   

2. Dynamic Credential Switching Use multiple credential sets via configuration:

   dormilich_http_oauth:
       credentials:
           provider1:
               client_id: "id1"
               client_secret: "secret1"
               token_url: "url1"
           provider2:
               client_id: "id2"
               client_secret: "secret2"
               token_url: "url2"
   

   Select credentials per request:

   $this->client->withOptions(['oauth_credentials' => 'provider2']);
   

3. Token Refresh Handling The bundle auto-refreshes tokens when expired. Customize refresh logic via events:

   // config/services.yaml
   services:
       App\EventSubscriber\OAuthTokenSubscriber:
           tags:
               - { name: kernel.event_subscriber }
   

Integration Tips

• Laravel-Specific: Use HttpClientInterface via Laravel’s Http facade:

  use Illuminate\Support\Facades\Http;
  
  $response = Http::withOptions(['oauth_credentials' => 'provider1'])->get('url');
  

• Middleware: Apply OAuth to specific routes via middleware:

  public function handle($request, Closure $next)
  {
      $request->withOptions(['oauth_credentials' => 'provider1']);
      return $next($request);
  }
  

Gotchas and Tips

Pitfalls

1. Missing Credentials If credentials are not configured, OAuth is ignored. Validate config with:

   php bin/console debug:config dormilich_http_oauth
   

2. Token Caching Default cache uses Symfony’s CacheInterface. For Laravel, bind a PSR-16 cache:

   // config/services.yaml
   Psr\SimpleCache\CacheInterface: '@cache.array'
   

3. Scope Validation Scopes are not enforced by the bundle. Validate responses manually:

   if (!$response->toArray()['scopes'] ?? true) {
       throw new \RuntimeException('Insufficient scopes');
   }
   

Debugging

• Enable Debugging Set debug: true in config to log OAuth flows:

  dormilich_http_oauth:
      debug: true
  

• Token Logs Check var/log/dev.log for token refresh events.

Extension Points

1. Custom Token Storage Override token storage via a custom TokenStorageInterface:

   services:
       App\Service\CustomTokenStorage:
           tags: ['dormilich_http_oauth.token_storage']
   

2. Event Listeners Extend OAuth logic via events:

   // src/EventSubscriber/OAuthTokenSubscriber.php
   class OAuthTokenSubscriber implements EventSubscriberInterface
   {
       public static function getSubscribedEvents()
       {
           return [
               OAuthEvents::BEFORE_TOKEN_REQUEST => 'onBeforeTokenRequest',
           ];
       }
   }
   

3. Laravel-Specific Use Laravel’s Auth facade to dynamically set credentials:

   $credentials = auth()->user()->oauth_credentials;
   $response = Http::withOptions(['oauth_credentials' => $credentials])->get('url');