DEV Community

Roeland
Roeland

Posted on • Edited on

48 1

Google authentication with Symfony 7

I had some problems with Google authentication in Symfony 7.

Here are the steps I used to get it working.

Create a new application

symfony new authdemo --version="7.0.*" --webapp

Create 2 controllers with bin/console make:controller.
RootController and DashboardController

Change the route for RootController from /root to /.
This will be our public page.

/dashboard should only be accessible for an authenticated user.

Create the Google credentials

Go to your project on Google cloud console and select 'APIs & Services'.

On the credentials tab you can select 'create credentials' and then 'OAuth client ID'.

Image description

In the next screen choose 'Web application' as application type.

Add https://localhost:8000/login/check-google to 'Authorized redirect URIs' and click 'create'

You now get a 'Client ID' and 'Client secret'.

Create a .env.local file in the root of your project and add those values like this:

GOOGLE_ID=<Paste you Google ID here>
GOOGLE_SECRET=<Paste your Google secret here>
Enter fullscreen mode Exit fullscreen mode

Install and configure the HWIOAuthBundle

You can find more detailed instructions here

Install the bundle: composer require hwi/oauth-bundle and execute the recipe to add the needed bundle and routing.

Change config/packages/hwi_oauth.yaml to look like this:

hwi_oauth:
    firewall_names: [main]
    resource_owners:
        google:
            type:                google
            client_id:           '%env(GOOGLE_ID)%'
            client_secret:       '%env(GOOGLE_SECRET)%'
            scope:               "email profile"
Enter fullscreen mode Exit fullscreen mode

The client_id and client_secret will be set from you environment variables. In this case the .env.local file we created in the previous step.

Now we need to update config/packages/security.yaml.

  • Add the hwi_oauth provider
  • Configure the main firewall to use the new provider with the correct settings
  • Add access control rules to protect your application
    providers:
        hwi_oauth.user.provider:
            id: hwi_oauth.user.provider

    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        main:
            pattern: ^/
            oauth:
               resource_owners:
                   google:          "/login/check-google"
               login_path:        /
               use_forward:       false
               failure_path:      /

               oauth_user_provider:
                   service: hwi_oauth.user.provider
               provider: hwi_oauth.user.provider

    access_control:
        - { path: ^/login, roles: PUBLIC_ACCESS }
        - { path: ^/connect, roles: PUBLIC_ACCESS }
        - { path: ^/(.+), roles: ROLE_USER }
        - { path: ^/$, roles: PUBLIC_ACCESS }

Enter fullscreen mode Exit fullscreen mode

With those setting the root page should be public, but /dashboard should not be accessible. If you try to go to /dashboard you will be redirected to /.

Let's add a login link to the root page.

Add this in templates/root/index.html.twig:

<a href="{{ path('hwi_oauth_service_redirect', {'service': 'google' }) }}">
    <span>Login with Google</span>
</a>
Enter fullscreen mode Exit fullscreen mode

You need to add that route somewhere. I added this in config/routes/hwi_oauth_routing.yaml:

google_login:
    path: /login/check-google
Enter fullscreen mode Exit fullscreen mode

That is it!!

Now you should be able to login with google.
After logging in you should see your name in the Symfony Profiler. You should also be allowed to see /dashboard now.

Please let me know if you have any suggestions to improve this.

Do your career a big favor. Join DEV. (The website you're on right now)

It takes one minute, it's free, and is worth it for your career.

Get started

Community matters

Top comments (2)

Collapse
 
gigel_oricare_668ae7fc2de profile image
gigel oricare

is not working with symfony 7.2

Collapse
 
roeland profile image
Roeland • Edited

I just tested this in 7.2 without errors.
What error do you get? What part is not working?

👋 Kindness is contagious

Discover a treasure trove of wisdom within this insightful piece, highly respected in the nurturing DEV Community enviroment. Developers, whether novice or expert, are encouraged to participate and add to our shared knowledge basin.

A simple "thank you" can illuminate someone's day. Express your appreciation in the comments section!

On DEV, sharing ideas smoothens our journey and strengthens our community ties. Learn something useful? Offering a quick thanks to the author is deeply appreciated.

Okay