Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Problem with clientCollection prop of yii\authclient\widgets\AuthChoice #253

Open
SOHELAHMED7 opened this issue Nov 26, 2018 · 3 comments
Open

Problem with clientCollection prop of yii\authclient\widgets\AuthChoice #253

SOHELAHMED7 opened this issue Nov 26, 2018 · 3 comments
Assignees
@cebe
Labels
status:under discussion

Comments

@SOHELAHMED7
Copy link
Contributor

SOHELAHMED7 commented Nov 26, 2018
edited

When I set clientCollection
https://www.yiiframework.com/extension/yiisoft/yii2-authclient/doc/api/2.1/yii-authclient-widgets-authchoice#$clientCollection-detail

in

AuthChoice
https://www.yiiframework.com/extension/yiisoft/yii2-authclient/doc/api/2.1/yii-authclient-widgets-authchoice

like below

What steps will reproduce the problem?

Step 1: set in components array in web config file as

    'authClientCollection' => [
        'class' => yii\authclient\Collection::class,
        'clients' => [
            'github' => [
                'class' => yii\authclient\clients\GitHub::class,
                'clientId' => '-',
                'clientSecret' => '--',
                'scope' => 'user:email',
            ],
        ],
    ],

    // for the same above github registered app
    'myRepoAuthClientCollection' => [
        'class' => yii\authclient\Collection::class,
        'clients' => [
            'github' => [
                'class' => yii\authclient\clients\GitHub::class,
                'clientId' => '-',
                'clientSecret' => '--',
                'scope' => 'user:email,repo',
            ],
        ],
    ],

Step: 2 Set SiteController (or AuthController or any controller for login signup) (common for both above config)

public function actions()
{
    return [
        'oauth' => [
            'class' => AuthAction::class,
            'successCallback' => [$this, 'authSuccess'],
            'clientCollection' => 'myRepoAuthClientCollection'
        ],

Note: for signin signup process scope user:email is enough but to get repo access we need scope repo see above config (link)

Step 3: set this in any view file

<?= yii\authclient\widgets\AuthChoice::widget([
    'baseAuthUrl' => ['site/oauth'],
    'clientCollection' => 'myRepoAuthClientCollection'
]); ?>

What's expected?

github.com should ask user for repo permission

What do you get instead?

github.com is not asking user for repo permission. it just take config from authClientCollection

as of now how I solved the issue

Create separate controller and its action that only control myRepoAuthClientCollection, say
NewController

public function actions()
{
    return [
        'oauth_new' => [
            'class' => AuthAction::class,
            'successCallback' => [$this, 'authSuccessNew'],                
            'clientCollection' => 'myRepoAuthClientCollection'
        ],


// in view file
<?= yii\authclient\widgets\AuthChoice::widget([
    'baseAuthUrl' => ['new/oauth_new'],
    'clientCollection' => 'myRepoAuthClientCollection'
]); ?>

it works fine.

Feel free to ask more details if needed

even i tried to use same authClientCollection like

Yii::$app->get('authClientCollection')->getClients()['github']->scope = 'user:email,repo';

but didn't worked

Additional info

Q A
Yii version 2.0.15.1
Yii Auth Client version 2.1.0
Yii HTTP Client version 2.0.7
PHP version 7.1
Operating system ubuntu 18.04
@samdark samdark added the status:to be verified Needs to be reproduced and validated. label Nov 26, 2018
@cebe
Copy link
Member

cebe commented Nov 27, 2018

This is because the AuthChoise widget uses the authClientCollection only to created links to the AuthAction. You need two different AuthActions if we have auth with different permissions. I do not think there is something we can change in the auth-client extension about this. If you have any idea how this could be changed in auth-client extension, feel free to propose a soluition.

@cebe cebe self-assigned this Nov 27, 2018
@cebe cebe added status:under discussion and removed status:to be verified Needs to be reproduced and validated. labels Nov 27, 2018
@SOHELAHMED7
Copy link
Contributor Author

It seems then clientCollection of AuthChoice is not useful anymore, right? if so it can be made private

and

this event can be used to change the scope runtime?

@SOHELAHMED7
Copy link
Contributor Author

How about this approach

SiteController

public function actions()
{
    return [
        'oauth' => [
            'class' => AuthAction::class,
            'successCallback' => [$this, 'authSuccessNew'],

            // below new prop (type: array) added to AuthAction Class
            // only one scope can be used at a time ie creating a widget AuthChoice 
            // this can be used to validate which scope (say 'repo') to apply out of available 2 below
            'availableScopes' => ['user:email', 'repo'],
        ],

usage

<?= yii\authclient\widgets\AuthChoice::widget([
    'baseAuthUrl' => ['auth/oauth', 'customScope' => 'user:email'],
    'popupMode' => false,
]) ?>

this can be added after
https://github.com/yiisoft/yii2-authclient/blob/master/src/AuthAction.php#L208

if (in_array(Yii::$app->getRequest()->getQueryParam('customScope'), $this->availableScopes, true)) {
    $client->scope = Yii::$app->getRequest()->getQueryParam('customScope');
}

share your views

we are adding a GET param

is it secure enough?

@cebe cebe reopened this Nov 27, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cebe cebe

Labels
status:under discussion
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@samdark @cebe @SOHELAHMED7