Zf3, apigility and oauth2 together don't works

Accordingly to this docs https://apigility.org/documentation/auth/user-differentiation we should have this config:

return [
    'zf-mvc-auth' => [
        'authentication' => [
            'map' => [
                'DbApi\\V1'  => 'oauth2',
                'ZF\\OAuth2' => 'session',

where “session” is session adapter which checks if user is logged in. But xdebug shows that ‘ZF\OAuth2’ controller never calls. What have I done wrong? I have done all accordingly to that documentation but oauth2 with apigility doesnot works. I still getting “403 Forbidden” at my rest api pages. Have somebody the working example of zf3, apigility and oauth2? I want to make all my ajax calls to the apigility. Also, I want to make ajax call to the apaigility from the admin panel, which assumed that user is “admin”.

Use Xdebug and check the method __invoke of the class ZF\MvcAuth\Authentication\DefaultAuthenticationListener instead. That should help you find your problem.

DefaultAuthenticationListener doesn’t help me much. When I open /api/rest/status in browser xdebug shows me that my ‘oauth2’ adapter is calling and it doesn’t call ‘ZF\OAuth2’ cantroller. It calls bshaffer’s getAccessTokenData() method directrly.

Maybe, I need call ‘ZF\OAuth2’ controller right after sending data from login form? And only after should I be able to open rest urls like /api/rest/status ?

Ignore everything after the listener. It should be helpful if you know and understand which data is used in the listener and what the result is. Use Xdebug to follow the processing.

Last time I’ve misunderstood how zf-oauth2 works. I thought there is also oauth2 client implementation within zf-oauth2 and was trying to find it with xDebug. I understand now why I am getting “403 Forbidden” but don’t know yet how to fix it. I would like to continue discussion about DefaultAuthenticationListener at the new post.

What do you mean? How exactly to ignore?

Debugging your application and go step by step through the listener. Watch the values and the results. Understanding the processing within the listener is important. Everything after that is irrelevant for now.

I guess your problem is a misconfiguration or a misunderstanding of the operation. Therefore my recommendation to debug the class ZF\MvcAuth\Authentication\DefaultAuthenticationListener.
Then you should find your problem or a way to a possible solution.

1 Like

As I said, last time I have some expectation from zf-oauth2 which was related to misunderstanding of it work (since I thought zf-oauth2 also implement client part). zf-oauth2 and apigility works as I expected now. But there is some trouble with DefaultAuthenticationListener as I have mentioned in hijacked topics. The question in this topic is outdated now. Thank you.

That is exactly what I am doing.