[WIP] Add documentation for authorization code grant

[v-m-i]

Closes #160

[codecov-io]

Codecov Report

Merging #177 (854faf9) into v3.x (119fa85) will increase coverage by 0.59%.
The diff coverage is n/a.

@@             Coverage Diff              @@
##               v3.x     #177      +/-   ##
============================================
+ Coverage     90.89%   91.48%   +0.59%     
- Complexity      367      454      +87     
============================================
  Files            56       66      +10     
  Lines          1208     1621     +413     
============================================
+ Hits           1098     1483     +385     
- Misses          110      138      +28     

Impacted Files	Coverage Δ	Complexity Δ
OAuth2Grants.php	0.00% <0.00%> (-100.00%)	1.00% <0.00%> (ø%)
.../Exception/Oauth2AuthenticationFailedException.php	0.00% <0.00%> (-100.00%)	1.00% <0.00%> (ø%)
Model/RedirectUri.php	29.62% <0.00%> (-53.71%)	15.00% <0.00%> (+12.00%)	⬇️
Event/UserResolveEvent.php	38.46% <0.00%> (-17.10%)	5.00% <0.00%> (-4.00%)
Model/Client.php	87.17% <0.00%> (-5.93%)	19.00% <0.00%> (+7.00%)	⬇️
Security/Authentication/Token/OAuth2Token.php	91.66% <0.00%> (-3.21%)	9.00% <0.00%> (-7.00%)
Manager/InMemory/ClientManager.php	18.18% <0.00%> (-0.87%)	12.00% <0.00%> (ø%)
League/Entity/Scope.php	100.00% <0.00%> (ø)	1.00% <0.00%> (ø%)
Converter/ScopeConverter.php	100.00% <0.00%> (ø)	4.00% <0.00%> (ø%)
Command/CreateClientCommand.php	100.00% <0.00%> (ø)	8.00% <0.00%> (+4.00%)
... and 30 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 119fa85...854faf9. Read the comment docs.

[okazy]

@v-m-i
Thanks for the great documentation.
I didn't understand the following two points, so the documentation was very helpful.

• How to change the path of the endpoint
• How to handle redirect before authentication

I commented on some interesting points.

I have implemented my own authorization confirmation page.

1. login page
2. authorization confirmation page(ex. Do you allow read permission for this application?)
3. redirect with authorization code

I would like to know if there is a best practice on how to set the authorization confirmation page.

Here is my code implemented without documentation.
https://github.com/okazy/ec-cube/compare/f604226b42131689f763a2d87af0994173c87390...okazy:d981ba70858282c1353f36367299db04053d03ff?expand=1

[v-m-i]

@okazy
Thank you for your feedback, I have committed your suggestions and added some additional changes for listener example.

Regarding authorization confirmation page, I don't know best practice for creating it.

@HypeMC
What do you think, maybe open new issue for best practice of creating authorization confirmation page? Also, maybe we should open issue (or include in best practice issue) explaining what is best practice for restricting scopes on authorization server? (I don't have that use-case in my applications so I can't recommend anything)

[tdutrion]

Hi! Thanks for this PR, it has been very useful to me!

Just a couple of changes that might be interesting here :)

[tdutrion]

[info] User Deprecated: "trikoder_oauth2.authorization_server.enable_auth_code_grant" is deprecated, use "trikoder_oauth2.authorization_server.grant_types.authorization_code.enable" instead.

This should be updated to use the new parameters.

[v-m-i]

@tdutrion
Thank you for noticing this, I have updated the documentation.

[tdutrion]

You could reverse the condition (null === $event->getUser()) and just return after setting the response:

public function onAuthorizationRequestResolve(AuthorizationRequestResolveEvent $event): void
{
    if (null === $event->getUser()) {
        $event->setResponse(new Response(302, [
            'Location' => $this->urlGenerator->generate('login', [
                'returnUrl' => $this->requestStack->getMasterRequest()->getUri(),
            ]),
        ]));

        return;
    }

    $event->resolveAuthorization(AuthorizationRequestResolveEvent::AUTHORIZATION_APPROVED);
}

[v-m-i]

@tdutrion
I agree, simplifying if statements using early returns is (usually) good practice. I have updated the documentation with your example.

[smilesrg]

@trikoder maybe it's time to accept this PR?

[codecov-commenter]

⚠️ Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 91.48%. Comparing base (119fa85) to head (854faf9).
⚠️ Report is 170 commits behind head on v3.x.
❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

@@             Coverage Diff              @@
##               v3.x     #177      +/-   ##
============================================
+ Coverage     90.89%   91.48%   +0.59%     
- Complexity      367      454      +87     
============================================
  Files            56       66      +10     
  Lines          1208     1621     +413     
============================================
+ Hits           1098     1483     +385     
- Misses          110      138      +28     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.