UPDATE:
I tried using this code in one of my recent projects and it didn't work anymore. The reason is that HWIOAuthBundle has updated a few times and the config files are not the same. I put the code above as well as login to a few other social networks in a github which you can find at HWIOAuthBundleByExample.
I have a week experience with symfony2 and in the past days that's what i was working myself. Found your question today (when i was still researching).
I'm gonna present you what I had to do, based on what data, and how i did it. After that, I'll try giving you some key links and I hope you'll manage to modelate for your needs.
My app needs Facebook login and ADMIN role. Because will only be a few administrators, I only need a few Facebook IDs when authentificating, so I store them in a yaml array. (See at the end how you can load them from database).
Here's what I did:
#/app/config.yml #the setup looks different (I need the picture and email credentials)
hwi_oauth:
# name of the firewall in which this bundle is active, this setting MUST be set
firewall_name: secured_area
resource_owners:
facebook:
type: facebook
client_id: %facebook_client_id%
client_secret: %facebook_client_secret%
scope: "email"
infos_url: "https://graph.facebook.com/me?fields=username,name,email,picture.type(square)"
paths:
email: email
profilepicture: picture.data.url
services: #here's where the magic happens
hwi_oauth.user.provider.entity:
class: HWI\Bundle\OAuthBundle\Security\Core\User\OAuthUserProvider
ib_user.oauth_user_provider:
class: Acme\DemoBundle\Provider\Provider
arguments: [@session, @doctrine, %admins%]
#app/security.yml
security:
providers:
my_custom_hwi_provider:
id: ib_user.oauth_user_provider
access_control:
- { path: ^/admin, roles: ROLE_SUPER_ADMIN }
#app/parameters.yml
parameters:
#...
facebook_client_id: ###
facebook_client_secret: ###
admins:
- "my.facebook.id"
#Acme\DemoBundle\Provider\Provider
<?php
namespace Acme\DemoBundle\Provider;
use HWI\Bundle\OAuthBundle\Security\Core\User\OAuthUserProvider;
use HWI\Bundle\OAuthBundle\OAuth\Response\UserResponseInterface;
use Acme\DemoBundle\Entity\User;
use Acme\DemoBundle\Provider\OAuthUser;
class Provider extends OAuthUserProvider
{
protected $session, $doctrine, $admins;
public function __construct($session, $doctrine, $admins) {
$this->session = $session;
$this->doctrine = $doctrine;
$this->admins = $admins;
}
public function loadUserByUsername($username)
{
return new OAuthUser($username, $this->isUserAdmin($username)); //look at the class below
}
private function isUserAdmin($nickname)
{
return in_array($nickname, $this->admins);
}
public function loadUserByOAuthUserResponse(UserResponseInterface $response)
{
//data from facebook response
$facebook_id = $response->getUsername();
$nickname = $response->getNickname();
$realname = $response->getRealName();
$email = $response->getEmail();
$avatar = $response->getProfilePicture();
//set data in session
$this->session->set('nickname', $nickname);
$this->session->set('realname', $realname);
$this->session->set('email', $email);
$this->session->set('avatar', $avatar);
//get user by fid
$qb = $this->doctrine->getManager()->createQueryBuilder();
$qb ->select('u.id')
->from('AcmeDemoBundle:User', 'u')
->where('u.fid = :fid')
->setParameter('fid', $facebook_id)
->setMaxResults(1);
$result = $qb->getQuery()->getResult();
//add to database if doesn't exists
if ( !count($result) ) {
$User = new User();
$User->setCreatedAt(new \DateTime());
$User->setNickname($nickname);
$User->setRealname($realname);
$User->setEmail($email);
$User->setAvatar($avatar);
$User->setFID($facebook_id);
$em = $this->doctrine->getManager();
$em->persist($User);
$id = $em->flush();
} else {
$id = $result[0]['id'];
}
//set id
$this->session->set('id', $id);
//@TODO: hmm : is admin
if ($this->isUserAdmin($nickname)) {
$this->session->set('is_admin', true);
}
//parent:: returned value
return $this->loadUserByUsername($response->getNickname());
}
public function supportsClass($class)
{
return $class === 'Acme\\DemoBundle\\Provider\\OAuthUser';
}
}
#Acme\DemoBundle\Provider\OAuthUser
<?php
namespace Acme\DemoBundle\Provider;
use HWI\Bundle\OAuthBundle\Security\Core\User\OAuthUser as HWIOAuthUser;
class OAuthUser extends HWIOAuthUser{
private $isAdmin = false;
public function __construct($username, $isAdmin = false)
{
parent::__construct($username);
$this->isAdmin = $isAdmin;
}
public function getRoles()
{
$roles = array('ROLE_USER', 'ROLE_OAUTH_USER');
if ($this->isAdmin) {
array_push($roles, 'ROLE_SUPER_ADMIN');
}
return $roles;
}
}
So you can pretty much see that when facebook login response comes, I do the database checks (based on the facebook graph ID), and add it if needed. Also, I set some things in sessions (you won't need this), and after that I must also return a HWI\Bundle\OAuthBundle\Security\Core\User\OAuthUser object (this is where the sf2 gets it's roles). So I extend it (in this way i have acces to $isAdmin). As you said, you need roles for each user and you must also edit them. For that, you can implement getRoles() with a ManyToMany relationship (give access to doctrine entityManager via constructor). You can see that applied here: http://symfony.com/doc/current/cookbook/security/entity_provider.html#managing-roles-in-the-database .
As I said, you must tweak it a lot (my only app is facebook-only login and with a in_memory like security access), but I wish myself I had a code like that when i started. So I really hope this hels you. Post your questions, if any.