Symfony FOS OAuth Server Tutorial

There is a widely held misconception that OAuth2 is the 'right way' to be doing mobile app security. I'm not saying that OAuth2 is not a great way to achieve this, but it is not 'right' for every situation.

If your security requirements are fairly basic, then OAuth2 is overkill. If you can confidently say that having your data compromised would not lead to anything more than mild embarrassment, then stick with HTTP Basic or similar, which are easier to implement.

If you're interested in knowing who is using your API, and using an API key for authentication may be just what you need.

However, if you do have stricter security needs then OAuth2 may very well be the right tool for the job.

If you have spent even a small amount of time looking into OAuth2 then you will likely have encountered all manner of fun terminology - Client Credentials, Resource Owners, Grant types, and maybe even spent a little time with RFC 6749.

Ultimately, OAuth in a Symfony2 application is made much easier thanks to the FOS OAuth Server Bundle. Throughout this tutorial series you will learn how to set up and use FOS OAuth Server Bundle combined with FOS User Bundle, and FOS REST Bundle.


# Title Duration
1 Installing FOS User Bundle - That is not a typo! 07:52
2 4 Key OAuth2 Terms You Need To Know 06:46
3 Creating and Using Our First OAuth2 Client 05:41
4 How Our OAuth2 Tokens Are Created 06:58
5 Client Credentials and Password Grant Types 07:43
6 Authorization Code Grant Type 04:17
7 Refresh Tokens 03:07
8 Scope and FOSOAuthServerBundle 08:12

Code For This Course

Get the code for this course.

Share This Course

If you have found this course helpful, please share it.

Presented by

Christopher Moss

Christopher Moss

Hi, I'm Chris and welcome to In this video you will learn about... :)