My problem:
I am currently developing a custom OAuth2 client for phpBB 3.2, and while the entire login process works correctly, I would like to save a cookie during this process, which I can't get to work.
I am also the developer of the OAuth2 server, so I have full access to the code on both sides.
When a user wants to login using OAuth and clicks on the 'login' button (on forum.example.com), he will be redirected to a login page (on api.example.com).
When the user enters his credentials, api.example.com will issue an authorization code and send it back to forum.example.com.
forum.example.com will then send a request with that authorization code in order to exchange it with an access token.
$token = $this->service_provider->requestAccessToken($code);
Now, I want to save that access token as a cookie, which is needed for example.com
I thought the function that handles the access token request on api.example.com could send a 'Set-Cookie' response header, but that didn't work.
On api.example.com I am using the Silex framework and the bshaffer OAuth2 library. The response I'm sending back is of type OAuth2\HttpFoundationBridge\Response and I tried setting the cookie by using this code:
$cookie1 = new Cookie("accessToken", $token['access_token'], time() + 60*60*24*30, "/", "example.com");
$response->headers->setCookie($cookie1);
return $response;
When debugging both projects, I see that the response on forum.example.com has the cookie, but it is never saved in the browser (Chrome).
Could it be, that the reason the cookie is not saved, is because the request is not initiated by the user/browser, but by the code itself?
I have read quite a bit about cookies over the last few days, but I am still nowhere near an expert in that field, so any help would be appreciated.
