0

I have a working project that uses the FOSUserBundle to handle all things user related, including logging into the system. Now, I'm building an API, and would like users to be able to log into the system by sending their credentials via JSON over HTTPS. I'd also like to be able to use the _remember_me cookie.

So, I need to be able to send either those JSON-decoded credentials or the _remember_me cookie to the FOSUserBundle login mechanism, but I'm not quite sure how to do it. Any suggestions or nudges in the right direction would be greatly appreciated.

Major Productions
  • 5,914
  • 13
  • 70
  • 149
  • possible duplicate of [Automatic post-registration user authentication](http://stackoverflow.com/questions/5886713/automatic-post-registration-user-authentication) – Emii Khaos May 31 '14 at 01:15

1 Answers1

1

You need to create a custom authentication provider and a security factory. This is quite an advanced task, but there's a tutorial here that can help you. http://symfony.com/doc/current/cookbook/security/custom_authentication_provider.html

When you create your factory class (implementing the SecurityFactoryInterface) make sure you assign getPosition() to http. The several authentication factories will be called in a strict order depending on their position, so bear in mind that the remember_me position - that takes care of the remember me functionality (provided it is enabled in your security.yml file) - will kick in earlier than the http authentication you are about to implement.

Besides the tutorial above, you can take a look at and study the following built-in authentication factory that can provide useful information:
vendor/symfony/symfony/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/HttpDigestFactory.php

Debreczeni András
  • 1,597
  • 10
  • 18
  • Interesting. Would it make sense to blend this with the API key authentication? What I'm building *will* need an API key passed in for every POST request. – Major Productions Jun 02 '14 at 17:49
  • 1
    Definitely. You can achieve something like that via an `AuthenticationSuccessHandler`. Take a look at the `DefaultAuthenticationSuccessHandler` which for example takes care of redirecting the user after successful login. – Debreczeni András Jun 02 '14 at 18:37
  • 1
    Also the `SecurityEvents::INTERACTIVE_LOGIN` event is fired automatically if you base your authentication on the `AbstractFactory` (which I strongly advise). So you could also create an event listener that takes care of your api keys. – Debreczeni András Jun 02 '14 at 18:46