I'm writing an application using Symfony2 which will interface with the Wordnik REST API.
Currently, the Wordnik API does not offer OAuth capabilities, so I have to accept a username and password which I'll then transparently pass to the API interface.
I'd like to integrate this API authentication into Symfony2's security system, but so far I haven't been able to identify what the best implementation route is.
I don't think the custom user provider is correct, because the password is not stored in my system. All examples regarding custom authentication providers seem to pertain to the securing of a part of an application as an API, rather than against a REST API.
It's not clear to me to what extent the FOSUserBundle helps to solve this problem either.
The ideal flow:
- User provides credentials.
- Credentials are passed to the 3rd party REST API
- If the credentials are correct:
- A corresponding "third party user" Entity is created by my application, if it doesn't exist.
- The user is authenticated using this "third party user" Entity.
What is the best way to implement this within a Symfony2 security context?
Thanks!
Related Questions: