Symfony2 authentication via 3rd Party REST API

12
votes

I'm writing an application using Symfony2 which will interface with the Wordnik REST API.

Currently, the Wordnik API does not offer OAuth capabilities, so I have to accept a username and password which I'll then transparently pass to the API interface.

I'd like to integrate this API authentication into Symfony2's security system, but so far I haven't been able to identify what the best implementation route is.

I don't think the custom user provider is correct, because the password is not stored in my system. All examples regarding custom authentication providers seem to pertain to the securing of a part of an application as an API, rather than against a REST API.

It's not clear to me to what extent the FOSUserBundle helps to solve this problem either.

The ideal flow:

  • User provides credentials.
  • Credentials are passed to the 3rd party REST API
  • If the credentials are correct:
    • A corresponding "third party user" Entity is created by my application, if it doesn't exist.
    • The user is authenticated using this "third party user" Entity.

What is the best way to implement this within a Symfony2 security context?

Thanks!

Related Questions:

1
phpapisymfonyrestful-authentication
I'm struggling with the same problem. Could you please share your code for how you implemented this?Steffan
@Steffan - It's going on 2 years since this code was written, but you can see the provider / token that we wrote here: github.com/freen/wordrot/tree/… .... on subsequent commits I removed the PHP backend in favor of trying out a Node backend instead, so that commit is the last state of the PHP.Daniel B.
Thx alot, but I found an easier way to do it with the guard system thx to @DevDonkey from this post.Steffan

1 Answers

4
votes

you have to implement a custom authentication provider as described in: http://symfony.com/doc/current/cookbook/security/custom_authentication_provider.html

I can't tell you what the best way is but just to help you get started: You create a listener, a token, a provider and a factory.

The attemptAuthentication method of the listener takes the credentials provided by the user and creates a new Token with that input. At the end of the method you'll add a: return $this->authenticationManager->authenticate($token);

Your provider will use this token in the authenticate method to send the API request.

For non-existing users you have two options: - create a user in the authenticate method after the API call and after you check whether it already exists which I believe is NOT they way to go - create your own authentication failure handler which is like https://github.com/symfony/symfony/blob/master/src/Symfony/Component/Security/Http/Authentication/DefaultAuthenticationFailureHandler.php but at the top of the onAuthenticationFailure method you add if ($exception instanceof UsernameNotFoundException && (null !== $token = $exception->getToken()) && $token instanceof YourWordnikToken) { // create that user here }

That's just the basic idea how it works...I'm on IRC with the nickname hacfi - let me know if you need further guidance