Symfony2 two authentication methods for one API

3
votes

Is there a possibility to make two factor authentication in Symfony 2 for REST API?

I would like to achieve sth like this:

  1. User in end point (mobile app) prepares dynamically login and password (based on some algorithm)
  2. User in end point requests an API interface, like /api/me?access_token=[ACEESTOKEN]
  3. In order to proceed user has to pass created login and password for Basic Auth.
  4. Symfony2 prepares login and password in the same way as mobile app and compares with the ones sent from mobile app.
  5. If it is OK, Symfony2 checks access_token (OAuth2 implemented with FOSOAuthServerBundle). If it is ok, provider receives User object based on access token, user is authenticated and can access api/me
1
phpapisymfonyauthenticationfosoauthserverbundle

1 Answers

0
votes

you can create/add multiple authentication providers and symfony's authentication manager will check each auth provider

"The AuthenticationProviderInterface requires an authenticate method on the user token, and a supports method, which tells the authentication manager whether or not to use this provider for the given token. In the case of multiple providers, the authentication manager will then move to the next provider in the list."

Example