I am playing with WSSE Authentication (through Symfony2) and I have defined the following classic Login flow :
- User enters its username & password & get the associated salt from the server
- username & password are checked on the server (ajax call) through a WSSE header check
- If Credentials are valid then, required data (i.e data that allow to re-generate a WSSE Header at each request) is stored on the browser
This is fully working.
Now, I would like to add the "Signin with facebook" feature. That's not a problem there's plenty of documentation on it, BUT, my purpose & my difficulty is to keep the WSSE logical working
As the user never enters its password if he logs in with Facebook, I am unable to generate wsse headers, and for this there is no documentation at all.
Would someone have already dealt with such an operation? Thanks in advance