Login flow : WSSE Authentication & Facebook Sign in

1
votes

I am playing with WSSE Authentication (through Symfony2) and I have defined the following classic Login flow :

  1. User enters its username & password & get the associated salt from the server
  2. username & password are checked on the server (ajax call) through a WSSE header check
  3. If Credentials are valid then, required data (i.e data that allow to re-generate a WSSE Header at each request) is stored on the browser

This is fully working.

Now, I would like to add the "Signin with facebook" feature. That's not a problem there's plenty of documentation on it, BUT, my purpose & my difficulty is to keep the WSSE logical working

As the user never enters its password if he logs in with Facebook, I am unable to generate wsse headers, and for this there is no documentation at all.

Would someone have already dealt with such an operation? Thanks in advance

1
facebooksymfonyfacebook-javascript-sdkrestful-authenticationwsse

1 Answers

0
votes

the solution i found is following this order :

1) Create a webservice not under the wsse firewall but secured by a header token or something else like x-token : fdslkjl324l2lrkljlkfsjflkjfkljl2, which return the password encrypted from the database for the given user.

like for example : you should have an webservice to get user salt to encrypt user s password to authenticate through wsse API.

2) use the classic wsse webservices with generated token from the encrypted password following the wsse

now that you have the password encrypted you can simply authenticate under the wsse service.

The most important thing is you don t have to put the user password in plain .