symfony4 UserProviderInterface implementation with api calls authentification

2
votes

I'm developing a symfony4 webapp. Users accounts are stored on a DB accessible via an API.

I want to implement this UserProviderInterface as it is advised by the symfony4 documentation to use the symfony4 security module features.

If I understand, implementing this interface requires the API (or service, or db...) to return data (for example hashed password / salt) that will be checked by symfony security.

Is there a way to use the symfony security module without getting such data from the user provider ?

For example to send username and password entered in login form by the user to the api, which will check if it is correct and return a bool ?

1
symfonysecurity
Do you want to proxy username/password to another API and grant access depending on the remote API's response ... instead of validating username/password with providers and security encoders provided by symfony? - Nicolai Fröhlich

1 Answers

1
votes

You can implement your own Guard Authenticator to perform the authentication checks manually.

There is a good example implementation described in the documentation chapter:

How to Create a Custom Authentication System with Guard

An example configuration would look like this:

security:
  firewalls:
    firewall_api:
      pattern: '^/(.*)+$'
      host:    '^api\.mypage\.com$'
      stateless: true
      anonymous: false
      guard:
        # list of authenticators to try
        authenticators:
          - 'My\Bridge\Symfony\Security\Authenticator\Guard\JWTTokenAuthenticator'
          - 'My\Bridge\Symfony\Security\Authenticator\Guard\FacebookAuthenticator'
        # This authenticator's start() method is called
        entry_point: 'My\Bridge\Symfony\Security\Authenticator\Guard\JWTTokenAuthenticator'