2

I made a Rest API with symfony2 on one server (S1).

I made an application with symfony2 on one server (S2).

S1 : Works well. It gives json response of user's informations, depends of url given.

S2 : Works well. Ask url with curl. Use wsse in the http header for retrieve important user's informations.

I want log in my users (from S2) using S1 database. But when i am in S2, after the json response with user's informations, i don't know what i need to do and how do it...

Application side : - Symfony2

API side : - Symfony2 - FOSUserBundle - FOSRestBundle - JMS

It's the first time i try to make an Rest API, so maybe i don't understand well how it works.

Thank's in advance.

EDIT : For more details.

  • 1 : User 1 use a log in form and send it.
  • 2 : S2 Create a http header with x-wsse parameter (Nonce / Timestamp / Username / Password...)
  • 3 : S2 send this header to S1 with curl
  • 4 : S1 retrieve datas and if the header have good informations, send back the user's informations (in json) or make some actions
  • 5 : S2 retrieve jsons informations of the user from S1.
  • 6 : I can display the page like i want to the User 1

Now my problem is that i need to do the same thing for a new page, but i don't want ask my user for a password and a username a second time because for him, he is log in.

Hope it's more clear.

EDIT 2 : My problem resume in one sentence.

In Symfony2, with wsse authentication, how can i get a user's token and send it to client side after authentication on the API.

:p

ElJackiste
  • 4,011
  • 5
  • 23
  • 36

2 Answers2

0

You need to create a custom authentication. Fortunately for you, this Symfony cookbok entry will show you how to do it with WSSE:

http://symfony.com/doc/current/cookbook/security/custom_authentication_provider.html

Debreczeni András
  • 1,597
  • 10
  • 18
  • Yes, i already followed this doc for deploy the custom authentication on S1 server. Like i said, the API make a good job, i retrieve json from api with authentication, but i don't know how i can set a token or something like that for don't have to ask the password of my users all the time on the application side. Maybe i don't do it good, i need to deploy a custom authentication on application side too ? – ElJackiste Jun 15 '14 at 06:59
0

Your S1 application returns a token when you authenticate from the S2 app, right ?

Then all you need to do is store this token somewhere in your S1 app (an entity, redis, ... Whatever), and when a foreign app (such as your S2 app) ask for a resource while providing this request with a token, you just gotta check out if the token exists and is valid.

If it is, then you can authenticate the user on the S1 with Symfony's security component.

Talus
  • 754
  • 7
  • 18
  • Hello. In fact S1 return a json response of user's data if the http header (send by a "client") is good (nonce + timestamp + digest...). So in S2, i just have json response not a token. After i make the client (S2) for ask the ressources but i don't know how manage the token. I read that the goal was to send a header request created with the password and username. An after, exchange a token. But i don't know excatly how do it... – ElJackiste Jun 15 '14 at 09:44
  • Well, in fact it lies in one sentence (such as the summary of your question) : you need to generate a token, send it to S2, and ask S2 to send it each time (via a header, a query arg, ... the choice is yours). Then, on S1, for each request, you may check the validity of your token (does it exists ? Is it still valid ? Who does it belong to ?). That's the gist of an API. :) – Talus Jun 15 '14 at 15:53
  • Thank you. It was what i thought. But i expected at some code for help me because i block at this part. My authentication provider is created with the official doc of symfony and work well. But now i am in my controller and i need to response to the client and i don't know how generate the token and with what... http://pastebin.com/pHxMTitb – ElJackiste Jun 15 '14 at 16:35
  • I'll try to edit my answer when I have some time to add some code then, but you got something in your paste, even though it should be on your S1. – Talus Jun 16 '14 at 13:09