I'm working on a project based on symfony 4, having two sides:
1/ The back office side that used to populating and managing data needed in the mobile app for example : the mobile app shows Quizzes already entered from the back office (to database), using api.
the back office has its own users that log on to manage data.
2/ The mobil app that communicates using the rest api to get data (from the back office) mobil users (different from the BO ones) can just log in from the mobil app, their data are stored in database using the api.
the mobil app has different ways of authentification :
- username/password
- Facebook/google (Oauth)
Here comes the confusion, when choosing OAuth, request goes to FB/Google, and ready to be sent through Api, So how am I supposed to deal with the process of OAuth inside my symfony project ?
Is it right to work this way, or I need to get the authorisation from OAuth providers from my side (from symfony not from the mobil app ) ?
for info : I'm using :
- LexikJWTAuthenticationBundle as JWT implementation
- Two Guard Authentification systems : one for BO, and one for rest api (jwt)
I hope I had explained well my case.
Thanks in advance for any help.
