N
N
noneim2015-07-07 19:48:58
symfony
noneim, 2015-07-07 19:48:58

Symfony 2 API Authorization?

Currently, in Symfony, the authorization and authentication order is:
1) UserProviderInterface::loadUserByUsername($username) returns an object with information about the client.
2) Then, according to the data of this object (salt, password), the entered password is compared and the user login process itself.
But this is completely illogical! There is an external api that returns information about the user only if you pass the correct password (to the AuthClient method) or password hash (to the getClientInfo method and some others).
Actually the question is how to implement this in symfony? Those. in my case loadUserByUsername($username) - $username alone is not enough to load information about the client, either the password (if the client is logging in) or the hash of the password (if the client is already logged in, the hash is usually stored in the session when using your self-written framework)

Answer the question

In order to leave comments, you need to log in

1 answer(s)
S
Sergey, 2015-07-07
Protko @Fesor

Everything can be redefined. But still, let's think a little. We have two processes - authorization when the user enters credits, and authentication - for all subsequent requests. For authentication, only loadUserByUsername should be enough, you will not store the user's unencrypted password.
For authorization, you yourself can determine how to take the user from the user provider.
In general, if an external API were yours, I would recommend using oauth2.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question