3

We have a webapp over Symfony2.1, and we are trying to securize some REST webservices by using OAuth. These webservices are to be consumed by an Android app.

We are trying FOSOAuthServerBundle, and seems OK for authenticating the use of webservices from other websites, as the auth step is fully web-based.

But what we need is the next workflow:

  1. The user enters his username and password in the app
  2. The app then uses this information for automatically retrieving a valid Oauth token.
  3. The app uses this Oauth token as a parameter while consuming the OAuth-secured REST webservices.

Is this possible? Is FOSOAuthServerBundle the Bundle we need? How can we retrieve a valid OAuth-token without user interaction, only with username+password as parameters of the auth?

Thanks a lot.

Improve this question

1 Answer 1

Reset to default
5

Yes, FOSOAuthServerBundle can do that for you. Just use Resource Owner Password Credentials Grant according to OAuth 2 spec.

Here is the instruction how to add client (app) with different grant types http://blog.logicexception.com/2012/04/securing-syfmony2-rest-service-wiith.html

List of available grant types: https://github.com/FriendsOfSymfony/oauth2-php/blob/b0e57e17c84175a51af01cef7bbb2961261c84ad/lib/OAuth2.php#L230

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks for the reference to great step-by-step tutorial.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.