I'm trying to write an application with symfony2 for the server side and angularjs for the client side. All the communications between server and client are done using REST api. What is the best way to authenticate the user in this system?
1 Answer
You can use classic HTTP / REST authentication schema like OAUTH2, HTTP basic auth. It's depends by your application security level. The basic auth is really simple, you have to implement the security.yml firewall:
secured_api:
pattern: ^/api/*
stateless: true
anonymous: false
http_basic:
provider: in_memory
In this example I setted a simple in_memory provider but you can use any provider or custom provider defined in your application.
in_memory:
memory:
users:
stupid_user: { password: myname ,roles: 'ROLE_USER' }
sly_user: { password: secret, roles: 'ROLE_USER }
Now you can check the routes using cURL:
curl -v --basic -u "stupid_user:myname" -X POST -H "Content-Type: application/json" -d @request.json www.domainname.com/api/aroute
( the above request is a POST with json as data exchange format )
