Reputation: 8304
Authentication in Symfony2 without being able to read the password
I'm writing my first Symfony2 app after a few years with Symfony and am having trouble converting our user management code. It seems that to fit in with Symfony2's authentication model I have to provide user details including their (encrypted) passwords. We authenticate via a webservice that takes the username and password and responds with a confirmation and user level (user, admin etc), but it never sends the real password back to us.
What I want to do is accept the login details from a form, confirm they are valid and then set the user's roles according to the webservice's response. Where do I start?
Upvotes: 1
Views: 2362
Answers (2)
Reputation: 15002
You can create an user provider and its loadUserByName you can call the webservice. If success return the new UserInterface object with the password of the form empty salt string and the roles returned by the service. Also set encoder of the UserInterface to plaintext in security.yml. And then set the new created user provider in form_login auth provider in the firewall.
Upvotes: 2
Reputation: 11351
You need to use a custom authentication provider to authenticate against your webservice. It is explained quite clearly in this blog post
Upvotes: 2
Related Questions
- Symfony - protect one ressource with password / authenticate user only with password
- Symfony 4: How to authenticating users?
- Symfony2 Login and Security
- Symfony authentication
- Symfony security basic authentication
- User authentication on Symfony2 without saving to Database
- Configuring authentication symfony2
- Two step authentication in symfony2
- Symfony2 - Security authentication
- Symfony2 Security problem