REST API authentication by Angular web app and Android devices

Question

I am building an application that works as follows:

As the only one backend I have a REST API (JSON only) built with Symfony Framework 2.3.2 + FOSRESTBundle.

This API will initially have two clients:

• An app running on Android devices;
• An web app built with AngularJS, running on the same server as the API.

I will register corporations that can use my application, each corporation can register its own users with their roles, these users will only access the web app, via an usual email/password form.

The corporations can also register a limited number of Android devices, identifying them by their IMEI (an international unique identification code for mobile devices), these devices will use their IMEI to authenticate to the API.

Android devices can only access a limited set of resources, while web app users can access whatever their roles allow.

I need:

• a secure and unified way to authenticate both, web app users by their email/password, and Android devices by their IMEI;
• Limit the resources they can access.

Observations:

• I have HTTPS in the API server.

Any idea on how can I achieve that?

Answer 1

Get FOS User Bundle. In your user entity you could add a type property to check what type of user it is (this is easy to get started). You can also define different user roles (worth checking out). Then also make a property "IMEI". Now you have your user accounts unified.

For logging in with AngularJS you can take a look at the code of FOS User Bundle. Take a look at how the values "username" and "password" are taken from the form and processed by the bundle. You can then use this method to login the user with your REST API.

For your IMEI users you can do a google search on "how to login programatically in symfony2". Then you can write your own code that checks the IMEI number only (no password) and logs in the user.