How to restfully login, Symfony2 Security, FOSUserBundle, FOSRestBundle?
I'd like to be able to login via a ws.
I've tried to simulate this with curl pointing to /login but it only handles HTML, etc.
By the way, it requires a CSRF which I don't want.
So I'd like to either disable the CRSF (from the login_check) or find a way to do it myself.
Can I override the LoginListener (where is it?) which is used when the route login_check is catched.
ANy clues?
Answer
There are many ways to provide authentication and authorization to a REST Web Service but the most accepted one seems to be OAuth. Facebook, Twitter, Google, Github and the like use it.
The people at Friends Of Symfony has a bundle to implement OAuth authentication and authorization on Symfony2: https://github.com/FriendsOfSymfony/FOSOAuthServerBundle and I think this is what you are looking for.
EDIT: For more information on Oauth, the people at Cloudfoundry posted an interesting article a couple of days ago.
About other options you can use, a simple one is basic authentication:
firewalls:
main:
pattern: ^/rest
anonymous: ~
form_login: false
provider: fos_user_bundle
http_basic:
realm: "REST Service Realm"
EDIT2: As I see that there is still people voting this answer I think that it is needed to note that at the time of writing this answer JWT was not an option yet, but that maybe it is a better option than OAuth on some use cases (e.g. When the API is going to be consumed by your own apps). So here is a link to a good JWT implementation for Symfony2/3: https://github.com/lexik/LexikJWTAuthenticationBundle/blob/master/Resources/doc/index.md