We have a webapp over Symfony2.1, and we are trying to securize some REST webservices by using OAuth. These webservices are to be consumed by an Android app.
We are trying FOSOAuthServerBundle, and seems OK for authenticating the use of webservices from other websites, as the auth step is fully web-based.
But what we need is the next workflow:
- The user enters his username and password in the app
- The app then uses this information for automatically retrieving a valid Oauth token.
- The app uses this Oauth token as a parameter while consuming the OAuth-secured REST webservices.
Is this possible? Is FOSOAuthServerBundle the Bundle we need? How can we retrieve a valid OAuth-token without user interaction, only with username+password as parameters of the auth?
Thanks a lot.
Yes, FOSOAuthServerBundle can do that for you. Just use Resource Owner
Password Credentials Grant according to OAuth 2 spec.
Here is the instruction how to add client (app) with different grant types http://blog.logicexception.com/2012/04/securing-syfmony2-rest-service-wiith.html
List of available grant types: https://github.com/FriendsOfSymfony/oauth2-php/blob/b0e57e17c84175a51af01cef7bbb2961261c84ad/lib/OAuth2.php#L230