Login to symfony from android device

Question

I have an android app that the user logs in to via facebook. I am trying to access my symfony api without logging in another time. Is it possible to log in to symfony with just the access token that I get from the android app?

Answer 1

Ok so just a wrapup of what I managed to do.

I tried to modify fosFacebookBundle to accept access_tokens but in the end of the day I had to just do everything from scratch following the links I got from Zalas. I got the user from the accesstoken via the FacebookProvider class in fosFacebookBundle.

I had to inject Facebook, and FacebookProvider into my FacebookTokenListener. I am not even shure that this is secure. Somebody might be able to login with a access token from another site(I havn't tested it yet). The accesstoken is also in plaintext in the header. All in all not a very nice solution.

        $this->facebook->setAccessToken($request->headers->get("access_token"));
        $fbUid = $this->facebook->getUser();
        if(!$fbUid){
            throw new AccessDeniedHttpException("invalid access token");
        }
        $user = $this->facebookProvider->findUserByFbId($fbUid);
        $token = new FacebookTokenToken($user);

Thanks for the links!

Answer 2

Yes, it is possible. You'll need to implement a custom authentication provider and possibly a custom user provider to authenticate a user with token (and possibly retrieve him by token).