Authentication for a Symfony2 api (for mobile app use)
I think you should do it stateless (without cookie).
I had the same problem, what i did:
- in your app/config/security.yml, add:
security: ... firewalls: rest_webservice: pattern: /webservice/rest/.* stateless: true http_basic: provider: provider_name ...
- Now you can make a request to your webservice:
class AuthTest extends WebTestCase { public function testAuthenticatedWithWebservice() { $client = $this->createClient(); // not authenticated $client->request('GET', '/webservice/rest/url'); $this->assertEquals(401, $client->getResponse()->getStatusCode()); // authenticated $client->request('GET', '/webservice/rest/url', array(), array(), array( 'PHP_AUTH_USER' => 'username', 'PHP_AUTH_PW' => 'password' )); $this->assertEquals(200, $client->getResponse()->getStatusCode()); }}
Here you are, How to create a custom Authentication Provider awesome article.
To Authentication to a Symfony2 application through api, you need use:WS-Security
Yes Marc, jules is pointing to an example just to show you how to test authentication with http_basic.
To be RESTful you should avoid using cookies, otherwise just call it an API. About how secure is your authentication system you can go with http_digest over https or more secure signed request with api_key/api_secret approach.
Have a look here http://wiki.zanox.com/en/RESTful_API_authentication