Authentication for a Symfony2 api (for mobile app use)

I think you should do it stateless (without cookie).

I had the same problem, what i did:

• in your app/config/security.yml, add:

security:    ...    firewalls:        rest_webservice:            pattern: /webservice/rest/.*            stateless: true            http_basic:                provider: provider_name    ...

• Now you can make a request to your webservice:

class AuthTest extends WebTestCase {    public function testAuthenticatedWithWebservice()     {        $client = $this->createClient();        // not authenticated        $client->request('GET', '/webservice/rest/url');        $this->assertEquals(401, $client->getResponse()->getStatusCode());        // authenticated        $client->request('GET', '/webservice/rest/url', array(), array(), array(            'PHP_AUTH_USER' => 'username',             'PHP_AUTH_PW' => 'password'        ));        $this->assertEquals(200, $client->getResponse()->getStatusCode());    }}

Here you are, How to create a custom Authentication Provider awesome article.

To Authentication to a Symfony2 application through api, you need use:WS-Security

Yes Marc, jules is pointing to an example just to show you how to test authentication with http_basic.

To be RESTful you should avoid using cookies, otherwise just call it an API. About how secure is your authentication system you can go with http_digest over https or more secure signed request with api_key/api_secret approach.

Have a look here http://wiki.zanox.com/en/RESTful_API_authentication