1

I am a little unsure with implemention OAuth for an API built on Symfony.

Situation: API on Symfony using common FOS Bundles as advised here. Front end will be on SilverStripe so login form will reside on a different domain on SilverStripe framework.

This is the required workflow: User fills in username and password on front end form on SilverStripe -> API call to check whether username and password is correct -> if credentials are correct API gives an access_token and all the other values required for subsequent calls to API (which I am not sure of)

All the tutorials I found are implementing oauth for Facebook or Twitter.

Not really sure how to do this as I am new to API.

Improve this question
3
  • So SilverStripe is consuming your API, built in Symfony, living somewhere else, correct? And you need the SilverStripe login form to function as a passthru to the API? Does it need to actually log a Member into Silverstripe or only authenticate with the API? Commented Dec 10, 2015 at 12:11
  • @MarkGuinn correct Symfony is living somewhere else and silverstripe login form is just to authenticate with the API Commented Dec 10, 2015 at 21:54
  • So you're using grant_type=password then (gist.github.com/lologhi/7b6e475a2c03df48bcdd#grant_typepassword)? And you don't need it to create a SS Member account or anything? Commented Dec 11, 2015 at 12:34

1 Answer 1

Reset to default
1

Assuming:

  1. You need to collect UN/PW on Silverstripe and use those same ones to authenticate with the API
  2. You don't need to have a SilverStripe Member record for the same user (i.e. you're bypassing SS's built-in authentication entirely)

I suggest:

  1. Build the authentication form just like any other SS form.
  2. In your submit handler use curl or something else to send a grant_type=password request to the API (ala https://gist.github.com/lologhi/7b6e475a2c03df48bcdd#grant_typepassword)
  3. Save the access_token in the session
  4. Use the access token for future API requests
  5. To logout just delete the access token from the session
  6. To check if logged in just check if there is an access token in the session.

No external modules required if my assumptions are correct. If not, you might want to check out OPauth and https://github.com/BetterBrief/silverstripe-opauth - at least as an inspiration.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thanks Mark. Tried that and it seems to be working fine. Question - What's the /oauth/v2/auth route for? Do I need to use it?
Is that on the Symfony side? I'm afraid I don't have any specific experience with that set of modules. The oauth spec has a number of back and forth protocols (e.g. token refresh, logging in on the symfony side a.l.a facebook or github, etc) so my guess is it facilitates one or all of them.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.