2

I have a question regarding authentication with JWT and Facebook for a restful API app.

I am using Symfony 4 and for authentication "lexik/jwt-authentication-bundle": "^2.6", to generate jwt tokens based on username and password.

Here is my configuration security.yaml:

security:
    encoders:
        App\Entity\User: bcrypt
    providers:
        database:
            entity:
                class: App\Entity\User
                property: username
    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false

        login:
            pattern: ^/api/login
            stateless: true
            anonymous: true
            json_login:
                check_path: /api/login
                success_handler: lexik_jwt_authentication.handler.authentication_success
                failure_handler: lexik_jwt_authentication.handler.authentication_failure

        register:
            pattern: ^/api/register
            anonymous: true
            methods: [POST]

        docs:
            pattern:  ^/api/docs
            anonymous: true
            methods: [GET]

        api:
            pattern: ^/api
            stateless: true
            guard:
                authenticators:
                    - lexik_jwt_authentication.jwt_token_authenticator
    access_control:
        - { path: ^/api/docs, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/api/register, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/api/profile/social-account, roles: ROLE_INFLUENCER }
        - { path: ^/api, roles: IS_AUTHENTICATED_FULLY }

I am trying to add also login by facebook but I have no idea how to handle that with JWT, as I want to return after login a JWT token.

Is there any way to handle facebook login and JWT login?

Improve this question

2 Answers 2

Reset to default
3

You can have a good idea of how to implement it here : https://github.com/lexik/LexikJWTAuthenticationBundle/issues/295.

Basically after the user accept the Facebook login on your frontend :

  • send a POST request with the user's token to your custom endpoint (for example login/facebook.

  • Then you can make an extra request with the user's token to Facebook api to get extra information as firstname, lastname or user's email (for example with https://graph.facebook.com/me/?fields=first_name,last_name,email). The token needs to have correct permissions to get access to those information (https://developers.facebook.com/docs/facebook-login/permissions/overview).

  • You can now create a user if the email is not in your database. Finally just return the token with create method of JWTManager class.

$token = $this->jwtManager->create($user);

By using this logic, it is totally transparent for your frontend whether your user has already loged in with your app or not and it gets a token the same way a user would get with your /login endpoint.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

I assume you have an frontend application (React/Angular/Vue...) that consumes your API.

I would handle the "login with Facebook" on the Frontend side. After the user accepts the authentication via Facebook, they will be send back to your frontend app. At that point you have access to all the information you need (e.g. e-mail, first name, last name, etc).

POST that information to a new endpoint (e.g. /api/facebook-login), which handles your registration and/or login process, and then return an JWT token with your newly created user. Lexik makes it possible to manually create tokens:

class ApiController extends Controller
{
    public function getTokenUser(UserInterface $user, JWTTokenManagerInterface $JWTManager)
    {
        // ...

        return new JsonResponse(['token' => $JWTManager->create($user)]);
    }
}
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.