Securing a Symfony REST API (OAuth2 ?)
Question
I'm a little bit confused with the OAuth2 implementation (is it the right solution for what i'm building?) in a Symfony3 REST API.
Here's the situation :
In our app, we have multiple users definitions such as :
- Customers
- Partners
- Admins
There is various "front-end" apps :
- Mobile app (for customers only)
Multiple web apps (each app is restricted to a user type), for example:
- customer.myapp.com
- partner.myapp.com
- admin.myapp.com
All the users (customers, partners & admins) have to provide their credentials to access their app.
The REST API, who provides functionnalities for each apps. I was going to do something like this :
- api.myapp.com/customer
- api.myapp.com/partner
- api.myapp.com/admin
Is it a good/the right solution to secure it with OAuth2 ?
Thanks for your help!
1 answers
solution1
0 2016-05-11 16:34:17
$token = new UsernamePasswordToken($user, null, "main", $user->getRoles()); to get more info on how to use you can see the link: https://github.com/symfony/symfony/blob/master/src/Symfony/Component/Security/Core/Authentication/Token/UsernamePasswordToken.php
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.