Symfony 3通过远程API对用户进行身份验证 [英] Symfony 3 authenticate user against remote API
问题描述
我有一个应用程序,其中后端和前端由不同的主机提供服务,并且是两个不同的应用程序(均基于Symfony 3).
I've got an application where back-end and front-end are served from different hosts and are two different applications (both Symfony 3 based).
其中一个(c的后端)处理业务逻辑,并将用户及其角色保留在数据库中.后端提供了可供前端使用的REST API.我无法修改后端代码,因为这不是我的项目-我只想为其创建前端.
One of them (back-end ofc) handles business logic and keeps users and their roles in it's DB. Back-end provides REST API to be used by front-end. I have no possibility to modify back-end code as it's not my project - I just want to create a front-end for it.
当前,我正在尝试在Symfony 3中创建前端应用程序,但是我不确定如何使该前端应用程序针对远程API进行身份验证,并且不保留任何用户数据(或尽可能少)它的一面.
Currently, I'm trying to create front-end app in Symfony 3 but I'm not sure how to make the front-end app authenticate against a remote API and keep no user data (or as little as possible) on its side.
在通过REST API将凭据传递到后端之后,令牌将发送到前端应用程序,然后发出API请求(例如,前端应用程序将呈现给用户的数据将与成功认证后接收到的令牌一起发送).
After passing credentials to the backend via REST API a token is sent to front-end application and following API requests (e.g. data the front-end app would present to the user are to be sent with token received after successful authentication).
我的问题再次:如何针对Symfony 3中的远程自定义(非OAuth)API进行身份验证?
另外:如何稍后正确处理令牌?(成功认证后发出每个请求时必须使用令牌).最简单的方法是什么?
And additionally: How to handle token properly later? (it has to be used while making every request after successful authentication). What is the easiest way to achieve this?
我一直在努力寻找体面的信息(也许是教程?)我是Symfony的菜鸟:(
I've been struggling to find decent info (maybe a tutorial?) I'm a noob in Symfony :(
大多数文章都介绍了提供一个API,该API允许客户端连接到它,而不是在Symfony中制作客户端应用.
Most articles describe providing an API which allows clients to connect to it, not making a client app in Symfony.
我发现了什么: 通过3rd Party REST API进行Symfony2身份验证-最相关,尽管它描述了Symfony 2的流程和可接受的答案描述了应该做的简短的事情
What I found: Symfony2 authentication via 3rd Party REST API - most relevant, though it describes a flow for Symfony 2 and the accepted answer describes what should be done only briefly
https://blog. vandenbrand.org/2012/06/19/symfony2-authentication-provider-authenticate-against-webservice/-关于Symfony 2
https://blog.vandenbrand.org/2012/06/19/symfony2-authentication-provider-authenticate-against-webservice/ - concerning Symfony 2
http://symfony.com/doc/current/security/custom_authentication_provider.html -可能是最热门的话题,但是,我不知道应用会将用户保留在哪里(在此示例中是否有必要编写自定义用户提供程序?)
http://symfony.com/doc/current/security/custom_authentication_provider.html - probably the most on topic, however, I don't understand where will app keep it's users (is writing a custom user provider necessary in this example?)
推荐答案
您已经找到问题的答案.那是自定义身份验证提供程序.您可以将令牌保留在前端应用程序存储中,并对其进行身份验证.登录时,您应该通过请求后端应用创建令牌,然后将其保存在令牌存储中.然后,您只需要对令牌进行身份验证(请参阅身份验证提供程序的示例).
You've already found the answer on your question. That's custom authentication provider. You can keep the tokens in your frontend app storage, and just authenticate them. On login, you should create the token via request to backend app, save it in your token storage and that's all. Then you only need to authenticate the token (just see an example of auth provider).
关于在前端应用程序中保留用户数据,这取决于您.您不必保留任何数据,因此,如果您想显示一些详细信息(即用户名等),则也必须存储该详细信息(或在每个请求中都进行检索,但这会影响性能).至少您可以为此使用缓存.
Regarding keeping user data in your frontend app, it's up to you. You don't have to keep any data, therefore if you'd like to show some details (i.e. user name and so on) you have to store that details too (or retrieve it each request - but that will impact the performance). At least you can use caching for that.
所以可能的方法是:
- On login(with login form or elsewhere), just authenticate user in login handler (create your own auth provider as described there - don't worry about Symfony 2, security component is almost the same - there are some incompatibilities, but the direction is correct). After successful authentication, store token in your frontend storage (also you can store some user details you need like name and so on).
- On each request, authenticate the user using the token that's kept in your frontend app storage (that's another auth provider) - you don't need to send request to your backend app.
这篇关于Symfony 3通过远程API对用户进行身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
