Originally published at: http://www.sitepoint.com/user-authentication-symfony2-userapp-io/
UserApp.io is a handy user management tool and API. It provides a web interface to deal with user accounts (and the many features this involves) and an API to hook them into your own web application. The purpose of this service is to make it easier and safer to manage user authentication by not having to worry about that on your own server.
It has SDKs and various wrappers for many programming languages and frameworks and the price is affordable. Yes, it comes with a price but you can get started freely with quite a lot of things to play around with. I recommend checking out their features page to get more information. Also, it’s very easy to create an account and experiment with creating users, adding properties to their profiles, etc, so I recommend you check that out as well if you haven’t already.
In this article, we are going to look at how we can implement a Symfony2 authentication mechanism that leverages UserApp.io. The code we write can also be found in this small library I created (currently in dev) that you can try out. To install it in your Symfony app, just follow the instructions on GitHub.
In order to communicate with the UserApp.io service, we will make use of their PHP library. Make sure you require this in your Symfony application’s composer.json file as instructed on their GitHub page.
To authenticate UserApp.io users with our Symfony app, we’ll create a few classes:
- A form authenticator class used to perform the authentication with the UserApp.io API
- A custom User class used to represent our users with information gathered from the API
- A user provider class used to retrieve users and transform them into objects of our User class
- A Token class used to represent the Symfony authentication token
- A logout handler class that takes care of logging out from the UserApp.io service.
- A simple exception class that we can throw if the UserApp.io users don’t have any permissions set (that we will convert to Symfony roles)
Once we create these classes, we will declare some of them as services and use them within the Symfony security system.