Symfony 4 Restful API login with JWT and facebook

AndreiNt
January 18, 2020
238 views
0 votes
2 Answers

I have a question regarding authentication with JWT and Facebook for a restful API app.

I am using Symfony 4 and for authentication “lexik/jwt-authentication-bundle”: “^2.6”, to generate jwt tokens based on username and password.

Here is my configuration security.yaml:

security:
    encoders:
        AppEntityUser: bcrypt
    providers:
        database:
            entity:
                class: AppEntityUser
                property: username
    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false

        login:
            pattern: ^/api/login
            stateless: true
            anonymous: true
            json_login:
                check_path: /api/login
                success_handler: lexik_jwt_authentication.handler.authentication_success
                failure_handler: lexik_jwt_authentication.handler.authentication_failure

        register:
            pattern: ^/api/register
            anonymous: true
            methods: [POST]

        docs:
            pattern:  ^/api/docs
            anonymous: true
            methods: [GET]

        api:
            pattern: ^/api
            stateless: true
            guard:
                authenticators:
                    - lexik_jwt_authentication.jwt_token_authenticator
    access_control:
        - { path: ^/api/docs, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/api/register, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/api/profile/social-account, roles: ROLE_INFLUENCER }
        - { path: ^/api, roles: IS_AUTHENTICATED_FULLY }

I am trying to add also login by facebook but I have no idea how to handle that with JWT, as I want to return after login a JWT token.

Is there any way to handle facebook login and JWT login?

Answers

- MitchelAwesome
- May 4, 2020 at 6:14 pm
- 0 votes
0
I assume you have an frontend application (React/Angular/Vue…) that consumes your API.

I would handle the “login with Facebook” on the Frontend side. After the user accepts the authentication via Facebook, they will be send back to your frontend app. At that point you have access to all the information you need (e.g. e-mail, first name, last name, etc).

POST that information to a new endpoint (e.g. /api/facebook-login), which handles your registration and/or login process, and then return an JWT token with your newly created user. Lexik makes it possible to manually create tokens:
```
class ApiController extends Controller
{
    public function getTokenUser(UserInterface $user, JWTTokenManagerInterface $JWTManager)
    {
        // ...

        return new JsonResponse(['token' => $JWTManager->create($user)]);
    }
}
```
Login or Signup to reply.

- AEcrubit
- May 4, 2020 at 6:48 pm
- 0 votes
0
You can have a good idea of how to implement it here : https://github.com/lexik/LexikJWTAuthenticationBundle/issues/295.

Basically after the user accept the Facebook login on your frontend :
- send a POST request with the user’s token to your custom endpoint (for example login/facebook.
- Then you can make an extra request with the user’s token to Facebook api to get extra information as firstname, lastname or user’s email (for example with https://graph.facebook.com/me/?fields=first_name,last_name,email).
  The token needs to have correct permissions to get access to those information (https://developers.facebook.com/docs/facebook-login/permissions/overview).
- You can now create a user if the email is not in your database.
  Finally just return the token with create method of JWTManager class.
```
$token = $this->jwtManager->create($user);
```
By using this logic, it is totally transparent for your frontend whether your user has already loged in with your app or not and it gets a token the same way a user would get with your /login endpoint.
Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.