OAuthServer and third Party OAuth Provider

Question

I am currently changing my plain Symfony2 WebApplication to an Ember.js Frontend with an REST Api powered by S2 Backend.

In my Old solution I had FOSUserbundle for regular registration / login etc. and HWIOAuthBundle for Facebook login. Now I am trying to move those functionalities to my Rest Api. In order to get regular authentication running I implemented FOSOAuthServerbundle. And my Ember.js is consuming it via Ember-simple-auth. But this is only working for a regular login.

I have no Idea how I would get facebook login working in this setup. Since Facebook is working with OAUth and my backend is working with it. Is my frontend directly asking facebook then for the token? How would my backend get notified? Or are the requests going throught my backend and I am serving the facebook token? Or is my backend asking for the facebook token and then giving back my own Oauth token from the FOSOAuthServerBundle?

There are a lot of questionmarks, and I really haven't found a good answer online. Has somebody implemented a secured REST Api with facebook login?

Answer 1

Have you seen the Facebook examples in the Ember.SimpleAuth repo (https://github.com/simplabs/ember-simple-auth/blob/master/examples/7-external-oauth/index.html)? The basic concept is that the Ember.js app opens the Facebook Auth UI which then redirects to your app that (on the server side) handles Facebook's response and potentially replaces Facebook's token against a custom one that the Ember.js app can use to authenticate against your server.