Hey I have another concern / idea. Since Symfony2 is a MVC framework i find it odd that Logout and FormLogin is implemented as listeners instead of a Controller in the FrameworkBundle or in its own Bundle.
The security layer as i see it dosent require you to have a username and/or password. the loadByUsername is really a loadByWhaterverYourMainFIeldForFindingUsersAre so loadByUsername could really use the username as a uid for a provider (like Facebook or Twitter). (Warning: Have not either played very much with the Security Component) On 22 Nov., 20:28, Jeremy Mikola <[email protected]> wrote: > I wanted to propose a rather quick topic: revisiting the discussion over > the default interfaces in the Security component, particularly regarding the > assumption that users have username/password fields. I was speaking to > Johannes and digitarald (not sure what his real name is) over this sometime > after last week's IRC meeting. Transcript: > > https://gist.github.com/710445 > > The summary was that the existing interfaces in the Security component seem > to assume a specific authentication mechanism, and are not well-suited for > integration with SSO and shared auth methods (CAS, Facebook, OAuth, etc.). > This is relevant to the mailing list discussion some weeks ago, which a > number of folks participated in: > > Symfony2: some random thoughts about the new security > layerhttp://groups.google.com/group/symfony-devs/browse_thread/thread/cfba... > > Before discussing this Thursday, I hope to gain a deeper understanding of > how the Security component utilizes UsernamePasswordToken and > PreAuthenticatedToken, as the latter seems like it would be appropriate for > SSO. From what I understand presently, the basic AccountInterface, which > everything seems to depend upon, mandates the username/password > requirement. Perhaps the most basic account should only require a getId() > method, and an interface atop that can introduce the username/password > requirement. UsernamePasswordToken would then depend on that higher > interface, while something like PreAuthenticatedToken can work with the most > basic account interface. > > I'm not looking for an immediate "how to do SSO with security component" > solution. Rather, I'd just like to consider how we can make that possible > without requiring developers to implement unnecessary code. > > Thanks, > > -- > jeremy mikola -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
