I have a website with symfony (2.8) (let's say alpha-website)
On of my clients wants to use my website, but through his mobile application Workwell (https://workwell.io/en/). This mobile application is an application to centralize all external websites in a single mobile application. Basically, each external website has a link button on the mobile app and clicking on this link will open the external website page on a dedicated web view on the mobile app. This way the user remains connected to the mobile app Workwell, while scrolling through the external website.
My need is:
when a user is on workwell and clicks on the alpha-website logo, I want him to be directly connected/authenticated (or create him an account) before redirecting to my home page.
My question:
What is the best way to do this on the symfony? What are the best practices?? Any documentation links would be much appreciated.
I guess I first should have an api endpoint with a token, that workwell service will reach and then this endpoint will communicate with workwell api to get user information and authenticate. But then what is the best and most secure way to implement the authentication part on my website with this user information?
Should I use the Guard Authenticator for example?? (https://symfony.com/doc/2.8/security/guard_authentication.html) Should I get inspired by other authentication bundles, like the HWIOAuthBundle??
Thank you in advance for your ideas and support.
