FOSUserBundle Integration

API Platform Core is shipped with a bridge for FOSUserBundle. If the FOSUser bundle is enabled, this bridge will use its UserManager to create, update and delete user resources.

Note: FOSUserBundle is not well suited for APIs. We strongly encourage you to use the Doctrine user provider shipped with Symfony or to create a custom user provider instead of using this bundle.

User Entity screencast
Watch the User Entity screencast

Installing the Bundle

The installation procedure of the FOSUserBundle is described in the main Symfony docs

You can:

If you are using the API Platform Standard Edition, you will need to enable the form services in the symfony framework configuration options:

# api/config/packages/framework.yaml
framework:
    form: { enabled: true }

Enabling the Bridge

To enable the provided bridge with FOSUserBundle, you need to add the following configuration to API Platform:

# api/config/packages/api_platform.yaml
api_platform:
    enable_fos_user: true

Creating a User Entity with Serialization Groups

Here's an example of declaration of a Doctrine ORM User class. There's also an example for a Doctrine MongoDB ODM. You need to use serialization groups to hide some properties like plainPassword (only in read) and password. The properties shown are handled with normalization_context, while the properties you can modify are handled with denormalization_context.

Create your User entity with serialization groups:

<?php
// api/src/Entity/User.php

namespace App\Entity;

use ApiPlatform\Core\Annotation\ApiResource;
use Doctrine\ORM\Mapping as ORM;
use FOS\UserBundle\Model\User as BaseUser;
use FOS\UserBundle\Model\UserInterface;
use Symfony\Component\Serializer\Annotation\Groups;

/**
 * @ORM\Entity
 * @ORM\Table(name="fos_user")
 * @ApiResource(
 *     normalizationContext={"groups"={"user", "user:read"}},
 *     denormalizationContext={"groups"={"user", "user:write"}}
 * )
 */
class User extends BaseUser
{
    /**
     * @ORM\Id
     * @ORM\Column(type="integer")
     * @ORM\GeneratedValue(strategy="AUTO")
     */
    protected $id;

    /**
     * @Groups({"user"})
     */
    protected $email;

    /**
     * @ORM\Column(type="string", length=255, nullable=true)
     * @Groups({"user"})
     */
    protected $fullname;

    /**
     * @Groups({"user:write"})
     */
    protected $plainPassword;

    /**
     * @Groups({"user"})
     */
    protected $username;

    public function setFullname(?string $fullname): void
    {
        $this->fullname = $fullname;
    }

    public function getFullname(): ?string
    {
        return $this->fullname;
    }

    public function isUser(?UserInterface $user = null): bool
    {
        return $user instanceof self && $user->id === $this->id;
    }
}