FOSUserBundle Integration

API Platform Core is shipped with a bridge for FOSUserBundle. If the FOSUser bundle is enabled, this bridge will use its UserManager to create, update and delete user resources.

Note: FOSUserBundle is not well suited for APIs. We strongly encourage you to use the Doctrine user provider shipped with Symfony or to create a custom user provider instead of using this bundle.

Installing the Bundle

The installation procedure of the FOSUserBundle is described in the main Symfony docs

You can:

If you are using the API Platform Standard Edition, you will need to enable the form services in the symfony framework configuration options:

# api/config/packages/framework.yaml
framework:
    form: { enabled: true }

Enabling the Bridge

To enable the provided bridge with FOSUserBundle, you need to add the following configuration to API Platform:

# api/config/packages/api_platform.yaml
api_platform:
    enable_fos_user: true

Creating a User Entity with Serialization Groups

Here's an example of declaration of a Doctrine ORM User class. There's also an example for a Doctrine MongoDB ODM. You need to use serialization groups to hide some properties like plainPassword (only in read) and password. The properties shown are handled with normalization_context, while the properties you can modify are handled with denormalization_context.

Create your User entity with serialization groups:

<?php
// api/src/Entity/User.php

namespace App\Entity;

use ApiPlatform\Core\Annotation\ApiResource;
use Doctrine\ORM\Mapping as ORM;
use FOS\UserBundle\Model\User as BaseUser;
use FOS\UserBundle\Model\UserInterface;
use Symfony\Component\Serializer\Annotation\Groups;

/**
 * @ORM\Entity
 * @ORM\Table(name="fos_user")
 * @ApiResource(
 *     normalizationContext={"groups"={"user", "user:read"}},
 *     denormalizationContext={"groups"={"user", "user:write"}}
 * )
 */
class User extends BaseUser
{
    /**
     * @ORM\Id
     * @ORM\Column(type="integer")
     * @ORM\GeneratedValue(strategy="AUTO")
     */
    protected $id;

    /**
     * @Groups({"user"})
     */
    protected $email;

    /**
     * @ORM\Column(type="string", length=255, nullable=true)
     * @Groups({"user"})
     */
    protected $fullname;

    /**
     * @Groups({"user:write"})
     */
    protected $plainPassword;

    /**
     * @Groups({"user"})
     */
    protected $username;

    public function setFullname(?string $fullname): void
    {
        $this->fullname = $fullname;
    }

    public function getFullname(): ?string
    {
        return $this->fullname;
    }

    public function isUser(?UserInterface $user = null): bool
    {
        return $user instanceof self && $user->id === $this->id;
    }
}