fellow Symfonians.
I need to integrate my system's login with client's login form, which exists already on their page and was used for their old systems. I use FOSUserBundle with custom view for login form, but unfortunately they want to keep their login form as is ("for reasons"). It's not even on the same server.
Is there a way to pass my CSRF login token to their form (I have the access to their code), or do I have to disable CSRF on my login?
I'm aware that his is not an answer to your specific question Is there a way to pass my CSRF login token to their form? but rather a different way of achieving a login from an external form.
You can login programmatically: How to programmatically login/authenticate a user?
The answer uses a "register" action, but it's similar for you. The important part is this:
$token = new UsernamePasswordToken($user, $password, "public", $user->getRoles());
$this->get("security.token_storage")->setToken($token);
$event = new InteractiveLoginEvent($request, $token);
$this->get("event_dispatcher")->dispatch("security.interactive_login", $event);
which will login the user.