如果FOSUserBundle足以保证RESTful API的安全性，为什么要使用FOSOAuthServerBundl

我有一个RESTful API(基于FOSRestBundle(，使用我想要保护的angularJS应用程序。为此，我简单地使用了FOSUserBundle，它正如我所期望的那样工作。事实上，如果我通过/login连接，那么对RESTful API的调用就会连接。

那么，如果API将被应用程序或客户端使用，特别是当API是我的并且应用程序也是我的时，为什么要使用FOSOAuthServerBundle呢？

即使在通过FOSOAuthServerBundle连接后，您也会被重定向到一个页面，在该页面中，您将允许或拒绝访问应用程序(这是我的应用程序(到我的RESTful API。这根本不符合逻辑！！！

请给我你的意见。

注意：我在security.yml和angularjs应用下面添加了

security.yml

security:
    encoders:
        FOSUserBundleModelUserInterface: bcrypt
    role_hierarchy:
        ROLE_USER : ROLE_API
        ROLE_ADMIN: ROLE_USER
        ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
    providers:
        fos_userbundle:
            id: fos_user.user_provider.username
    firewalls:
        dev:
            pattern:      ^/(_(profiler|wdt)|css|images|js)/
            security:     false
        api_doc:
            pattern:      ^/api/doc
            security:     false
        main:
            pattern: ^/
            form_login:
                provider: fos_userbundle
                csrf_token_generator: security.csrf.token_manager
            logout:       true
            anonymous:    true

    access_control:
        - { path: ^/oauth/v2/auth$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/api, roles: [ IS_AUTHENTICATED_FULLY ] }

app.js

angular.module('ads', ['ngRoute', 'restangular'])
        .config(function ($interpolateProvider) {
            $interpolateProvider.startSymbol('{[{').endSymbol('}]}');
        })
        // .config(['RestangularProvider', function(RestangularProvider) {
        //     RestangularProvider.setDefaultHeaders({'Authorization': 'Basic YW1pbmU6c3RpZ21hdGFn'}); //cmVzdGFwaTpzZWNyZXRwdw==
        // }])
        .config(['RestangularProvider', function (RestangularProvider) {
                RestangularProvider.setBaseUrl('/minnapi/web/app_dev.php/api/v1/');
                RestangularProvider.setResponseExtractor(function (response, operation, what, url) {
                    if (operation == 'getList') {
                        return _.toArray(response);
                    } else {
                        return response;
                    }
                });
                RestangularProvider.addRequestInterceptor(function (element, operation, what, url) {
                    var newRequest = {};
                    if (operation == 'post' || operation == 'put') {
                        what = what.split('');
                        what.pop();
                        what = what.join('');
                    }
                    if (operation == 'put') {
                        delete element._links;
                    }
                    newRequest[what] = element;
                    return newRequest;
                });
                RestangularProvider.setRestangularFields({
                    selfLink: '_links.self.href'
                });
                RestangularProvider.setDefaultRequestParams('get', {limit: 100});
            }]);

app-controller.js

angular.module('ads')
        .controller('BrandController', ['$scope', '$routeParams', '$filter', 'Restangular', '$q',
            function ($scope, $routeParams, $filter, Restangular, $q) {
                'use strict';
                $scope.brands = [];
                $scope.newBrand = {name: '', published: true};
                Restangular.all('brands').getList().then(function (brands) {
                    $scope.brands = brands;
                });

                $scope.addBrand = function () {
                    $scope.brands.post($scope.newBrand).then(function (brand) {});
                    $scope.brands.push($scope.newBrand);
                    $scope.newBrand = {name: '', published: true};
                };
            }]);