Gonzalo Ayuso has put together a new post for his site showing how to do token-based authentication with Silex and the help of a few additional Symfony components.
What happens if we want to use a security layer [in a Silex application]? We can use sessions. Sessions are the “standard” way to perform authentication in web applications, but when our application is a PhoneGap/Cordova application that uses a Silex server as API server, sessions aren’t the best way. The best way now is a token based authentication. The idea is simple. First we need a valid token. Our API server will give us a valid token if we send valid credentials in a login form. Then we need to send the token with each request (the same way than we send the session cookie with each request).
He includes all the code you'll need to follow along. His example shows a basic Silex application that fetches the token from the URL and uses middleware to handle the validation. There's a bit of CORS mixed in as well to make the cross-domain requests from the applications possible. He creates a service provider (for logins) and controller provider to handle each type of request.