gfreeau / get-jwt-bundle
This Symfony bundle provides a security listener to return a JWT
Installs: 586 830
Dependents: 5
Suggesters: 0
Security: 0
Stars: 86
Watchers: 2
Forks: 37
Open Issues: 5
Type:symfony-bundle
Requires
- php: >=5.3.3
- symfony/dependency-injection: ^2.7 || ^3.2 || ^4.0
- symfony/http-kernel: ^2.7 || ^3.2 || ^4.0
- symfony/security-bundle: ^2.7 || ^3.2 || ^4.0
README
This bundle requires LexikJWTAuthenticationBundle. Please read the docs for that bundle at https://github.com/lexik/LexikJWTAuthenticationBundle
It provides a replacement for the security factory "form_login". "form_login" is designed for use with cookies and will set cookies even when the stateless parameter is true.
The 'switch_user' and 'logout' config options are not supported with this security factory as they rely on cookies.
Authenticating json web tokens is provided by LexikJWTAuthenticationBundle.
Json Web Tokens are perfect for use in SPA such as AngularJS or in mobile applications. Using this bundle you can easily use symfony2 for your API.
You should use SSL connections only for your API to protect the contents of your json web tokens.
Installation
Installation with composer:
(For Symfony2, Symfony3 and Symfony4)
composer require gfreeau/get-jwt-bundle "^2.0"
Next, be sure to enable the bundle in your app/AppKernel.php
file:
public function registerBundles() { return array( // ... new Gfreeau\Bundle\GetJWTBundle\GfreeauGetJWTBundle(), // ... ); }
Usage
Example of possible security.yml
:
firewalls: gettoken: pattern: ^/api/getToken$ stateless: true gfreeau_get_jwt: # this is the default config username_parameter: username password_parameter: password authentication_provider: security.authentication.provider.dao user_checker: security.user_checker success_handler: lexik_jwt_authentication.handler.authentication_success failure_handler: lexik_jwt_authentication.handler.authentication_failure # protected firewall, where a user will be authenticated by its jwt token api: pattern: ^/api stateless: true # default configuration lexik_jwt: ~ # check token in Authorization Header, with a value prefix of e: bearer
This bundle supports the AuthenticationSuccessEvent from LexikJWTAuthenticationBundle, read their documentation for more information. You can use this event to append more information to your json web token.
A route must be defined for the url you wish to use to get your token:
/** * @Route("/api/getToken") * @Method({"POST"}) */ public function getTokenAction() { // The security layer will intercept this request return new Response('', 401); }