auth0/jwt-auth-bundle

Support for authenticating users with a JWT in Symfony.

Installs: 430 025

Dependents: 1

Suggesters: 0

Security: 0

Stars: 98

Watchers: 56

Forks: 58

Open Issues: 1

Type:symfony-bundle

4.0.0 2021-03-24 12:08 UTC

README

JWT Authentication bundle for Symfony

Build Status Total Downloads Latest Stable Version PHP Support Code Coverage License FOSSA

Requirements

Installation

Installation is supported through Composer:

composer require auth0/jwt-auth-bundle

Configuration

After installing the bundle in your project you should find a new file located at config/packages/jwt_auth.yaml. These values should read from variables set in your .env file. Available configuration options are:

jwt_auth:
  #  The domain of your registered Auth0 tenant.
  domain: "%env(AUTH0_DOMAIN)%"
  # The client ID string of your registered Auth0 application.
  client_id: "%env(AUTH0_CLIENT_ID)%"
  # The audience/identifier string of your registered Auth0 API.
  audience: "%env(AUTH0_API_AUDIENCE)%"

  # Defaults to RS256. Supported options are RS256 or HS256.
  algorithm: "RS256"
  # If you're using HS256, you need to provide the client secret for your registered Auth0 application.
  client_secret: "%env(AUTH0_CLIENT_SECRET)%"

  # Recommended. A PSR-6 or PSR-16 compatible cache.
  # See: https://symfony.com/doc/current/components/cache.html
  cache: "cache.app"

  # Token validations to run during JWT decoding:
  validations:
    # Validate AUD claim against a value, such as an API identifier. Set to false to skip. Defaults to jwt_auth.audience.
    aud: "%env(AUTH0_API_AUDIENCE)%"
    # Validate the AZP claim against a value, such as a client ID. Set to false to skip. Defaults to false.
    azp: "%env(AUTH0_CLIENT_ID)%"
    # Validate ORG_ID claim against a value, such as the Auth0 Organization. Set to false to skip. Defaults to false.
    org_id: "%env(AUTH0_ORGANIZATION)%"
    # Maximum age (in seconds) since the auth_time of the token. Set to false to skip. Defaults to false.
    max_age: 3600
    # Clock tolerance (in seconds) for token expiration checks. Requires an integer value. Defaults to 60 seconds.
    leeway: 60

Auth0 integration

The Auth0 PHP SDK is included in this bundle to handle the processing of JWTs. You can inject to your UserProvider to get the user profile, example code.

Contributing

We appreciate your feedback and contributions to the project! Before you get started, please review the following:

Support + Feedback

  • The Auth0 Community is a valuable resource for asking questions and finding answers, staffed by the Auth0 team and a community of enthusiastic developers
  • For code-level support (such as feature requests and bug reports) we encourage you to open issues here on our repo
  • For customers on paid plans, our support center is available for opening tickets with our knowledgeable support specialists

Further details about our support solutions are available on our website.

Vulnerability Reporting

Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.

What is Auth0?

Auth0 helps you to:

Why Auth0?

License

This project is open source software licensed under the MIT license. See the LICENSE file for more info.

FOSSA Status