bricre/micro-service-common

Common components used for Bricre micro services

Installs: 1 348

Dependents: 1

Suggesters: 0

Security: 0

Type:symfony-bundle

0.0.2 2022-01-02 15:35 UTC

This package is auto-updated.

Last update: 2022-07-31 00:31:32 UTC


README

Symfony bundle - micro-service-common

This is a Symfony bundle contains some commonly used components for Bricre micro services.

Installation

composer require bricre/micro-service-common

Security

LexikJWTAuthenticationBundle is used to provide JWT based security guard.

# security.yaml
security:
# https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
  providers:
    # used to reload user from session & other features (e.g. switch_user)
    app_user_provider:
      entity:
        class: App\Entity\User
        property: username

  firewalls:
    main:
      anonymous: true
      lazy: true
      provider: app_user_provider
      stateless: true
      json_login:
        check_path: /api/user/login
        success_handler: lexik_jwt_authentication.handler.authentication_success
        failure_handler: lexik_jwt_authentication.handler.authentication_failure
      guard:
        authenticators:
          - lexik_jwt_authentication.jwt_token_authenticator

To use this bundle, you will have to have Kong available as APIGateway. Internally it calls Kong's admin API to create Consumer and retrieves JWT credentials.

Make sure in your .env to have SERVICE_KONG environment variable pointing to the Kong server

SERVICE_KONG=kong

Security work flow

  1. json_login will use app_user_provider to validate username and password
  2. Once login credential accepted, lexik_jwt_authentication.handler.authentication_success will return a JWT token, where Bricre\MicroServiceCommonBundle\EventListener\JWTCreatedListener would inject the current User information into the token.
  3. User then use Authentication: Bearer xxxxxxxx header to make request
  4. Since the User info has already existed in the token (JWT payload), lexik_jwt_authentication.jwt_token_authenticator would automatically decode the token and authenticate the user.