gfreeau/get-jwt-bundle

This Symfony2 bundle provides a security listener to return a JWT

Installs: 298 598

Dependents: 6

Suggesters: 0

Stars: 90

Watchers: 2

Forks: 29

Open Issues: 1

Type:symfony-bundle

2.0.2 2017-12-22 22:04 UTC

README

This bundle requires LexikJWTAuthenticationBundle. Please read the docs for that bundle at https://github.com/lexik/LexikJWTAuthenticationBundle

It provides a replacement for the security factory "form_login". "form_login" is designed for use with cookies and will set cookies even when the stateless parameter is true.

The 'switch_user' and 'logout' config options are not supported with this security factory as they rely on cookies.

Authenticating json web tokens is provided by LexikJWTAuthenticationBundle.

Json Web Tokens are perfect for use in SPA such as AngularJS or in mobile applications. Using this bundle you can easily use symfony2 for your API.

You should use SSL connections only for your API to protect the contents of your json web tokens.

Installation

Installation with composer:

composer require gfreeau/get-jwt-bundle

If you are using symfony 3 you can test the new 2.0 version:

composer require gfreeau/get-jwt-bundle:2.0.x-dev

Next, be sure to enable the bundle in your app/AppKernel.php file:

public function registerBundles()
{
    return array(
        // ...
        new Gfreeau\Bundle\GetJWTBundle\GfreeauGetJWTBundle(),
        // ...
    );
}

Usage

Example of possible security.yml :

    firewalls:
        gettoken:
            pattern:  ^/api/getToken$
            stateless: true
            gfreeau_get_jwt:
                # this is the default config
                username_parameter: username
                password_parameter: password
                authentication_provider: security.authentication.provider.dao
                user_checker: security.user_checker 
                success_handler: lexik_jwt_authentication.handler.authentication_success
                failure_handler: lexik_jwt_authentication.handler.authentication_failure

        # protected firewall, where a user will be authenticated by its jwt token
        api:
            pattern:   ^/api
            stateless: true
            # default configuration
            lexik_jwt: ~ # check token in Authorization Header, with a value prefix of e:    bearer

This bundle supports the AuthenticationSuccessEvent from LexikJWTAuthenticationBundle, read their documentation for more information. You can use this event to append more information to your json web token.

A route must be defined for the url you wish to use to get your token:

/**
 * @Route("/api/getToken")
 * @Method({"POST"})
 */
public function getTokenAction()
{
    // The security layer will intercept this request
    return new Response('', 401);
}