nazka / access-token-security-bundle
Provides an API Security Firewall based on AccessToken in Request header
Installs: 68
Dependents: 0
Suggesters: 0
Security: 0
Stars: 1
Watchers: 2
Forks: 0
Open Issues: 0
Type:symfony-bundle
Requires
- php: >=5.3.3
- snc/redis-bundle: 1.1.*@dev
- symfony/framework-bundle: ~2.3
This package is not auto-updated.
Last update: 2025-03-01 17:54:49 UTC
README
Secures an API access checking AccessToken header to authenticate a user.
The API Firewall expects a "AccessToken" parameter in each Request header. If the AccessToken is valid then an ApiToken is introduced in the SecurityContext.
In order to create new AccessTokens a UsernamePasswordLoginManager is provided. It expects an username/password combination, and delegates its validation to a firewall (configurable, 'main' by default). When the username/password combination is correct then a new AccessToken is created.
FOSRestBundle Controller
A SecurityController is also included, it is prepared to work with FOSRestBundle and creates an "AccessToken" resource to provide an REST way to login. I.E GET /api/v2/accesstoken?username=user&password=pass
TODO
-
Document installation and configuration (security.yml, routing.yml, ... )
-
Make AccessToken parameter name configurable
-
Add an entity listener to remove accesstokens when user credentials are removed.