oxid-esales/jwt-authentication-component

Authentication component for OXID eShop with JWT support

Maintainers

Package info

github.com/OXID-eSales/jwt-authentication-component

Type:oxideshop-component

pkg:composer/oxid-esales/jwt-authentication-component

Statistics

Installs: 1

Dependents: 0

Suggesters: 0

Stars: 0

Open Issues: 0

Security

Advisories: 0

Aikido package health analysis

v1.0.0 2026-04-08 09:10 UTC

Requires

Requires (Dev)

proprietary 0ef8b1188879e6e1b1dcc1c797fcea5acbb70d39

  • OXID eSales AG <info.woop@oxid-esales.com>

securityapiAuthenticationjwtOXID

This package is not auto-updated.

Last update: 2026-04-11 04:59:40 UTC

README

JWT-based authentication component for OXID eShop API endpoints.

Features

  • JWT token generation and validation
  • Integration with OXID user system
  • Role-based access control with Symfony Security
  • #[IsGranted] and #[CurrentUser] attributes for protecting endpoints
  • Ready-to-use login and profile endpoints

Installation

composer require oxid-esales/jwt-authentication-component

Configuration

Set the JWT secret key in your .env file:

API_JWT_SECRET=your-secret-key-here

Generate a secure secret:

openssl rand -base64 64

Token Expiration

Default token lifetime is 3600 seconds (1 hour). Override via parameter:

parameters:
  oxid_jwt_authenticator.token_expiration_seconds: 7200

Usage

Login

curl -X POST https://your-shop.com/api/login \
  -H "Content-Type: application/json" \
  -d '{"username": "user@example.com", "password": "password"}'

To authenticate against a specific subshop, pass the shp query parameter:

curl -X POST "https://your-shop.com/api/login?shp=2" \
  -H "Content-Type: application/json" \
  -d '{"username": "user@example.com", "password": "password"}'

Response:

{
  "token": "eyJ0eXAiOiJKV1QiLCJhbGc...",
  "user": {
    "username": "user@example.com",
    "roles": ["ROLE_USER"]
  }
}

Protecting Endpoints

Use Symfony's #[IsGranted] attribute to protect endpoints:

use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\Attribute\Route;
use Symfony\Component\Security\Http\Attribute\IsGranted;

final readonly class MyApiController
{
    #[Route('/api/protected', methods: ['GET'])]
    #[IsGranted('IS_AUTHENTICATED')]
    public function getData(): Response
    {
        // Requires authentication
    }

    #[Route('/api/admin/settings', methods: ['GET'])]
    #[IsGranted('ROLE_ADMIN')]
    public function getSettings(): Response
    {
        // Requires ROLE_ADMIN
    }
}

Accessing Authenticated User

use OxidEsales\AuthComponent\Security\User\ApiUser;
use Symfony\Component\Security\Http\Attribute\CurrentUser;

public function getData(#[CurrentUser] ApiUser $user): Response
{
    return new JsonResponse([
        'username' => $user->getUserIdentifier(),
        'roles' => $user->getRoles()
    ]);
}

Available Roles

  • ROLE_USER - All authenticated users
  • ROLE_ADMIN - Admin users
  • ROLE_ADMIN_MALL - Mall admin users

Role Hierarchy

The component includes a configurable role hierarchy. By default, ROLE_ADMIN_MALL inherits ROLE_ADMIN, meaning mall admins can access all admin endpoints.

Default configuration in services.yaml:

parameters:
  oxid_jwt_authenticator.role_hierarchy:
    ROLE_ADMIN_MALL:
      - ROLE_ADMIN

For more complex role hierarchies, implement RoleResolverInterface with custom resolution logic.

License

Proprietary