sofyco/facebook-security-voter-bundle

Symfony Facebook Security Voter Bundle

Maintainers

Package info

github.com/sofyco/facebook-security-voter-bundle

Type:symfony-bundle

pkg:composer/sofyco/facebook-security-voter-bundle

Fund package maintenance!

sofyco

Statistics

Installs: 3

Dependents: 0

Suggesters: 0

Stars: 0

Open Issues: 0

1.0.0 2026-07-01 17:19 UTC

This package is auto-updated.

Last update: 2026-07-01 17:24:10 UTC


README

CI codecov stable

Installation

composer req sofyco/facebook-security-voter-bundle

Configuration

The bundle exposes a facebook_security_voter configuration node with two required, non-empty string arguments:

  • secret — Facebook App Secret; verifies the x-hub-signature-256 HMAC-SHA256 header on POST webhooks.
  • signature — verify token; verifies the hub_verify_token query parameter on GET verification requests.
# config/packages/facebook_security_voter.yaml
facebook_security_voter:
    secret: '%env(FACEBOOK_APP_SECRET)%'
    signature: '%env(FACEBOOK_VERIFY_TOKEN)%'

Both options are resolved into the FacebookWebhookVoter constructor ($secret and $signature); the RequestStack argument is autowired.

Usage

The bundle registers a security voter (FacebookWebhookVoter) that grants access when the current request is a legitimate Facebook webhook call:

  • GET requests are validated against the hub_verify_token query parameter;
  • POST requests are validated against the x-hub-signature-256 HMAC-SHA256 header.

Use the FacebookWebhookVoter::SIGNATURE attribute to protect a controller:

use Sofyco\Bundle\FacebookSecurityVoterBundle\Security\Voter\FacebookWebhookVoter;
use Symfony\Component\Security\Http\Attribute\IsGranted;

#[IsGranted(FacebookWebhookVoter::SIGNATURE)]
public function __invoke(): Response
{
    // ...
}