sofyco / facebook-security-voter-bundle
Symfony Facebook Security Voter Bundle
Package info
github.com/sofyco/facebook-security-voter-bundle
Type:symfony-bundle
pkg:composer/sofyco/facebook-security-voter-bundle
Fund package maintenance!
1.0.0
2026-07-01 17:19 UTC
Requires
- php: ^8.5
- symfony/framework-bundle: ^8.0
- symfony/security-bundle: ^8.0
Requires (Dev)
- phpstan/phpstan: ^2.1
- phpunit/phpunit: ^13.1
- symfony/browser-kit: ^8.0
README
Installation
composer req sofyco/facebook-security-voter-bundle
Configuration
The bundle exposes a facebook_security_voter configuration node with two
required, non-empty string arguments:
secret— Facebook App Secret; verifies thex-hub-signature-256HMAC-SHA256 header onPOSTwebhooks.signature— verify token; verifies thehub_verify_tokenquery parameter onGETverification requests.
# config/packages/facebook_security_voter.yaml facebook_security_voter: secret: '%env(FACEBOOK_APP_SECRET)%' signature: '%env(FACEBOOK_VERIFY_TOKEN)%'
Both options are resolved into the FacebookWebhookVoter constructor
($secret and $signature); the RequestStack argument is autowired.
Usage
The bundle registers a security voter (FacebookWebhookVoter) that grants
access when the current request is a legitimate Facebook webhook call:
GETrequests are validated against thehub_verify_tokenquery parameter;POSTrequests are validated against thex-hub-signature-256HMAC-SHA256 header.
Use the FacebookWebhookVoter::SIGNATURE attribute to protect a controller:
use Sofyco\Bundle\FacebookSecurityVoterBundle\Security\Voter\FacebookWebhookVoter; use Symfony\Component\Security\Http\Attribute\IsGranted; #[IsGranted(FacebookWebhookVoter::SIGNATURE)] public function __invoke(): Response { // ... }