uxf/security

Maintainers

Details

gitlab.com/uxf/security

Source

Issues

Installs: 10 209

Dependents: 1

Suggesters: 0

Security: 0

Stars: 0

Forks: 0

3.69.1 2025-07-24 20:40 UTC

Requires

MIT f939ab2bb350bc1726234e73970bb81508e275e8

  • UXF <dev.woop@uxf.cz>

This package is auto-updated.

Last update: 2025-07-24 18:44:41 UTC

README

Install

$ composer req uxf/security

// config/packages/uxf.php
use Symfony\Component\DependencyInjection\Loader\Configurator\ContainerConfigurator;

return static function (ContainerConfigurator $containerConfigurator): void {
    $containerConfigurator->extension('uxf_security', [
        'user_class' => User::class,                // required
        'base_url' => 'https://uxf.cz',             // required
        'public_key' => '%env(AUTH_PUBLIC_KEY)%',   // required
        'private_key' => '%env(AUTH_PRIVATE_KEY)%', // required
        // optional
        'access_token_lifetime' => 'P10Y',          // default 1 day
        'refresh_token_lifetime' => 'P20Y',         // default 1 month
        'refresh_token_cookie_path' => '/',         // default null (suggestion: /api/auth/refresh-token)
        'cookie_name' => 'Cookie-Name',             // default Authorization - used for header + cookie
        'cookie_secured' => false,                  // default true
        'cookie_http_only' => false,                // default true
        // OpenID Connect - optional
        'oidc' => [
            'apple' => [
                'client_id' => 'xxx',
            ],
            'facebook' => [
                'client_id' => 'xxx',
                'client_secret' => 'xxx',
            ],
            'gitlab' => [
                'client_id' => 'xxx',
                'client_secret' => 'xxx',
            ],
            'google' => [
                'client_id' => 'xxx',
            ],
            'microsoft' => [
                'client_id' => 'xxx',
            ],
            'mojeid' => [
                'client_id' => 'xxx',
            ],
            'seznam' => [
                'client_id' => 'xxx',
                'client_secret' => 'xxx',
            ],
        ],
    ]);
};

Symfony security config - recommended

// config/packages/security.php
return static function (ContainerConfigurator $config): void {
    $config->extension('security', [
        'providers' => [
            'provider' => [
                'entity' => [
                    'class' => \UXF\CMS\Entity\User::class,
                    'property' => 'email', // BC break in 3.68 (id -> email)
                ],
            ],
        ],
        ...
   ]);
}

Events

LogoutUserEvent

use Symfony\Component\EventDispatcher\Attribute\AsEventListener;
use UXF\Security\Event\LogoutUserEvent;

#[AsEventListener(LogoutUserEvent::class)]
final readonly class LogoutUserListener
{
    public function __invoke(LogoutUserEvent $event): void
    {
        // edit response cookies/headers
        ...
    }
}

OpenID Connect

Create new user

use Nette\Utils\Random;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use UXF\CMS\Entity\User;
use UXF\Security\Service\OIDC\NewUserEvent;

class NewUserEventSubscriber implements EventSubscriberInterface
{
    public function process(NewUserEvent $event): void
    {
        $event->user = new User($event->oidcInfo->email, '', Random::generate());
    }

    /**
     * @inheritDoc
     */
    public static function getSubscribedEvents(): array
    {
        return [
            NewUserEvent::class => 'process',
        ];
    }
}

Providers & URLs

# login
https://domain.com/api/auth/oidc/<provider>/login
# login with redirect (default is /)
https://domain.com/api/auth/oidc/<provider>/login?redirect=/some-path
# login callback
https://domain.com/api/auth/oidc/<provider>/callback