Skip to content

halloverden/symfony-jwt-authenticator-bundle

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

90 Commits
config
config
 
 
src
src
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
composer.json
composer.json
 
 
composer.lock
composer.lock
 
 
phpunit.xml.dist
phpunit.xml.dist
 
 

Repository files navigation

HalloVerdenJwtAuthenticatorBundle

This bundle provides a JWT authenticator for Symfony applications. It's using PHP JWT Framework for parsing and validating the JWT.

Installation

Make sure Composer is installed globally, as explained in the installation chapter of the Composer documentation.

Applications that use Symfony Flex

Open a command console, enter your project directory and execute:

$ composer require halloverden/symfony-jwt-authenticator-bundle

Applications that don't use Symfony Flex

Step 1: Download the Bundle

Open a command console, enter your project directory and execute the following command to download the latest stable version of this bundle:

$ composer require halloverden/symfony-jwt-authenticator-bundle

Step 2: Enable the Bundle

Then, enable the bundle by adding it to the list of registered bundles in the config/bundles.php file of your project:

// config/bundles.php

return [
    // ...
    HalloVerden\JwtAuthenticatorBundle\HalloVerdenJwtAuthenticatorBundle::class => ['all' => true],
];

Configuration

Security config

The authenticator is enabled and configured in the security config.

example config:

# config/packages/security.yaml
security:

  # ...
  firewalls:
    main:
      hallo_verden_jwt:
        provider: 'user_provider'
        failure_handler: ~
        token:
          key_set: 'my_key_set'
          jws_loader: 'hallo_verden_default'
          claim_checker: 'hallo_verden_default'
          mandatory_claims: []
          user_identifier_claim: 'sub'
          token_extractor: 'hallo_verden.token_extractor.bearer'

Key set (key_set)

You need to provide a key set.

See PHP JWT Framework for how to provide a key set.

JWS Loader (jws_loader)

There is a default JWS loader provided (hallo_verden_default), this loader is using the jws_compact serializer and supports RS256 and HS256 signature algorithms.

See PHP JWT Framework for how to create your own loader.

Claim checker (claim_cheker)

There is a default claim checker provided (hallo_verden_default), this checker checks the exp, iat and nbf claims.

See PHP JWT Framework for how to create your own checker.

Mandatory claims (mandatory_claims)

Here you specify the claims that need to be mandatory in your JWT. The user_identifier_claim is automatically added as a mandatory claim.

User identifier claim (user_identifier_claim)

This claim is sent to the user provider for retrieving the user.

Token extractor (token_extractor)

The default extractor hallo_verden.token_extractor.bearer get the bearer token from the authorization header. You can create your own extractor by implementing the TokenExtractorInterface and set the service id to this option.

Failure handler (failure_handler)

By default, the following response is sent on failure:

{
  "error": "INVALID_TOKEN"
}

You can modify this by creating a service implementing the AuthenticationFailureHandlerInterface and set the service id to this option.

About

JWT Authenticator for symfony

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

11 tags

Packages

No packages published

Languages