feat: add JWT authentication

2025-12-29 16:15:04 +00:00 · 2024-07-18 03:01:41 +02:00
parent 9c58836b9b
commit a26f75bbad
9 changed files with 300 additions and 4 deletions
--- a/config/bundles.php
+++ b/config/bundles.php
@@ -15,4 +15,5 @@ return [
    Symfony\Bundle\MakerBundle\MakerBundle::class => ['dev' => true],
    Nelmio\CorsBundle\NelmioCorsBundle::class => ['all' => true],
    ApiPlatform\Symfony\Bundle\ApiPlatformBundle::class => ['all' => true],
+    Lexik\Bundle\JWTAuthenticationBundle\LexikJWTAuthenticationBundle::class => ['all' => true],
 ];
--- a/config/packages/lexik_jwt_authentication.yaml
+++ b/config/packages/lexik_jwt_authentication.yaml
@@ -0,0 +1,9 @@
+lexik_jwt_authentication:
+    secret_key: '%env(resolve:JWT_SECRET_KEY)%'
+    public_key: '%env(resolve:JWT_PUBLIC_KEY)%'
+    pass_phrase: '%env(JWT_PASSPHRASE)%'
+
+    api_platform:
+        check_path: /api/login
+        username_path: email
+        password_path: security.credentials.password
--- a/config/packages/security.yaml
+++ b/config/packages/security.yaml
@@ -13,9 +13,15 @@ security:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
-        main:
-            lazy: true
-            provider: app_user_provider
+        api:
+            pattern: ^/api
+            stateless: true
+            entry_point: jwt
+            json_login:
+                check_path: /api/login # or, if you have defined a route for your login path, the route name you used
+                success_handler: lexik_jwt_authentication.handler.authentication_success
+                failure_handler: lexik_jwt_authentication.handler.authentication_failure
+            jwt: ~

            # activate different ways to authenticate
            # https://symfony.com/doc/current/security.html#the-firewall
@@ -26,6 +32,9 @@ security:
    # Easy way to control access for large sections of your site
    # Note: Only the *first* access control that matches will be used
    access_control:
+        - { path: ^/api/login, roles: PUBLIC_ACCESS }
+        - { path: ^/api$,      roles: PUBLIC_ACCESS }
+        - { path: ^/api,       roles: IS_AUTHENTICATED_FULLY }
        # - { path: ^/admin, roles: ROLE_ADMIN }
        # - { path: ^/profile, roles: ROLE_USER }

--- a/config/routes.yaml
+++ b/config/routes.yaml
@@ -3,3 +3,5 @@ controllers:
        path: ../src/Controller/
        namespace: App\Controller
    type: attribute
+api_login_check:
+    path: /api/login