feat: add JWT authentication

2025-12-29 16:15:04 +00:00 · 2024-07-18 03:01:41 +02:00
parent 9c58836b9b
commit a26f75bbad
9 changed files with 300 additions and 4 deletions
--- a/config/packages/security.yaml
+++ b/config/packages/security.yaml
@@ -13,9 +13,15 @@ security:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
-        main:
-            lazy: true
-            provider: app_user_provider
+        api:
+            pattern: ^/api
+            stateless: true
+            entry_point: jwt
+            json_login:
+                check_path: /api/login # or, if you have defined a route for your login path, the route name you used
+                success_handler: lexik_jwt_authentication.handler.authentication_success
+                failure_handler: lexik_jwt_authentication.handler.authentication_failure
+            jwt: ~

            # activate different ways to authenticate
            # https://symfony.com/doc/current/security.html#the-firewall
@@ -26,6 +32,9 @@ security:
    # Easy way to control access for large sections of your site
    # Note: Only the *first* access control that matches will be used
    access_control:
+        - { path: ^/api/login, roles: PUBLIC_ACCESS }
+        - { path: ^/api$,      roles: PUBLIC_ACCESS }
+        - { path: ^/api,       roles: IS_AUTHENTICATED_FULLY }
        # - { path: ^/admin, roles: ROLE_ADMIN }
        # - { path: ^/profile, roles: ROLE_USER }