I'm making REST backend in symfony3. One of specification in my project is to use JWT authentication.
Is there a bundle that supports that? Or/how to do it by my own.
I need simple solution that generates me token and secure few of my controller actions.
I saw https://github.com/auth0/jwt-auth-bundle and https://github.com/lexik/LexikJWTAuthenticationBundle. Does anyone work with this? I understand that LexikJWT is for Symfony2, what does not solve the case.
I would be grateful for any ideas how to solve my problem.
We develop a REST API with authentication JWT in SF2.
We do not wish to use the bundle Lexik because it was overkill.
We used the library: https://github.com/lcobucci/jwt .
We have a controller that checks the token, which extends the functional controllers.
Update - 2k19, LexikJWTAuthBundle works in Symfony 3.x, 4.x, 5.x.
The official docs explain you very well on how to integrate it with Symfony.
Here are 2 resources/tutorials that explain the same in more detail.
https://digitalfortress.tech/php/jwt-authentication-with-symfony/
https://medium.com/#joeymasip/how-to-create-an-api-with-symfony-4-and-jwt-b2334a8fbec2
Related
My project has plan to use SSO (maybe use Gluu or Auth0,...) and is also considering to apply GraphQL to our API.
On first look, it seem that these two should be easily compatible as they are working on different layers. But I still want to hear from someone experienced with both if there is any problems, considerations or guidelines when apply them to the project?
GraphQL has no opinion in how you Authenticate or Authorize users. So you can use any auth you like.
Our company has an SSO app that I'm looking to replace a significant chunk of the authentication pipeline with IdentityServer4 or 3. The version I'm replacing has its own custom implementation of Dynamic Client Registration (not to spec) and a UI to manage it.
There are a number of Github issues across the IdentityServer project discussing the issue and the resolution appears to be that it hasn't been implemented and someone looking to use DCR should write their own implementation of the spec as an extension.
Am I correct that this is currently not possible and I would be better served creating my own DCR extension on Github for IdentityServer? Or have I missed something with my Google-fu and someone's already written an extension?
Note I'm happy to implement my own if it's necessary.
IdentityServer 4 does not provide any implementation of dynamic client registration as they consider it out of scope for the project.
However you can implement your own, either as a middleware or as a MVC controller.
You need an endpoint that uses ConfigurationDbContext to the Clients table.
Source code for this is a issue on GitHub.
https://github.com/IdentityServer/IdentityServer4/issues/1248
IdentityServer itself (the STS) has no implementation of OIDC DCR
https://openid.net/specs/openid-connect-registration-1_0.html
This is more of an admin type functionality.
The Azure AD team has a sample which authenticates against the AAD common endpoint and uses the returned claims to automatically provision new tenants. It might be a good place to start...
I'm using akka-http-session with the bootzooka seed project. I'm curious what the recommended approach is to implement JWT authentication in akka-http. It appears akka-http-session supports it however the documentation seems to be lacking and examples shown are all using cookie based authentication.
Thank you in advance,
CN
I found this helpful implementing akka-http-sessions:
https://github.com/softwaremill/akka-http-session
How do I offer OAuth 2.0 provider services using swift? I would like to use swift as a rest API but missing this integral component. Would probably be able to build something from the spec but don't have budget on this particular project. Would be a great component to Perfect framework but I don't see it on the roadmap at present?
There are OAuth2 client libs: https://github.com/PerfectlySoft/Perfect-OAuth2
OAuth2 demo: https://github.com/PerfectExamples/Perfect-Authentication-Demo
A work in progress OAuth2 Server: https://github.com/PerfectServers/AuthenticationServer
I cannot find any Swift based OAuth identity provider solutions yet. Found a few libraries that might either be ported or built into a Swift solution, but it seems like the simplest path at the moment would be to implement something like Auth0 or OAuth.io as the provider
I'm using this library with my codeigniter rest service. Basically, I have a REST_controller, that is inherited, and checks for a valid token, using that library.
All I want is to provide an API to secure some of the API methods.
Now, I'm lost reading most of the specs for oauth2 and tutorials regarding that library.
Can anyone help me, proving good tutorials, examples and explanations on I can achieve, a simple login system and then, call user authenticated methods.
Thanks in advance
Just constructed a pictorial tutorial for OAuth2.0 specs. In case you may find this useful:
Tutorial : http://restful-fundamentals.blogspot.in/2013/04/oauth-20-introducation.html
Also adding a web app demo demostrating the different Authorisation Grants flows. It contains the path to the google code as well as some other tips.
http://restful-fundamentals.blogspot.in/2013/04/svn-repository-oauth20-spectifications.html
***Your comments at that blog may be useful to me to improve the contents there*
I did a demo using spring MVC and spring security you can find source code here