Update admin authentification #295
Conversation
Add api-platform/admin#51 changes and change the request for compatibility with LexikJWTAuthenticationBundle (tested and works)
admin/authentication-support.md
Outdated
| headers: new Headers({ 'Content-Type': 'application/json' }), | ||
| // the next two lines are compatible with LexikJWTAuthenticationBundle. Change this if you use something else ... | ||
| body: `_username=${username}&_password=${password}`, | ||
| headers: new Headers({ 'Content-Type': 'application/x-www-form-urlencoded' }), |
There was a problem hiding this comment.
Why can't we keep json login? It has nothing to do with LexikJWTAuthentication see here
There was a problem hiding this comment.
I just tried in json and lexik return 401 bad credentials :
curl -X POST \
http://localhost/api/web/login_check \
-H 'content-type: application/json' \
-d '{"_username": "admin", "_password": "admin"} 'Only with this configuration I can login. Maybe it's my config but I only have this :
lexik_jwt_authentication:
private_key_path: '%jwt_private_key_path%'
public_key_path: '%jwt_public_key_path%'
pass_phrase: '%jwt_key_pass_phrase%'
token_ttl: '%jwt_token_ttl%'There was a problem hiding this comment.
So maybe you're right. I thought that because the beginning of this page says that we assume that the api is secure with jwt (with a link to the doc which explains how to use LexikJWTAuthentication) so I thought that this page has to explain how to use admin with LexikJWTAuthentication but if you think that it's should be general ...
There was a problem hiding this comment.
I agree with @pierre-H. We should update the doc of the Lexik bundle to explain how to allow JSON login or keep with form-data. (it would be great if we can use JSON everywhere).
There was a problem hiding this comment.
Does someone have an idea how to use Lexik bundle with json ?
There was a problem hiding this comment.
@pierre-H : Lexik provides some handlers. You just have to use these handlers with the new JSON authenticator.
Note: The JSON authenticator is available since Symfony 3.3.
In app/config/security.yml, you will write something like this:
security:
# ...
firewalls:
login:
anonymous: true
json_login:
check_path: /login
failure_handler: lexik_jwt_authentication.handler.authentication_failure
success_handler: lexik_jwt_authentication.handler.authentication_success
# ...In admin, you can now directly send JSON to the API:
const request = new Request(`${API_ENTRYPOINT}/login`, {
body: JSON.stringify({
username: params.username,
password: params.password,
}),
headers: new Headers({
'Content-Type': 'application/json',
}),
method: 'POST',
});
return fetch(request).then( /* ... */);In my repositories, you can find an example secured API and an example of admin.
|
|
||
| const restClient = api => hydraClient(api, fetchHydra); | ||
|
|
||
| const apiDocumentationParser = entrypoint => parseHydraDocumentation(entrypoint, { headers: new Headers(fetchHeaders) }) |
There was a problem hiding this comment.
We really should not need this :p. maybe we can pass headers to the react component?
There was a problem hiding this comment.
I would rather keep it simplest so anybody can implement their own login and authentication with api. I use token passed in header to backend
|
@mauchede would you mind reviewing this PR? |
|
@pierre-H: Can you add For example: return fetch(request)
.then(response => {
if (response.status < 200 || response.status >= 300) {
throw new Error(response.statusText);
}
return response.json();
})
.then(({ token }) => {
window.localStorage.setItem(LOCAL_STORAGE_KEY_TOKEN, token);
window.location.replace('/');
}); |
|
@mauchede done |
|
Thank you @mauchede for your explanation. I change the doc so we use json instead of form data |
|
@mauchede is it good for you ? |
|
Thanks @pierre-H |
Add api-platform/admin#51 changes and change the request for compatibility with LexikJWTAuthenticationBundle (tested and works)