Skip to content
/ symfony-auth-example Public

A simple stateless auth system example for Symfony 4.

1 star 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

kerwanp/symfony-auth-example

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
assets
assets
 
 
bin
bin
 
 
config
config
 
 
public
public
 
 
src
src
 
 
templates
templates
 
 
tests
tests
 
 
translations
translations
 
 
.env.dist
.env.dist
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
composer.json
composer.json
 
 
composer.lock
composer.lock
 
 
package.json
package.json
 
 
phpunit.xml.dist
phpunit.xml.dist
 
 
symfony.lock
symfony.lock
 
 
webpack.config.js
webpack.config.js
 
 

Repository files navigation

Symfony Auth Example

This project is an example of a simple stateless auth system on Symfony 4.

How it works ?

Here is the pipeline for getting an access to the api resources.

  • Register a new user account
POST /register
    ?username={}
    &firstname={}
    &lastname={}
    &password={}
Content-Type: application/json

HTTP1/1 200 OK
Content-Type: application/json
user: {}
  • Login with the new account
POST /login
    ?email={}
    &password={}
Content-Type: application/json

HTTP1/1 200 OK
Content-Type: application/json
token: {}
expiresIn: {}
  • Use this generate token for accessing resources
GET /user
X-Auth-Token: {}

HTTP1/1 200 OK
Content-Type: application/json
user: {}

How to do that ?

Create User entity

You have to create a User entity implementing UserInterface. This interface will make your user understable by the Security Component.

This entity must at least be able to store the user auth informations.

With this entity, create a UserRepository for storing different methods, in our case a createUser method.

Create UserToken entity

You must create an entity for storing every tokens which will allow your player to access to the resources. We add an expire field to logout the user if he does not call the API for X time.

Create a UserTokenRepository, this class will contain the method for refreshing the expiration date.

Create the TokenUserProvider

This provider will tell to the Security component how to retreive user with a username. With that we will add a method to help us to retreive a UserToken with a given token.

Create the UserTokenAuthenticator

This class will tell to the Securtiy component how to authenticate, for that we will use the SimplePreAuthenticatorInterface. In the createToken method we will retreive the X-Auth-Token which surely contains the token so we create an auth token with anonym informations.

With this token we will user our TokenUserProvider for getting the corresponding UserToken if no one exists or the UserToken expired we auth him as an anonymous user without any permission. If everything passed with succes we auth the user.

Create the AuthController

Create the authentication controller, we need at least 3 routes. The register route, it creates a new User with the given informations. The login route, it checks the credentials and returns a new generated UserToken.

Create the UserController

Create the user controller to allow users to retreive their own informations.

Setup the security configuration

In this file we will configurate three things :

  • How we crypt passwords
  • Register our TokenUserProvider
  • Setup the authentication on all our routes (except login and register)

About

A simple stateless auth system example for Symfony 4.

Topics

symfony system authentication auth stateless symfony4

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages