Retrieve User from given Token, from an unsecured path

[Ph3nol]

Hi,

First congrats for this awesome and amazing bundle that I'm currently using for all my WebServices projects.

My little question:
What is the best way to retrieve a user from an unsecured path?

My context:
I have a /api/1/example/{id}.json endpoint, to access an element informations.
This path is unsecured.
I'd like to use an optional token, and retrieve matching user if passed through the Request headers.
The problem is that without passing through the firewall (and so the bundle security listener), my token-user association is not handled.

Any idea about this?

Thank you so much.

[slashfan]

Hi,

I think you could use the JWTManager::decode(TokenInterface $token) method.
Unfortunately it only accepts a TokenInterface so you would have to first create a new JWTUserToken and pass it your token in the setRawToken($rawToken) method.

If the token is successfully decoded it will return an array containing the user identity (by default the username). Then it's up to you to retrieve your user from it.

Of course, it's all theory ! Let me know if it works :)

[Ph3nol]

I was thinking about using this solution yesterday, but ignoring if a better practice was planned for an incoming release.

I'll test it today and keep you informed about it.
Thanks! :)

[Ph3nol]

I confirm this theory works perfectly! :)

[slashfan]

Great :)