grimzy/security-json-service-provider
Service Provider JSON auth
Maintainers
Package info
github.com/grimzy/security-json-service-provider
pkg:composer/grimzy/security-json-service-provider
Requires
- silex/silex: ^2.0
- symfony/security: ~2.8|~3.0
Requires (Dev)
- phpunit/phpunit: ^5.7
- symfony/browser-kit: ^3.2
Suggests
None
Provides
None
Conflicts
None
Replaces
None
MIT 6376c5fe3d525055cecba3f8e7d8b94cefa7b9b7
- Joseph Estefane <estefanejoe.woop@gmail.com>
This package is auto-updated.
Last update: 2026-06-29 01:20:46 UTC
README
👁 Build Status
👁 Packagist
👁 Packagist
👁 Packagist Pre Release
👁 license
This Security factory provides a cookie-less replacement for form_login which cannot be used .
Since they rely on cookies, the switch_user and logout config options are not supported with this Security factory.
Security advisory: Although you are not forced to, it is highly advised to use HTTPS.
Installation
Using command line:
composer require grimzy/security-json-service-provider:1.0^
Or adding to composer.json:
"grimzy/security-json-service-provider:1.0^"
Usage
Configure firewalls:
$app['security.firewalls'] = [ 'login' => [ 'pattern' => '^/api/login', 'anonymous' => true, 'stateless' => true, 'json' => [ // Default configuration 'username_parameter' => 'username', 'password_parameter' => 'password', 'post_only' => true, 'json_only' => true ] ], 'secured' => [ 'pattern' => '^.*$', 'stateless' => true, 'token' => true ], ];
Add a users provider:
$app['users'] = function () use ($app) { return new InMemoryUserProvider([ 'admin' => [ 'roles' => ['ROLE_ADMIN'], 'password' => '5FZ2Z8QIkA7UTZ4BYkoC+GsReLf569mSKDsfods6LYQ8t+a8EW9oaircfMpmaLbPBh4FOBiiFyLfuZmTSUwzZg==', // foo 'enabled' => true ], ]); };
Example configuration:
$app['security.firewalls' => [ 'login' => [ 'pattern' => '^/api/login', 'anonymous' => true, 'stateless' => true, 'json' => [ // Default configuration 'username_parameter' => 'username', 'password_parameter' => 'password', 'post_only' => true, 'json_only' => true ] ], 'secured' => [ 'pattern' => '^.*$', 'stateless' => true, 'token' => true ], ]];
Register the service providers:
$app->register(new Silex\Provider\SecurityServiceProvider()); $app->register(new Silex\Provider\SecurityJsonServiceProvider());
Define a route (only accessible after successful authentication):
use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\JsonResponse; $app->post('/api/login', function(Request $request) use ($app) { $user = $app['user']; // Logged in user $token = $app['some.token_encoder']->encode($user); return new JsonResponse([ 'token' => $token ]); };
Note: if post_only is false, you can use $app->get() instead of $app->post when defining your route.
Override entry point
Create a new class implementing Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface:
use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\Security\Core\Exception\AuthenticationException; use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface; class GandalfAuthenticationEntryPoint implements AuthenticationEntryPointInterface { /** * {@inheritdoc} */ public function start(Request $request, AuthenticationException $authException = null) { return new Response('You shall not pass!', Response::HTTP_UNAUTHORIZED); } }
Replace the packaged JsonAuthenticationEntrypoint with the created one:
$app->register(new Silex\Provider\SecurityJsonServiceProvider()); // after registering the provider $app['security.entry_point.json'] = function () use ($app) { return new GandalfAuthenticationEntryPoint(); };