Installation

This package has a Symfony Flex recipe that will install configuration files for you.

Default configuration files will be copied in the dev environment.

Step 1

The recommended way to install it is with Composer.

This package requires a PSR HTTP client and a PSR Message implementation.

We recommend using symfony/http-client and nyholm/psr7, but feel free to use the one you prefer.

composer require symfony/http-client
composer require nyholm/psr7

composer require ecphp/api-gw-authentication-bundle

This package has a Symfony recipe that will provides the minimum configuration files.

Warning

Be carefull, the recipe will create enable some routes in your dev environment only. Those routes might be considered as a security issue if they are enabled in the production environment. Those routes are /api/token and /api/user. Find the documentation related to those routes inside the classes themselves. To disable them completely, just delete the file packages/config/routes/dev/api_gw_authentication.yaml from your application.

Step 2

Edit the bundle configuration by editing the file config/packages/dev/api_gw_authentication.yaml.

api_gw_authentication:
    defaults:
        env: acceptance # Available values are: acceptance, intra, production, user

Optionally, to use your own public and private key, then you do not need this package. Simply enable the bundle lexik/jwt-authentication-bundle and follow their documentation.

However, if you still want this package and your own keys, edit the configuration as such

api_gw_authentication:
    defaults:
        env: user # Available values are: acceptance, intra, production, user
    envs:
        user:
            public: <path-to-the-public-key>
            private: <path-to-the-private-key>

The environment user is the only custom environment that you can create. It has a very limited use. It was mostly created for the unit tests.

Step 3

This is the crucial part of your application’s security configuration.

Edit the security settings of your application by edition the file config/packages/security.yaml.

security:
    firewalls:
        default:
            anonymous: ~
            stateless: true
            guard:
                provider: api_gw_authentication # This is provided by default by the bundle.
                authenticators:
                    - lexik_jwt_authentication.jwt_token_authenticator
    access_control:
        - { path: ^/api/token, role: IS_ANONYMOUS } # Optional - See step 2, enable this ONLY for dev environment
        - { path: ^/api, role: IS_AUTHENTICATED_FULLY }

This configuration example will trigger the authentication on paths starting with /api, therefore make sure that at least such paths exists.

Feel free to change these configuration to fits your need. Have a look at the Symfony documentation about security and Guard authentication.

Step 4

Optionally, you can override the default HTTP client.

Edit your own services.yaml file as such:

services
    cachedHttpClient:
        class: 'Symfony\Component\HttpClient\CachingHttpClient'
        arguments:
            $store: '@http_cache.store'

    api_gw_authentication.http_client:
        class: 'Symfony\Component\HttpClient\Psr18Client'
        arguments:
            $client: '@cachedHttpClient'