CiriciJWTClientBundle

This Bundle is used to login against a JWT server or to check the validity of a JWT Token

It has been based on these instructions.

WARNING! This bundle is Work In Progress and is not ready for production yet

Installation

composer require ciricihq/jwt-client-bundle:dev-master

Then add to AppKernel.php

        $bundles = [
            ...
            new Cirici\JWTClientBundle\CiriciJWTClientBundle(),
            ...
        ];

Configuration

If you are planning to use the bundle as a Authentication service against a JWT server, you should load the external token authenticator adding this to your config.yml

cirici_jwt_client:
    use_external_jwt_api: true
    external_api: "@eight_points_guzzle.client.api_jwt"
    jwt_token_path: /jwt/token # Endpoint where the token POST request will be done

And you must define the api using Guzzle configuration

guzzle:
    clients:
        api_jwt:
            base_url: %api_jwt_base_url%

Configure security for login form against external JWT server

In order to make this bundle work you should define your security.yml like this

# To get started with security, check out the documentation:
security:
    providers:
        token:
            id: project.token.user_provider

    firewalls:
        # disables authentication for assets and the profiler, adapt it according to your needs
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false

        main:
            pattern: ^/
            provider: token
            anonymous: true
            simple_form:
                authenticator: project.token.external_authenticator
                check_path: login_check
                login_path: login
                # user_referer: true
                failure_path: login
            logout:
                path: /logout
                target: login
            remember_me:
                secret: '%secret%'
                lifetime: 86400
                path: /

    access_control:
        - { path: ^/login, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/registration, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/, role: ROLE_ADMIN }

In routes.yml you has to add a login path as those lines for the login fails redirect and add the bundle routes import as well:

jwt_client:
    resource: '@CiriciJWTClientBundle/Resources/config/routing.yml'
    prefix: /

login:
    path: /login

Setting up custom User class for incoming requests

If you want to map the incoming token calls with a custom User class instead of ApiUser you should implement Cirici\JWTClientBundle\Security\ApiUserInterface in your custom User class. Then configure your custom User class in config.yml:

cirici_jwt_client:
    api_user_class: '\AppBundle\Entity\User'

Configure to validate incoming Authentication bearer

In your security.yml firewall you has to add the next lines:

security:
    providers:
        token:
            id: project.token.user_provider

    firewalls:
        api:
            pattern:   ^/api/user
            stateless: true
            guard:
                provider: token
                authenticators:
                    - project.token.authenticator

Extending login template

If you want to modify the default login template you should create the next folders

mkdir -P app/Resources/CiriciJWTClientBundle/views/Security

And then copy the file login.html.twig from the bundle to the folder created above.

Now your app will load the login template just copied and you can modify it without altering the bundle one. :)