Symfony 2: manual login and Json Web Token
I have a problem with my current project. I am using Symfony 2.6, this project is an API called my frontend. The authentication and login protocol is very specific, it uses middleware (different website).
I am adding a package called JWTAuthenticationWebToken So I need to manually log in due to using middleware. I installed the package correctly and added the correct settings, but this custom provider is never called.
How do I implement it with a user manual?
My controller:
<?php $token = new UsernamePasswordToken($user, null, "login", $user->getRoles());
$this->get("security.context")->setToken($token); //now the user is logged in
//now dispatch the login event
$request = $this->get("request");
$event = new InteractiveLoginEvent($request, $token);
$this->get("event_dispatcher")->dispatch("security.interactive_login", $event); ?>
security.yml
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
# the login page has to be accessible for everybody
demo_login:
pattern: ^/demo/secured/login$
security: false
login:
pattern: /api/user/uber/f6d75c949cda2517b826cacba5523792
stateless: true
anonymous: true
form_login:
check_path: /api/user/uber/f6d75c949cda2517b826cacba5523792
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
require_previous_session: false
api:
pattern: ^/(api)
stateless: true
lexik_jwt: ~
I also wrote two files "ApiKeyAuthenticator" and "ApiKeyUserProvider" as specified here for manual authorization. http://symfony.com/doc/current/cookbook/security/api_key_authentication.html
EDIT: I also created the listeners mentioned in LexikJWTAuthenticationBundle doc '
what's wrong?:(
thanks for the help
source to share
After a lot of searching (google, stackoverflow, sample applications, bundle doc, ...) it seems that there was no suggested solution for manually authenticating users from a controller.
Also, I had to open source, find which method is called to generate a token on a successful authentication event ( source code ), and finally adapt the code to my need (register / Login user to API from Facebook login response in mobile app ).
My alternative:
// SecurityController.php
protected function generateToken($user, $statusCode = 200)
{
// Call jwt_manager service & create the token
$token = $this->get('lexik_jwt_authentication.jwt_manager')->create($user);
// If you want, add some user informations
$userInformations = array(
'id' => $user->getId(),
'username' => $user->getUsername(),
'email' => $user->getEmail(),
'roles' => $user->getRoles(),
);
// Build your response
$response = array(
'token' => $token,
'user' => $user,
);
// Return the response in JSON format
return new JsonResponse($response, $statusCode);
}
The token will be returned just like the classic login_check handler and will have the same time before expiration.
Hope this help for the following users.
source to share