Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

[Security] Access Tokens#16819

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged
wouterj merged 3 commits intosymfony:6.2fromSpomky:features/access-token
Nov 26, 2022
Merged

Conversation

Spomky
Copy link
Contributor

Documentation page related to the PRsymfony/symfony#46428

@carsonbot
Copy link
Collaborator

Hey!

Oh no, it looks like you have made this PR towards a branch that is not maintained anymore. :/
Could you update thePR base branch to target one of these branches instead? 4.4, 5.4, 6.0, 6.1.

Cheers!

Carsonbot

@SpomkySpomky marked this pull request as draftMay 22, 2022 16:25
@wouterjwouterj added the Waiting Code MergeDocs for features pending to be merged labelMay 23, 2022
@carsonbotcarsonbot added this to thenext milestoneMay 23, 2022
@SpomkySpomkyforce-pushed thefeatures/access-token branch from2eaa41a to7d32ca7CompareJune 18, 2022 15:46
Copy link
Contributor

@94noni94noni left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

some early reviews passing by :)

Spomky reacted with thumbs up emoji
chalasr added a commit to symfony/symfony that referenced this pull requestAug 10, 2022
This PR was merged into the 6.2 branch.Discussion----------[Security] Access Token Authenticator| Q             | A| ------------- | ---| Branch?       | 6.2| Bug fix?      | yes| New feature?  | yes<!-- please update src/**/CHANGELOG.md files -->| Deprecations? | no| Tickets       |Fix#45844| License       | MIT| Doc PR        |symfony/symfony-docs#16819Hi,This PR aims at fixing#45844.It adds a new authenticator that is able to fetch a token in the request header and retrieve the associated user identifier.The authenticator delegates the token loading to a handler. This handler could manage opaque tokens (random strings stored in a database) or self-contained tokens such as JWT, Paseto, SAML...* [x] [RFC6750, section 2](https://datatracker.ietf.org/doc/html/rfc6750#section-2): Authenticated Requests    * [x] Token in the request header ([section 2.1](https://datatracker.ietf.org/doc/html/rfc6750#section-2.1))    * [x]  Token in the query string ([section 2.2](https://datatracker.ietf.org/doc/html/rfc6750#section-2.2))    * [x]  Token in the request body ([section 2.3](https://datatracker.ietf.org/doc/html/rfc6750#section-2.3))* [x] [RFC6750, section 3](https://datatracker.ietf.org/doc/html/rfc6750#section-3): The WWW-Authenticate Response Header Field    * [x] [RFC6750, section 3.1](https://datatracker.ietf.org/doc/html/rfc6750#section-3.1): Error Codes* [x] Documentation: seesymfony/symfony-docs#16819* [x] Tests# Firewall ConfigurationThis PR adds a new authenticator that covers the RFC6750: `access_token`.Also, it adds the possibility to extract the token from anywhere in the request.## Basic Configuration```yamlsecurity:    firewalls:        main:            pattern: ^/            access_token:                token_handler: access_token.access_token_handler```## Complete Configuration```yamlsecurity:    firewalls:        main:            pattern: ^/            access_token:                user_provider: 'dedicate_user_provider_for_this_firewall'                success_handler: 'custom_success_handler'                failure_handler: 'custom_failure_handler'                token_handler: access_token.access_token_handler                token_extractors:                    - 'security.access_token_extractor.query_string'                    - 'security.access_token_extractor.request_body'                    - 'security.access_token_extractor.header'                    - 'custom_access_token_extractor'```# Token HandlerThis authenticator relies on a Token Handler. Its responsability is to* load the token* check the token (revocation, expiration time, digital signature...)* return the user ID associated to itTokens could be of any kind: opaque strings or self-contained tokens such as JWT, Paseto, SAML2...## Example: from a repository```php<?phpnamespace App\Security;use App\Repository\AccessTokenRepository;use Symfony\Component\Security\Core\Exception\BadCredentialsException;use Symfony\Component\Security\Http\Authenticator\AccessTokenHandler as AccessTokenHandlerAliasInterface;class AccessTokenHandler implements AccessTokenHandlerAliasInterface{    public function __construct(private readonly AccessTokenRepository $repository)    {    }    public function getUserIdentifierFrom(string $token): string    {        $accessToken = $this->repository->findOneByValue($token);        if ($accessToken === null || !$accessToken->isValid()) {            throw new BadCredentialsException('Invalid credentials.');        }        return $accessToken->getUserId();    }}```## Example: from a JWT```php<?phpnamespace App\Security;use App\Security\JWTLoader;use App\Security\JWTValidator;use Symfony\Component\Security\Core\Exception\BadCredentialsException;use Symfony\Component\Security\Http\Authenticator\AccessTokenHandler as AccessTokenHandlerAliasInterface;class AccessTokenHandler implements AccessTokenHandlerAliasInterface{    public function __construct(        private readonly JWTLoader $loader,        private readonly JWTValidator $validator    )    {    }    public function getUserIdentifierFrom(string $token): string    {        try {            $token = $this->loader->loadJWT($token);            $this->validator->validate($token);            return $token->getClaim('sub');        } catch (\Throwable $e) {            throw new BadCredentialsException('Invalid credentials.', $e->getCode, $e);        }    }}```Commits-------e5873e8 [Security] Access Token Authenticator
@SpomkySpomkyforce-pushed thefeatures/access-token branch 4 times, most recently from3ab4092 to5decd7aCompareAugust 11, 2022 11:44
@SpomkySpomky marked this pull request as ready for reviewAugust 11, 2022 12:06
@carsonbotcarsonbot modified the milestones:next,6.2Aug 11, 2022
@javiereguiluzjaviereguiluz added Security and removed Waiting Code MergeDocs for features pending to be merged labelsAug 11, 2022
@carsonbotcarsonbot changed the titleAccess Tokens[Security] Access TokensAug 11, 2022
@wouterj
Copy link
Member

Hi@Spomky! Thanks a lot for this nice piece of documentation.

I've taken the freedom to slightly move some sections around and complete this PR (don't be shocked by the diff, it's mostly fixing line length and moving text around). Imho, this is now ready to merge!

Status: reviewed

@wouterjwouterj merged commit4588822 intosymfony:6.2Nov 26, 2022
@wouterj
Copy link
Member

Thank you for writing these docs,@Spomky!

Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment
Reviewers

@94noni94noni94noni left review comments

@fabpotfabpotfabpot requested changes

@vincentchalamonvincentchalamonvincentchalamon approved these changes

Assignees
No one assigned
Projects
None yet
Milestone
6.2
Development

Successfully merging this pull request may close these issues.

7 participants
@Spomky@carsonbot@wouterj@fabpot@vincentchalamon@94noni@javiereguiluz
[8]ページ先頭
©2009-2025 Movatter.jp