Download the PHP package ghost-agency/stateless-auth-bundle without Composer
On this page you can find all versions of the php package ghost-agency/stateless-auth-bundle. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download ghost-agency/stateless-auth-bundle
More information about ghost-agency/stateless-auth-bundle
Files in ghost-agency/stateless-auth-bundle
Package stateless-auth-bundle
Short Description Handle stateless authentication.
License MIT
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package stateless-auth-bundle
stateless-auth-bundle
Handle stateless authentication without SSH key needed. (Inspired from LexikJWTAuthenticationBundle)
Getting started
Prerequisites
This bundle requires Symfony 2.8+.
Protip: Though the bundle doesn't enforce you to do so, it is highly recommended to use HTTPS.
Installation
Add ghost-agency/stateless-auth-bundle
to your composer.json file:
php composer.phar require "ghost-agency/stateless-auth-bundle"Register the bundle in app/AppKernel.php:
Configuration
Configure the hash key in your config.yml :
Configure your security.yml :
Configure your routing.yml :
Usage
1. Obtain the token
The first step is to authenticate the user using its credentials. A classical form_login on an anonymously accessible firewall will do perfect.
Just set the provided ghost_agency_stateless_auth.success_handler service as success handler to
generate the token and send it as part of a json response body.
Store it (client side), the JWT is reusable until its ttl has expired (3600 seconds by default).
Note: You can test getting the token with a simple curl command like this:
If it works, you will receive something like this:
2. Use the token
Simply pass the JWT on each request to the protected firewall as an authorization header.
By default only the authorization header mode is enabled : Authorization: Bearer {token}
Important note for Apache users
As stated in this link and this one, Apache server will strip any Authorization header not in a valid HTTP BASIC AUTH format.
If you intend to use the authorization header mode of this bundle (and you should), please add those rules to your VirtualHost configuration :
All versions of stateless-auth-bundle with dependencies
firebase/php-jwt Version ^5.0
symfony/security Version ~2.8|~3.0|~4.0
symfony/config Version ~2.8|~3.0|~4.0
symfony/dependency-injection Version ~2.8|~3.0|~4.0