Implements core authentication services for projects using as3io/modlr
- You must use or replicate the supplied
core-user
model.- You can (optionally) use the supplied
core-account
model.
- You can (optionally) use the supplied
Install the package via composer:
composer require limit0/modlr-auth-bundle
Include the bundle in your AppKernel.php
:
public function registerBundles()
{
$bundles = [
// ...
new Limit0\ModlrAuthBundle\Limit0ModlrAuthBundle(),
// ...
You will need to import this bundle's routing. To prevent any potential collision issues, be sure to load it before your API is loaded in your application:
limit0_modlr_auth:
resource: "@Limit0ModlrAuthBundle/Resources/config/routing.yml"
as3_modlr_bundle:
resource: "@As3ModlrBundle/Resources/config/routing.yml"
defaults:
_format: json
# ...
Update security.yml
configuration (a template is available):
Add the core_user
provider:
providers:
core_user:
id: modlr_auth_bundle.security.user_provider.core_user
# ...
Add the user encoder:
encoders:
Limit0\Bundle\ModlrAuthBundle\Security\User\CoreUser:
algorithm: bcrypt
cost: 13
# ...
There are two authenticators supplied, a stateless API authenticator that uses JWT:
firewalls:
api:
context: core
pattern: ^/api\/rest
provider: core_user
guard:
authenticators:
- modlr_auth_bundle.security.authenticator.api
And one that uses stateful Symfony framework tokens:
firewalls:
manage:
context: core
anonymous: ~
provider: core_user
guard:
authenticators:
- modlr_auth_bundle.security.authenticator.core_user
remember_me:
secret: "%secret%"
lifetime: 63072000
name: __modlr-auth
always_remember_me: true
logout:
path: /api/auth/user/destroy
invalidate_session: false
success_handler: modlr_auth_bundle.security.logout_success_handler
Once you've configured your firewalls, configure your access controlled paths.
To lock out the modlr API (replace api/rest
with your configured modlr rest api prefix):
access_control:
- { path: ^/api/auth, roles: [ IS_AUTHENTICATED_ANONYMOUSLY ] }
- { path: ^/api/rest, roles: [ ROLE_ADMIN\USER ] }
Or locking down the entire application can be done as well:
access_control:
access_control:
- { path: ^/api/auth, roles: [ IS_AUTHENTICATED_ANONYMOUSLY ] }
- { path: ^/, roles: [ ROLE_ADMIN\USER ] }