Mise en place d'une authentification JWT dans une app Symfony 3.4 avec JWT Lexik Bundle

Mise en place du Bundle JWTLexikBundle dans une application Symfony 3.4.

Publié le 26/08/2019

1 - Installation du Bundle

php composer.phar require "lexik/jwt-authentication-bundle"

Enregistrement du bundle :

  
public function registerBundles()
{
    return array(
        // ...
        new Lexik\Bundle\JWTAuthenticationBundle\LexikJWTAuthenticationBundle(),
    );
}

2 - Configuration

2.1 - Génération des clés ssh


cd /path/to/app/dir
mkdir -p config/jwt 
openssl genrsa -out config/jwt/private.pem -aes256 4096

Choisir une passphrase.

openssl rsa -pubout -in config/jwt/private.pem -out config/jwt/public.pem

Valider avec la passphare.

2.2 - Paramétrage de config.yml

Ajouter les directives de configuration suivante :



# JWT Authentication
lexik_jwt_authentication:
    secret_key:       '%kernel.project_dir%/config/jwt/private.pem' # required for token creation
    public_key:       '%kernel.project_dir%/config/jwt/public.pem'  # required for token verification
    pass_phrase:      'your_secret_passphrase' # required for token creation, usage of an environment variable is recommended
    token_ttl:        3600

2.3 - Paramétrage de security.yml



security:
    # ...
    
    firewalls:

        login:
            pattern:  ^/api/login
            stateless: true
            anonymous: true
            json_login:
                check_path:               /api/login_check
                success_handler:          lexik_jwt_authentication.handler.authentication_success
                failure_handler:          lexik_jwt_authentication.handler.authentication_failure

        api:
            pattern:   ^/api
            stateless: true
            guard:
                authenticators:
                    - lexik_jwt_authentication.jwt_token_authenticator
        // ...

    access_control:
        - { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/api,       roles: IS_AUTHENTICATED_FULLY }

2.4 - Paramétrage des routes

Configuration de la route de login dans config/routing.yml



api_login_check:
    path: /api/login_check

3 - Génération d'un token



curl -X POST -H "Content-Type: application/json" http://greenmine.local/api/login_check -d '{"username":"username","password":"password"}'

4 - Test d'un requête avec authentification JWT



curl -X GET \
  http://greenmine.local/api/plants \
  -H 'Accept: */*' \
  -H 'Authorization: Bearer TOKEN' \
  -H 'Cache-Control: no-cache' \
  -H 'Connection: keep-alive' \
  -H 'Content-Type: application/json' \
  -H 'Host: greenmine.local' \
  -H 'Postman-Token: 3d9a9417-2027-4569-a502-162ebf603ea9,b401567a-9c48-429b-8249-824ef1a2d115' \
  -H 'User-Agent: PostmanRuntime/7.13.0' \
  -H 'accept-encoding: gzip, deflate' \
  -H 'cache-control: no-cache'