-
-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[API] JWT Authentication #11174
[API] JWT Authentication #11174
Conversation
Zales0123
commented
Mar 4, 2020
Q | A |
---|---|
Branch? | api |
Bug fix? | no |
New feature? | yes |
BC breaks? | no |
Deprecations? | no |
Related tickets | |
License | MIT |
6d4342f
to
78dd1f4
Compare
print_header "Setting up JWT for API" "Sylius" | ||
run_command "source .env.test" | ||
run_command "openssl genrsa -out config/jwt/private-test.pem 4096 -algorithm rsa -passout env:JWT_PASSPHRAS rsa_keygen_bits:4096" | ||
run_command "openssl pkey -in config/jwt/private-test.pem -out config/jwt/public-test.pem -pubout" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we expose this in our docs?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Probably 👌
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
But as we don't have any docs for the new API right now (instead of swagger which, maybe, is enough 💃) I would add it later 🚀
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's one of the problems that people may have issues with running and testing it :( Let's move with this PR, but we need to provide this note in the installation guide.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Both private-test.pem and public-test.pem (for test environment) could be included in the repository
on .gitignore
!config/jwt/*-test.pem
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey Loic, could you open a PR with fix?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@lchrusciel Yes here #11198 🥂
c7fb1ee
to
6d14d40
Compare
8a847be
to
2ddaf24
Compare
); | ||
$defaultHeaders = ['HTTP_ACCEPT' => 'application/ld+json']; | ||
if ($this->sharedStorage->has('token')) { | ||
$defaultHeaders['HTTP_Authorization'] = 'Bearer ' . $this->sharedStorage->get('token'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
$defaultHeaders['HTTP_Authorization'] = 'Bearer ' . $this->sharedStorage->get('token'); | |
$defaultHeaders['HTTP_Authorization'] = 'Bearer ' . $this->sharedStorage->get('securiity_token'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
securiiiiiiiiity
💃
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
XD
Thanks, Mateusz! 🥇 |
Part of #11250 |