[API] JWT Authentication #11174

Zales0123 · 2020-03-04T09:44:46Z

Q	A
Branch?	api
Bug fix?	no
New feature?	yes
BC breaks?	no
Deprecations?	no
Related tickets
License	MIT

lchrusciel · 2020-03-04T13:04:24Z

etc/travis/suites/application/install.sh

+print_header "Setting up JWT for API" "Sylius"
+run_command "source .env.test"
+run_command "openssl genrsa -out config/jwt/private-test.pem 4096 -algorithm rsa -passout env:JWT_PASSPHRAS rsa_keygen_bits:4096"
+run_command "openssl pkey -in config/jwt/private-test.pem -out config/jwt/public-test.pem -pubout"


Should we expose this in our docs?

Probably 👌

But as we don't have any docs for the new API right now (instead of swagger which, maybe, is enough 💃) I would add it later 🚀

That's one of the problems that people may have issues with running and testing it :( Let's move with this PR, but we need to provide this note in the installation guide.

Both private-test.pem and public-test.pem (for test environment) could be included in the repository
on .gitignore
!config/jwt/*-test.pem

Hey Loic, could you open a PR with fix?

@lchrusciel Yes here #11198 🥂

src/Sylius/Behat/Service/ApiSecurityService.php

lchrusciel · 2020-03-05T14:45:57Z

src/Sylius/Behat/Client/ApiPlatformClient.php

- );
+ $defaultHeaders = ['HTTP_ACCEPT' => 'application/ld+json'];
+ if ($this->sharedStorage->has('token')) {
+ $defaultHeaders['HTTP_Authorization'] = 'Bearer ' . $this->sharedStorage->get('token');


Suggested change

$defaultHeaders['HTTP_Authorization'] = 'Bearer ' . $this->sharedStorage->get('token');

$defaultHeaders['HTTP_Authorization'] = 'Bearer ' . $this->sharedStorage->get('securiity_token');

securiiiiiiiiity 💃

lchrusciel · 2020-03-05T14:49:01Z

Thanks, Mateusz! 🥇

lchrusciel · 2020-03-18T15:08:24Z

Part of #11250

Zales0123 added Feature New feature proposals. API APIs related issues and PRs. labels Mar 4, 2020

Zales0123 requested a review from a team as a code owner March 4, 2020 09:44

Zales0123 force-pushed the api-authorization branch from 6d4342f to 78dd1f4 Compare March 4, 2020 11:23

lchrusciel reviewed Mar 4, 2020

View reviewed changes

Tomanhez reviewed Mar 4, 2020

View reviewed changes

src/Sylius/Behat/Service/ApiSecurityService.php Outdated Show resolved Hide resolved

Zales0123 added 6 commits March 4, 2020 23:47

[API] Install jwt authentication bundle and configure basic security

768d1af

[API] Use JWT Authentication in Behat API tests

aea81df

[API][Travis] Set up JWT in travis

3401e10

[API] Test logging in as Admin

c2e34a3

[Behat] Refactor Security services

ad06514

Rebase + fixes after

6d14d40

Zales0123 force-pushed the api-authorization branch from c7fb1ee to 6d14d40 Compare March 4, 2020 22:53

Zales0123 changed the title ~~[WIP][API] JWT Authentication~~ [API] JWT Authentication Mar 4, 2020

[Security] Anonymous access to swagger and login request

2ddaf24

Zales0123 force-pushed the api-authorization branch from 8a847be to 2ddaf24 Compare March 5, 2020 10:30

lchrusciel approved these changes Mar 5, 2020

View reviewed changes

lchrusciel merged commit 522c179 into Sylius:api Mar 5, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[API] JWT Authentication #11174

[API] JWT Authentication #11174

Zales0123 commented Mar 4, 2020

lchrusciel Mar 4, 2020

Zales0123 Mar 4, 2020

Zales0123 Mar 5, 2020

lchrusciel Mar 5, 2020

loic425 Mar 9, 2020

lchrusciel Mar 9, 2020

loic425 Mar 10, 2020

lchrusciel Mar 5, 2020

Zales0123 Mar 5, 2020

lchrusciel Mar 5, 2020

lchrusciel commented Mar 5, 2020

lchrusciel commented Mar 18, 2020

	$defaultHeaders['HTTP_Authorization'] = 'Bearer ' . $this->sharedStorage->get('token');
	$defaultHeaders['HTTP_Authorization'] = 'Bearer ' . $this->sharedStorage->get('securiity_token');

[API] JWT Authentication #11174

[API] JWT Authentication #11174

Conversation

Zales0123 commented Mar 4, 2020

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

lchrusciel commented Mar 5, 2020

lchrusciel commented Mar 18, 2020