New in Symfony 3.3: JSON authentication
December 6, 2016 • Published by Javier Eguiluz
Warning: This post is about an unsupported Symfony version. Some of this information may be out of date. Read the most recent Symfony Docs.
Symfony 3.2 was released just a few days ago, but we've already started working on Symfony 3.3, which will be released at the end of May 2017. This is the first article of the "New in Symfony 3.3" series where we'll showcase the most relevant new features of this version.
Contributed by
Kévin Dunglas
in #18952.
The Symfony Security component provides out-of-the-box support for several authentication mechanisms, such as form logins and HTTP. In Symfony 3.3 we added a new mechanism based on JSON. It's similar to the traditional form login, but it takes a JSON document as entry and is convenient for APIs, especially used in combination with JWT.
In practice, first you need to add the json_login
option to your firewall
and define the URL used to log in users:
1 2 3 4 5 6 7 8
# app/config/security.yml
security:
# ...
firewalls:
main:
# ...
json_login:
check_path: /login
Then, create an empty controller associated with that URL. The controller must be empty because Symfony intercepts and handles this request (it checks the credentials, authenticates the user, throws an error if needed, etc.):
1 2 3 4 5 6 7 8 9 10 11 12 13 14
// src/AppBundle/Controller/SecurityController.php
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\HttpFoundation\Request;
class SecurityController extends Controller
{
/**
* @Route("/login", name="login")
*/
public function loginAction(Request $request)
{
}
}
And that's all. You can now log in users sending a JSON document like the
following to the /login
URL:
1
{ "username": "dunglas", "password": "foo1234" }
You can read the new How to Build a JSON Authentication Endpoint article for more details and to learn about its customization options.
Help the Symfony project!
As with any Open-Source project, contributing code or documentation is the most common way to help, but we also have a wide range of sponsoring opportunities.
Comments are closed.
To ensure that comments stay relevant, they are closed for old posts.
Is it mandatory to create a controller where we specify explicitly that "/login" is the proper route?
IIRC, if you have a controller, it's better to use the route_name instead of a pattern, else you can use the pattern without controller.
Should be tested, but this is what I remember about form_login, so why would it be different for json_login ?
@Alex yes, you can also use a route name. And you can also change the structure of the JSON document sent to that URL. Everything is explained in the linked article.
So if you don't want to define an empty controller, you need to use YAML or XML for the route.