New in Symfony 7.1: Improved Access Token Authenticator

May 13, 2024 Published by Avatar of Javier Eguiluz Javier Eguiluz

Symfony 7.1 is backed by:

JoliCode is a team of passionate developers and open-source lovers, with a strong expertise in PHP & Symfony technologies. They can help you build your projects using state-of-the-art practices.
At Rector, we help successful and growing companies to get the most of the code they already have. Including upgrading to the latest Symfony LTS. We deliver automated refactoring, reduce maintenance costs, speed up feature delivery, and transform legacy code into a strategic asset. Let us handle the dirty work, so you can focus on the features.
Les-Tilleuls.coop is a team of 70+ Symfony experts who can help you design, develop and fix your projects. We provide a wide range of professional services including development, consulting, coaching, training and audits. We also are highly skilled in JS, Go and DevOps. We are a worker cooperative!

In Symfony 6.2 we introduced an Access Token Authenticator capable of fetching RFC6750 compliant tokens and retrieving the associated user identifier. Symfony 7.1 enhances this feature with several new capabilities.

Florent Morselli
Contributed by Florent Morselli in #53682

First, we've added support for RSA algorithm signatures. The tokens used in this authenticator are currently signed using the ES256 algorithm. Given the widespread use of the RSA algorithm in services like Amazon Cognito, we have now included support for it as well.

To use either or both algorithms in your application, update your security configuration file:

1
2
3
4
5
6
7
8
9
10
11
12
13
# config/packages/security.yaml
 security:
     firewalls:
         main:
             access_token:
                 token_handler:
                     oidc:
                         # Algorithm used to sign the JWS
-                        algorithm: 'ES256'
+                        algorithms: ['ES256', 'RS256']
                         # A JSON-encoded JWK
-                        key: '{"kty":"...","k":"..."}'
+                        keyset: '{"keys":[{"kty":"...","k":"..."}]}'
Nicolas Attard
Contributed by Nicolas Attard in #48276

Additionally, Symfony 7.1 introduces a new CAS 2.0 access token handler. CAS (Central Authentication Service) is a single sign-on protocol for web applications. It allows a user to access multiple applications while providing their credentials (such as user ID and password) only once.

Symfony now includes a generic Cas2Handler to interface with your CAS server. Add the following to your security configuration to configure the URL where your CAS server will validate the requests:

1
2
3
4
5
6
7
8
# config/packages/security.yaml
security:
    firewalls:
        main:
            access_token:
                token_handler:
                    cas:
                        validation_url: https://example.com/cas/validate
Published in #Living on the edge

Help the Symfony project!

As with any Open-Source project, contributing code or documentation is the most common way to help, but we also have a wide range of sponsoring opportunities.

Comments

Avatar of jeremyFreeAgent — Jérémy Romey
jeremyFreeAgent — Jérémy Romey Certified said on May 13, 2024

Yeah!!!

Comments are closed.

To ensure that comments stay relevant, they are closed for old posts.