New in Symfony 7.1: Improved Access Token Authenticator
May 13, 2024 • Published by Javier Eguiluz
Symfony 7.1 is backed by:
In Symfony 6.2 we introduced an Access Token Authenticator capable of fetching RFC6750 compliant tokens and retrieving the associated user identifier. Symfony 7.1 enhances this feature with several new capabilities.
First, we've added support for RSA algorithm signatures. The tokens used in this authenticator are currently signed using the ES256 algorithm. Given the widespread use of the RSA algorithm in services like Amazon Cognito, we have now included support for it as well.
To use either or both algorithms in your application, update your security configuration file:
1 2 3 4 5 6 7 8 9 10 11 12 13
# config/packages/security.yaml
security:
firewalls:
main:
access_token:
token_handler:
oidc:
# Algorithm used to sign the JWS
- algorithm: 'ES256'
+ algorithms: ['ES256', 'RS256']
# A JSON-encoded JWK
- key: '{"kty":"...","k":"..."}'
+ keyset: '{"keys":[{"kty":"...","k":"..."}]}'
Additionally, Symfony 7.1 introduces a new CAS 2.0 access token handler. CAS (Central Authentication Service) is a single sign-on protocol for web applications. It allows a user to access multiple applications while providing their credentials (such as user ID and password) only once.
Symfony now includes a generic Cas2Handler
to interface with your CAS
server. Add the following to your security configuration to configure the URL
where your CAS server will validate the requests:
1 2 3 4 5 6 7 8
# config/packages/security.yaml
security:
firewalls:
main:
access_token:
token_handler:
cas:
validation_url: https://example.com/cas/validate
Help the Symfony project!
As with any Open-Source project, contributing code or documentation is the most common way to help, but we also have a wide range of sponsoring opportunities.
Comments are closed.
To ensure that comments stay relevant, they are closed for old posts.