In Symfony 6.2 we introduced an Access Token Authenticator capable of fetching RFC6750 compliant tokens and retrieving the associated user identifier. Symfony 7.1 enhances this feature with several new capabilities.
First, we've added support for RSA algorithm signatures. The tokens used in this authenticator are currently signed using the ES256 algorithm. Given the widespread use of the RSA algorithm in services like Amazon Cognito, we have now included support for it as well.
To use either or both algorithms in your application, update your security configuration file:
1 2 3 4 5 6 7 8 9 10 11 12 13
# config/packages/security.yaml
security:
firewalls:
main:
access_token:
token_handler:
oidc:
# Algorithm used to sign the JWS
- algorithm: 'ES256'
+ algorithms: ['ES256', 'RS256']
# A JSON-encoded JWK
- key: '{"kty":"...","k":"..."}'
+ keyset: '{"keys":[{"kty":"...","k":"..."}]}'Additionally, Symfony 7.1 introduces a new CAS 2.0 access token handler. CAS (Central Authentication Service) is a single sign-on protocol for web applications. It allows a user to access multiple applications while providing their credentials (such as user ID and password) only once.
Symfony now includes a generic Cas2Handler to interface with your CAS
server. Add the following to your security configuration to configure the URL
where your CAS server will validate the requests:
1 2 3 4 5 6 7 8
# config/packages/security.yaml
security:
firewalls:
main:
access_token:
token_handler:
cas:
validation_url: https://example.com/cas/validate
Yeah!!!