Stateless authentication
295 views
Skip to first unread message
gfreeau
Jul 22, 2014, 7:33:12 PM7/22/14
to resting-wi...@googlegroups.com
I've been working on a rest API project for my company and one of the issues I had to work around with symfony2 is stateless authentication.
The built in security listeners in symfony2 all rely on cookies. Even when the stateless parameter is true in the security.yml, a cookie will be set.
If rest is to become a first class citizen in symfony2 I think the core should ship with a stateless friendly security listener.
For my project I've been using the LexikJWTAuthenticationBundle and to get around this issue I created this bundle: https://github.com/gfreeau/GfreeauGetJWTBundle and it works great for my needs
which is a symfony2 based rest API for an angularjs frontend.
The built in security listeners in symfony2 all rely on cookies. Even when the stateless parameter is true in the security.yml, a cookie will be set.
If rest is to become a first class citizen in symfony2 I think the core should ship with a stateless friendly security listener.
For my project I've been using the LexikJWTAuthenticationBundle and to get around this issue I created this bundle: https://github.com/gfreeau/GfreeauGetJWTBundle and it works great for my needs
which is a symfony2 based rest API for an angularjs frontend.
Lukas Kahwe Smith
Jul 23, 2014, 4:39:01 AM7/23/14
to gfreeau, resting-wi...@googlegroups.com
regards,
Lukas Kahwe Smith
sm...@pooteeweet.org
Jesper Pedersen
Jul 23, 2014, 5:16:31 AM7/23/14
to resting-wi...@googlegroups.com
That is pretty odd, I am pretty sure that no cookie is set when using Http Basic and stateless is set to true. Sure it is not something different than the security layer setting the cookie i.e. locale?
Anyway we are using a custom Authentication Service and bshaffer/oauth-server, which works very nicely, but we do have quite complicated needs for authentication/authorization.
- Jesper
gfreeau
Jul 23, 2014, 8:27:09 AM7/23/14
to resting-wi...@googlegroups.com
You are correct, no cookie is set for the basic auth listener that ships with symfony2. However it does set one for the "form_login" listener, even when stateless is true and sessions are disabled in config.yml.
gfreeau
Jul 23, 2014, 8:33:48 AM7/23/14
to resting-wi...@googlegroups.com
Also, this is briefly mentioned in the symfony2 docs as well: http://symfony.com/doc/current/book/security.html#stateless-authentication
I confirmed it by looking at all of the sources for the built-in listeners such as form_login, which all rely on cookies.
I confirmed it by looking at all of the sources for the built-in listeners such as form_login, which all rely on cookies.
On Wednesday, July 23, 2014 5:16:31 AM UTC-4, Jesper Pedersen wrote:
gfreeau
Jul 23, 2014, 8:54:18 AM7/23/14
to resting-wi...@googlegroups.com, gr...@imagize.com.au
Di majo
May 8, 2024, 12:29:29 PM5/8/24
to RESTing with Symfony
MT103/202 DIRECT WIRE TRANSFER
PAYPAL TRANSFER
CASHAPP TRANSFER
ZELLE TRANSFER
LOAN DEAL
TRANSFER WISE
WESTERN UNION TRANSFER
BITCOIN FLASHING
BANK ACCOUNT LOADING/FLASHING
IBAN TO IBAN TRANSFER
MONEYGRAM TRANSFER
IPIP/DTC
SLBC PROVIDER
CREDIT CARD TOP UP
DUMPS/ PINS
SEPA TRANSFER
WIRE TRANSFER
BITCOIN TOP UP
GLOBALPAY INC US
SKRILL USA
UNIONPAY RECEIVER
Thanks.
NOTE; ONLY SERIOUS / RELIABLE RECEIVERS CAN CONTACT.
DM ME ON WHATSAPP
+44 7529 555638
PAYPAL TRANSFER
CASHAPP TRANSFER
ZELLE TRANSFER
LOAN DEAL
TRANSFER WISE
WESTERN UNION TRANSFER
BITCOIN FLASHING
BANK ACCOUNT LOADING/FLASHING
IBAN TO IBAN TRANSFER
MONEYGRAM TRANSFER
IPIP/DTC
SLBC PROVIDER
CREDIT CARD TOP UP
DUMPS/ PINS
SEPA TRANSFER
WIRE TRANSFER
BITCOIN TOP UP
GLOBALPAY INC US
SKRILL USA
UNIONPAY RECEIVER
Thanks.
NOTE; ONLY SERIOUS / RELIABLE RECEIVERS CAN CONTACT.
DM ME ON WHATSAPP
+44 7529 555638
Reply all
Reply to author
Forward
0 new messages