-
-
Notifications
You must be signed in to change notification settings - Fork 612
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added argument to AuthenticationSuccessHandler to stop token from being removed from response #912
Conversation
…ng removed from response Fixes lexik#909 (the handler cannot be used when API and form login are used in the same application). To use this feature, define the handler as success handler on the firewall ```yaml security: firewalls: main: json_login: check_path: my_login_check success_handler: lexik_jwt_authentication.handler.authentication_success failure_handler: lexik_jwt_authentication.handler.authentication_failure ``` And then define the fourth argument of the handler in your service.yaml: ```yaml services: Lexik\Bundle\JWTAuthenticationBundle\Security\Http\Authentication\AuthenticationSuccessHandler: arguments: $removeTokenFromBodyWhenCookiesUsed: false ```
Thank you @Naitsirch. |
I was looking for a way to return the JWT token in both cookies and the response body. I spent an hour looking for this solution, and only found it because of the property name I found when I started looking at the code to see where I could extend it to allow this. So I thought I would also leave some searchable terms in this issue so other people can find it a bit quicker :-) |
I would welcome a PR to document this :) |
I can't seem to get it to work with the service configuration as mentioned in the starting post. The container creates a second service definition for the AuthenticationSuccessHandler without the cookie providers. This service definition is not used because the bundle aliases the class. I tried aliasing the definition, hoping the cookie providers would be set later on. Quickly realised how idiotic that idea was. I currently have it working by adding a new config value 'remove_token_from_body_when_cookies_used' which defaults to true. I have added the fourth argument to the service definition, defaulting to true. And a check in the LexikJWTAuthenticationExtension replacing the fourth parameter with false if the new config value is false. I started from 2.x. Is this the correct branch to start from? There is also a 2.10.x branch. |
I think 2.x is fine because this PR also add in 2.x |
…tion (TjorvenB) This PR was squashed before being merged into the 2.x branch. Discussion ---------- Add `remove_token_from_body_when_cookies_used` config option Added configuration and documentation for the argument added in #912. #912 Commits ------- 3fd16e3 Add `remove_token_from_body_when_cookies_used` config option
Fixes #909 (the handler cannot be used when API and form login are used in the same application).
To use this feature, define the handler as success handler on the firewall
And then define the fourth argument of the handler in your service.yaml: