Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added argument to AuthenticationSuccessHandler to stop token from being removed from response #912

Merged
merged 1 commit into from
Aug 23, 2021

Conversation

stollr
Copy link
Contributor

@stollr stollr commented Aug 23, 2021

Fixes #909 (the handler cannot be used when API and form login are used in the same application).

To use this feature, define the handler as success handler on the firewall

security:
  firewalls:
    main:
      json_login:
         check_path: my_login_check
         success_handler: lexik_jwt_authentication.handler.authentication_success
         failure_handler: lexik_jwt_authentication.handler.authentication_failure

And then define the fourth argument of the handler in your service.yaml:

services:
    Lexik\Bundle\JWTAuthenticationBundle\Security\Http\Authentication\AuthenticationSuccessHandler:
        arguments:
            $removeTokenFromBodyWhenCookiesUsed: false

…ng removed from response

Fixes lexik#909 (the handler cannot be used when API and form login are used in the same application).

To use this feature, define the handler as success handler on the firewall
```yaml
security:
  firewalls:
    main:
      json_login:
         check_path: my_login_check
         success_handler: lexik_jwt_authentication.handler.authentication_success
         failure_handler: lexik_jwt_authentication.handler.authentication_failure
```

And then define the fourth argument of the handler in your service.yaml:
```yaml
services:
    Lexik\Bundle\JWTAuthenticationBundle\Security\Http\Authentication\AuthenticationSuccessHandler:
        arguments:
            $removeTokenFromBodyWhenCookiesUsed: false
```
@chalasr
Copy link
Collaborator

chalasr commented Aug 23, 2021

Thank you @Naitsirch.

@chalasr chalasr merged commit 0161668 into lexik:2.x Aug 23, 2021
@TjorvenB
Copy link
Contributor

TjorvenB commented Oct 31, 2021

I was looking for a way to return the JWT token in both cookies and the response body. I spent an hour looking for this solution, and only found it because of the property name I found when I started looking at the code to see where I could extend it to allow this. So I thought I would also leave some searchable terms in this issue so other people can find it a bit quicker :-)
Thank you for the work!

@chalasr
Copy link
Collaborator

chalasr commented Oct 31, 2021

I would welcome a PR to document this :)

TjorvenB added a commit to TjorvenB/LexikJWTAuthenticationBundle that referenced this pull request Oct 31, 2021
TjorvenB added a commit to TjorvenB/LexikJWTAuthenticationBundle that referenced this pull request Oct 31, 2021
@TjorvenB
Copy link
Contributor

I can't seem to get it to work with the service configuration as mentioned in the starting post. The container creates a second service definition for the AuthenticationSuccessHandler without the cookie providers. This service definition is not used because the bundle aliases the class. I tried aliasing the definition, hoping the cookie providers would be set later on. Quickly realised how idiotic that idea was.

I currently have it working by adding a new config value 'remove_token_from_body_when_cookies_used' which defaults to true. I have added the fourth argument to the service definition, defaulting to true. And a check in the LexikJWTAuthenticationExtension replacing the fourth parameter with false if the new config value is false.
If this approach is OK I can start a pull request for https://github.com/TjorvenB/LexikJWTAuthenticationBundle/tree/pr912 (with documentation)

I started from 2.x. Is this the correct branch to start from? There is also a 2.10.x branch.

@fd6130
Copy link

fd6130 commented Oct 31, 2021

I can't seem to get it to work with the service configuration as mentioned in the starting post. The container creates a second service definition for the AuthenticationSuccessHandler without the cookie providers. This service definition is not used because the bundle aliases the class. I tried aliasing the definition, hoping the cookie providers would be set later on. Quickly realised how idiotic that idea was.

I currently have it working by adding a new config value 'remove_token_from_body_when_cookies_used' which defaults to true. I have added the fourth argument to the service definition, defaulting to true. And a check in the LexikJWTAuthenticationExtension replacing the fourth parameter with false if the new config value is false. If this approach is OK I can start a pull request for https://github.com/TjorvenB/LexikJWTAuthenticationBundle/tree/pr912 (with documentation)

I started from 2.x. Is this the correct branch to start from? There is also a 2.10.x branch.

I think 2.x is fine because this PR also add in 2.x

chalasr added a commit that referenced this pull request Dec 8, 2021
…tion (TjorvenB)

This PR was squashed before being merged into the 2.x branch.

Discussion
----------

Add `remove_token_from_body_when_cookies_used` config option

Added configuration and documentation for the argument added in #912. #912

Commits
-------

3fd16e3 Add `remove_token_from_body_when_cookies_used` config option
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

API and Cookie Authentication in the same Application
4 participants