Helthe API Security is a library for doing API key authentication with the Symfony Security Component.
Add the following in your composer.json
:
{
"require": {
// ...
"helthe/security-api": "~1.0"
}
}
$ composer require 'helthe/security-api=~1.0'
An API authentication provider implementing AuthenticationProviderInterface
is
supplied supporting the PreAuthenticatedToken
. Once authenticated, a user will be
authenticated using a ApiKeyAuthenticatedToken
which is an extension of PreAuthenticatedToken
where the api key is not erased.
The library provides its own UserProviderInterface
that must implemented by the
user provider supplied to the ApiKeyAuthenticationProvider
.
use Helthe\Component\Security\Api\Authentication\Provider\ApiKeyAuthenticationProvider;
use Symfony\Component\Security\Core\User\UserChecker;
// Helthe\Component\Security\Api\User\UserProviderInterface
$userProvider = new InMemoryUserProvider(
array(
'admin' => array(
'api_key' => 'foo',
),
)
);
// for some extra checks: is account enabled, locked, expired, etc.?
$userChecker = new UserChecker();
$provider = new ApiKeyAuthenticationProvider(
$userProvider,
$userChecker,
'your_api',
);
$provider->authenticate($unauthenticatedToken);
Two firewall listeners are available extending AbstractPreAuthenticatedListener
.
HttpHeaderListener
checks for the api key in the Request
headers and QueryStringListener
checks in the Request
query string.
For bugs or feature requests, please create an issue.