Giters

helthe / ApiSecurity

Helthe API Security Component

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Helthe API Security Build Status Scrutinizer Quality Score

Helthe API Security is a library for doing API key authentication with the Symfony Security Component.

Installation

Using Composer

Manually

Add the following in your composer.json:

{
    "require": {
        // ...
        "helthe/security-api": "~1.0"
    }
}

Using the command line

$ composer require 'helthe/security-api=~1.0'

Usage

Authentication Provider

An API authentication provider implementing AuthenticationProviderInterfaceis supplied supporting the PreAuthenticatedToken. Once authenticated, a user will be authenticated using a ApiKeyAuthenticatedToken which is an extension of PreAuthenticatedToken where the api key is not erased.

User Provider

The library provides its own UserProviderInterface that must implemented by the user provider supplied to the ApiKeyAuthenticationProvider.

Example

use Helthe\Component\Security\Api\Authentication\Provider\ApiKeyAuthenticationProvider;
use Symfony\Component\Security\Core\User\UserChecker;

// Helthe\Component\Security\Api\User\UserProviderInterface
$userProvider = new InMemoryUserProvider(
    array(
        'admin' => array(
            'api_key' => 'foo',
        ),
    )
);

// for some extra checks: is account enabled, locked, expired, etc.?
$userChecker = new UserChecker();

$provider = new ApiKeyAuthenticationProvider(
    $userProvider,
    $userChecker,
    'your_api',
);

$provider->authenticate($unauthenticatedToken);

Firewall

Two firewall listeners are available extending AbstractPreAuthenticatedListener. HttpHeaderListener checks for the api key in the Request headers and QueryStringListener checks in the Request query string.

Bugs

For bugs or feature requests, please create an issue.

About

Helthe API Security Component

License:MIT License

Languages

Language:PHP 100.0%