README

Helthe API Security is a library for doing API key authentication with the Symfony Security Component.

Installation

Using Composer

Manually

Add the following in your composer.json:

{
    "require": {
        // ...
        "helthe/security-api": "~1.0"
    }
}

Using the command line

$ composer require 'helthe/security-api=~1.0'

Usage

Authentication Provider

An API authentication provider implementing AuthenticationProviderInterfaceis supplied supporting the PreAuthenticatedToken. Once authenticated, a user will be authenticated using a ApiKeyAuthenticatedToken which is an extension of PreAuthenticatedToken where the api key is not erased.

User Provider

The library provides its own UserProviderInterface that must implemented by the user provider supplied to the ApiKeyAuthenticationProvider.

Example

use Helthe\Component\Security\Api\Authentication\Provider\ApiKeyAuthenticationProvider;
use Symfony\Component\Security\Core\User\UserChecker;

// Helthe\Component\Security\Api\User\UserProviderInterface
$userProvider = new InMemoryUserProvider(
    array(
        'admin' => array(
            'api_key' => 'foo',
        ),
    )
);

// for some extra checks: is account enabled, locked, expired, etc.?
$userChecker = new UserChecker();

$provider = new ApiKeyAuthenticationProvider(
    $userProvider,
    $userChecker,
    'your_api',
);

$provider->authenticate($unauthenticatedToken);

Firewall

Two firewall listeners are available extending AbstractPreAuthenticatedListener. HttpHeaderListener checks for the api key in the Request headers and QueryStringListener checks in the Request query string.

Bugs

For bugs or feature requests, please create an issue.

helthe / security-api

Maintainers

Details