helthe/security-api

Helthe API Security Component

Helthe API Security

Helthe API Security is a library for doing API key authentication with the Symfony Security Component., _(*1)

Installation

Using Composer

Manually

Add the following in your composer.json:, _(*2)

{
    "require": {
        // ...
        "helthe/security-api": "~1.0"
    }
}

Using the command line

$ composer require 'helthe/security-api=~1.0'

Usage

Authentication Provider

An API authentication provider implementing AuthenticationProviderInterfaceis supplied supporting the PreAuthenticatedToken. Once authenticated, a user will be authenticated using a ApiKeyAuthenticatedToken which is an extension of PreAuthenticatedToken where the api key is not erased., _(*3)

User Provider

The library provides its own UserProviderInterface that must implemented by the user provider supplied to the ApiKeyAuthenticationProvider., _(*4)

Example

use Helthe\Component\Security\Api\Authentication\Provider\ApiKeyAuthenticationProvider;
use Symfony\Component\Security\Core\User\UserChecker;

// Helthe\Component\Security\Api\User\UserProviderInterface
$userProvider = new InMemoryUserProvider(
    array(
        'admin' => array(
            'api_key' => 'foo',
        ),
    )
);

// for some extra checks: is account enabled, locked, expired, etc.?
$userChecker = new UserChecker();

$provider = new ApiKeyAuthenticationProvider(
    $userProvider,
    $userChecker,
    'your_api',
);

$provider->authenticate($unauthenticatedToken);

Firewall

Two firewall listeners are available extending AbstractPreAuthenticatedListener. HttpHeaderListener checks for the api key in the Request headers and QueryStringListener checks in the Request query string., _(*5)

Bugs

For bugs or feature requests, please create an issue., _(*6)