Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

IBX-8356: Reworked JWT GraphQL firewall configuration to comply with Symfony-based authentication #124

Merged
merged 5 commits into from
Jul 1, 2024
Merged

IBX-8356: Reworked JWT GraphQL firewall configuration to comply with Symfony-based authentication #124

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
097d56c
IBX-8356: Reworked JWT GraphQL firewall configuration to comply with …
konradoboza Jun 13, 2024
29308a0
added missing lexik_jwt_authentication.yaml to OSS and Headless editions
konradoboza Jun 27, 2024
a4b2805
[tmp] set jwt gql to enabled
micszo Jun 27, 2024
a306279
specified user provider explicitly for all reworked firewalls
konradoboza Jun 27, 2024
9763796
Revert "[tmp] set jwt gql to enabled"
micszo Jul 1, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 5 additions & 6 deletions ibexa/commerce/5.0/config/packages/security.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -90,6 +90,7 @@ security:
# Uncomment the rules below to enable JSON Web Token (JWT) authentication for REST and/or GraphQL
#ibexa_jwt_rest:
# request_matcher: Ibexa\Rest\Security\AuthorizationHeaderRESTRequestMatcher
# provider: ibexa
# user_checker: Ibexa\Core\MVC\Symfony\Security\UserChecker
# stateless: true
# json_login:
Expand All @@ -101,13 +102,9 @@ security:

#ibexa_jwt_graphql:
# request_matcher: Ibexa\GraphQL\Security\NonAdminGraphQLRequestMatcher
# user_checker: Ibexa\Core\MVC\Symfony\Security\UserChecker
# anonymous: ~
# guard:
# authenticators:
# - lexik_jwt_authentication.jwt_token_authenticator
# entry_point: lexik_jwt_authentication.jwt_token_authenticator
# provider: ibexa
# stateless: true
# jwt: ~

# Uncomment ibexa_oauth2_connect, ibexa_oauth2_front rules and comment ibexa_front firewall
# to enable OAuth2 authentication
Expand All @@ -133,13 +130,15 @@ security:

ibexa_rest:
pattern: ^/api/ibexa
provider: ibexa
user_checker: Ibexa\Core\MVC\Symfony\Security\UserChecker
context: ibexa
custom_authenticators:
- Ibexa\Rest\Security\Authenticator\RestAuthenticator

ibexa_front:
pattern: ^/
provider: ibexa
user_checker: Ibexa\Core\MVC\Symfony\Security\UserChecker
context: ibexa
form_login:
Expand Down
11 changes: 5 additions & 6 deletions ibexa/experience/5.0/config/packages/security.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,7 @@ security:
# Uncomment the rules below to enable JSON Web Token (JWT) authentication for REST and/or GraphQL
#ibexa_jwt_rest:
# request_matcher: Ibexa\Rest\Security\AuthorizationHeaderRESTRequestMatcher
# provider: ibexa
# user_checker: Ibexa\Core\MVC\Symfony\Security\UserChecker
# stateless: true
# json_login:
Expand All @@ -89,13 +90,9 @@ security:

#ibexa_jwt_graphql:
# request_matcher: Ibexa\GraphQL\Security\NonAdminGraphQLRequestMatcher
# user_checker: Ibexa\Core\MVC\Symfony\Security\UserChecker
# anonymous: ~
# guard:
# authenticators:
# - lexik_jwt_authentication.jwt_token_authenticator
# entry_point: lexik_jwt_authentication.jwt_token_authenticator
# provider: ibexa
# stateless: true
# jwt: ~

# Uncomment ibexa_oauth2_connect, ibexa_oauth2_front rules and comment ibexa_front firewall
# to enable OAuth2 authentication
Expand All @@ -121,13 +118,15 @@ security:

ibexa_rest:
pattern: ^/api/ibexa
provider: ibexa
user_checker: Ibexa\Core\MVC\Symfony\Security\UserChecker
context: ibexa
custom_authenticators:
- Ibexa\Rest\Security\Authenticator\RestAuthenticator

ibexa_front:
pattern: ^/
provider: ibexa
user_checker: Ibexa\Core\MVC\Symfony\Security\UserChecker
context: ibexa
form_login:
Expand Down
12 changes: 12 additions & 0 deletions ibexa/headless/5.0/config/packages/lexik_jwt_authentication.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
lexik_jwt_authentication:
secret_key: '%env(APP_SECRET)%'
encoder:
signature_algorithm: HS256
# Disabled by default, because Page builder use an custom extractor
token_extractors:
authorization_header:
enabled: false
cookie:
enabled: false
query_parameter:
enabled: false
11 changes: 5 additions & 6 deletions ibexa/headless/5.0/config/packages/security.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,7 @@ security:
# Uncomment the rules below to enable JSON Web Token (JWT) authentication for REST and/or GraphQL
#ibexa_jwt_rest:
# request_matcher: Ibexa\Rest\Security\AuthorizationHeaderRESTRequestMatcher
# provider: ibexa
# user_checker: Ibexa\Core\MVC\Symfony\Security\UserChecker
# stateless: true
# json_login:
Expand All @@ -89,13 +90,9 @@ security:

#ibexa_jwt_graphql:
# request_matcher: Ibexa\GraphQL\Security\NonAdminGraphQLRequestMatcher
# user_checker: Ibexa\Core\MVC\Symfony\Security\UserChecker
# anonymous: ~
# guard:
# authenticators:
# - lexik_jwt_authentication.jwt_token_authenticator
# entry_point: lexik_jwt_authentication.jwt_token_authenticator
# provider: ibexa
# stateless: true
# jwt: ~

# Uncomment ibexa_oauth2_connect, ibexa_oauth2_front rules and comment ibexa_front firewall
# to enable OAuth2 authentication
Expand All @@ -121,13 +118,15 @@ security:

ibexa_rest:
pattern: ^/api/ibexa
provider: ibexa
user_checker: Ibexa\Core\MVC\Symfony\Security\UserChecker
context: ibexa
custom_authenticators:
- Ibexa\Rest\Security\Authenticator\RestAuthenticator

ibexa_front:
pattern: ^/
provider: ibexa
user_checker: Ibexa\Core\MVC\Symfony\Security\UserChecker
context: ibexa
form_login:
Expand Down
12 changes: 12 additions & 0 deletions ibexa/oss/5.0/config/packages/lexik_jwt_authentication.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
lexik_jwt_authentication:
secret_key: '%env(APP_SECRET)%'
encoder:
signature_algorithm: HS256
# Disabled by default, because Page builder use an custom extractor
token_extractors:
authorization_header:
enabled: false
cookie:
enabled: false
query_parameter:
enabled: false
11 changes: 5 additions & 6 deletions ibexa/oss/5.0/config/packages/security.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,7 @@ security:
# Uncomment the rules below to enable JSON Web Token (JWT) authentication for REST and/or GraphQL
#ibexa_jwt_rest:
# request_matcher: Ibexa\Rest\Security\AuthorizationHeaderRESTRequestMatcher
# provider: ibexa
# user_checker: Ibexa\Core\MVC\Symfony\Security\UserChecker
# stateless: true
# json_login:
Expand All @@ -67,23 +68,21 @@ security:

#ibexa_jwt_graphql:
# request_matcher: Ibexa\GraphQL\Security\NonAdminGraphQLRequestMatcher
# user_checker: Ibexa\Core\MVC\Symfony\Security\UserChecker
# anonymous: ~
# guard:
# authenticators:
# - lexik_jwt_authentication.jwt_token_authenticator
# entry_point: lexik_jwt_authentication.jwt_token_authenticator
# provider: ibexa
# stateless: true
# jwt: ~

ibexa_rest:
pattern: ^/api/ibexa
provider: ibexa
user_checker: Ibexa\Core\MVC\Symfony\Security\UserChecker
context: ibexa
custom_authenticators:
- Ibexa\Rest\Security\Authenticator\RestAuthenticator

ibexa_front:
pattern: ^/
provider: ibexa
user_checker: Ibexa\Core\MVC\Symfony\Security\UserChecker
context: ibexa
form_login:
Expand Down
Loading