Symfony, SPA authentication, what is the best practice at the moment?

M

Matvey Rumynin2020-03-16 16:52:03

symfony

Matvey Rumynin, 2020-03-16 16:52:03

Need a hint from comrades experienced in symfony
I asked myself this question. If the symfony project is a REST service and is completely separate from the web application, is there any point in building authentication as suggested in security? 3 types of authentication are supposed, by ES, some OAuth and login/password. Accordingly, it is assumed by security, listener, 3 authentication providers and user-provider. That's just, I'm wondering, but what for I already, if I'm working on REST, and I'm not even doing server-side rendering. All that is needed is the token, the listener is not needed per se (I think). Perhaps the authentication provider is superfluous? Maybe JWT is enough and that's it?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

I

Ilya Zyabirov, 2020-03-17
@passionkillah

Security can be used nicely in REST, because it basically just provides you with a user authentication middleware that runs on every request to your API. You can either choose from ready-made implementations or write your own. And UserProvider, in turn, gives you access to the current user object inside your code, which is very convenient.
Indeed, JWT is enough, and no one forbids you to make an implementation without the security component, but its use will be much more convenient when using this bundle that interacts with security. In the case of it, you will not even need to write a middleware implementation.