What is the best way to implement REST API authentication?

P

Pavel Novikov2018-11-08 12:57:32

symfony

Pavel Novikov, 2018-11-08 12:57:32

Good afternoon,
the task is to write a rest api for an application whose front-end is on Vue, the back-end is on Symfony4
How best to implement API request authentication to prevent requests from being executed by unauthorized users or users who do not have rights to do so.
I mean not ready-made solutions, but some technologies or methods, maybe there are some vendors in Sf for this?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

I

Ivan Shumov, 2018-11-08
@inoise

I am actively using OIDC + JWT. Auth0 suited me, but if you go beyond the limits, it turns out not very cheap

D

dosim86, 2018-12-28
@dosim86

You can create a subscriber to kernel.request and expand on this idea:

public function onKernelRequest(GetResponseEvent $event)
    {
        if (false !== strpos($event->getRequest()->getRequestUri(), '/api/')) {
            if (!$this->security->isGranted('ROLE_USER')) {
                throw new NotFoundHttpException();
            }
        }
    }

You can also use the FOSRestBundle