0

I have symfony3 based api and on frontend Angular2 which uses LexikJWTAuthenticationBundle for Authentication. So my api is guarded by LexikJWT all endpoints. But my application should access without authentication endpoints to render data for Angular frontend.

my security.yml looks like

firewalls:
        oauth_token:
            pattern:    ^/oauth/v2/token
            security:   false

        oauth_authorize:
            pattern:    ^/oauth/v2/auth
            security:   false
            # Add your favorite authentication process here

        login:
            pattern:  ^/api/login
            stateless: true
            anonymous: true
            form_login:
                check_path:               /api/login_check
                success_handler:          lexik_jwt_authentication.handler.authentication_success
                failure_handler:          lexik_jwt_authentication.handler.authentication_failure
                require_previous_session: false

        api:
            pattern:   ^/api
            stateless: true
            lexik_jwt: ~


        main:
            pattern: ^/
            provider: fos_userbundle
            stateless: true
            form_login:
                check_path: /login_check
                username_parameter: username
                password_parameter: password
                success_handler: lexik_jwt_authentication.handler.authentication_success
                failure_handler: lexik_jwt_authentication.handler.authentication_failure
                require_previous_session: false
            logout: true
            anonymous: true

What is the approach what I have to do in this case?

fefe
  • 8,755
  • 27
  • 104
  • 180
  • Did you mean that you need authentication for API request but you didn't need authentication for resource file ? (maybe js files or template files) – Hendra Huang Sep 10 '16 at 15:44
  • so I have an endpoint like /api/posts for the blog section in this case should be available for the app but not accessible for everyone – fefe Sep 10 '16 at 17:22
  • Angularjs doesn't communicate separatelly with your Symfony app, it's just like java script with ajax request. To do what you want you need fronted app which contain angularjs + a script to communicate with your Symfony app. It can be another Symfony app, or Nodejs or whatever. – malcolm Sep 10 '16 at 20:44
  • @fefe If that endpoint is only available for your app, it means your app needs to be authenticated token to access that endpoint. If your authenticated token are stored in cookies, then just send HTTP request using withCredentials: true – Hendra Huang Sep 11 '16 at 08:17
  • I am also stack at this point! I will be happy to have a solution – Amine Jallouli Sep 26 '16 at 03:29
  • I found a sandbox for LexikJWTAuthenticationBundle that could help you https://github.com/slashfan/LexikJWTAuthenticationBundleSandbox . I am trying it now! – Amine Jallouli Sep 26 '16 at 03:39

0 Answers0