Lexik JWT, how to allow only user's infrmations

Question

I wonder how can I configure JWT Lexik to authorize the user who is connected to have access only to his informations, and not all informations of all API like it's the case for me now. My JWT is functional

thanks

Laurie

score 1 · Accepted Answer · answered Jul 20 '20 at 10:27

First, you will have to understand the concept of the Symfony Security Component. The job of this component is to manage everything related to the security in your application : Such as authentication, permissions, roles, etc.

More information: https://symfony.com/doc/current/components/security.html

The job of Lexik JWT is to provide an auth system with JWT tokens.

It is not the job of LexikJWT to do that, but the job of the security component.

More information about how to restrict access: https://symfony.com/doc/current/security.html#denying-access-roles-and-other-authorization

Lexik JWT, how to allow only user's infrmations

1 Answers1