I'm a bit lost right now and could use a push in the right direction.
In short
- PHP Symfony 4 project (mostly default configuration), hosted on Google Cloud App Engine
- REST API, authentication via LexikJWTAuthenticationBundle
- Requests need to pass auth token on every request (Symfony firewall is
stateless: true) - Single Page Application as API consumer (React frontend)
In my use-case, one authenticated user opens page X. On this page, there are three different sections with data, that need to be loaded from the backend. Therefore, I have three API endpoints to be fetched.
When opening the page, these three requests aren't performed simultaniously, they wait for each other. In this SO question there's already mentioned, that Symfony doesn't support concurrent requests for one user session or one could manually close an open session. Since I'm not using sessions at all I don't want to mess with closing random stuff.
But my question: I believe having a stateless API, where the user isn't stored in a server session. I have to pass the JWT token on every request.
-> Should it be possible having the three authenticated requests being served in parallel with a stateless REST API - or isn't it just not possible as soon as 'a user is involved'?
fyi: Trying three requests for an un-authed endpoints shows me parallel requests.
Code fragments
security.yaml
firewalls:
login:
pattern: ^/api/v1/login
stateless: true
anonymous: true
json_login:
check_path: /api/v1/login_check
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
api:
pattern: ^/api/v1
stateless: true
access_denied_handler: App\Security\AccessDeniedHandler
guard:
authenticators:
- lexik_jwt_authentication.jwt_token_authenticator
access_control:
- { path: ^/api/v1/, role: IS_AUTHENTICATED_FULLY }
