Skip to content

Commit 779cf59

Browse files
wouterjwouterj
committed
[#19122] Reword
1 parent 59dbc55 commit 779cf59

File tree

2 files changed

+31
-13
lines changed

2 files changed

+31
-13
lines changed

reference/configuration/security.rst

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1025,6 +1025,8 @@ multiple firewalls, the "context" could actually be shared:
10251025
ignored and you won't be able to authenticate on multiple firewalls at the
10261026
same time.
10271027

1028+
.. _reference-security-stateless:
1029+
10281030
stateless
10291031
~~~~~~~~~
10301032

security/access_token.rst

Lines changed: 29 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -709,24 +709,40 @@ create your own User from the claims, you must
709709
}
710710
}
711711

712-
Using Self-Claimed Tokens
712+
Creating Users from Token
713713
-------------------------
714714

715-
You may use tokens that are self-claimed, meaning that they contain all
716-
the information needed to authenticate the user. This happens when a security
717-
token doesn't need a user provider to get all needed information about the
718-
user. For instance, a JWT can be self-claimed when it contains a username as
719-
well as the roles of the user.
720-
721-
When using self-claimed tokens with stateless firewalls, you can omit to
722-
configure a user provider. The token authenticator will use the token to
723-
create a user object with the claims of the token. This means that you can
724-
skip creating your own user provider.
725-
726715
.. versionadded:: 6.3
727716

728717
The possibility to omit the user provider in case of stateless firewalls
729-
and self-claimed tokens was introduced in Symfony 6.3.
718+
was introduced in Symfony 6.3.
719+
720+
Some types of tokens (for instance OIDC) contain all information required
721+
to create a user entity (e.g. username and roles). In this case, you don't
722+
need a user provider to create a user from the database::
723+
724+
// src/Security/AccessTokenHandler.php
725+
namespace App\Security;
726+
727+
// ...
728+
class AccessTokenHandler implements AccessTokenHandlerInterface
729+
{
730+
// ...
731+
732+
public function getUserBadgeFrom(string $accessToken): UserBadge
733+
{
734+
// get the data from the token
735+
$payload = ...;
736+
737+
return new UserBadge(
738+
$payload->getUserId(),
739+
fn (string $userIdentifier) => new User($userIdentifier, $payload->getRoles())
740+
);
741+
}
742+
}
743+
744+
When using this strategy, you can omit the ``user_provider`` configuration
745+
for :ref:`stateless firewalls <reference-security-stateless>`.
730746

731747
.. _`JSON Web Tokens (JWT)`: https://datatracker.ietf.org/doc/html/rfc7519
732748
.. _`SAML2 (XML structures)`: https://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html

0 commit comments

Comments
 (0)