updated How to Authenticate Users with API Keys
#6157
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
`supportsToken` should be defined above `authenticateToken` to reflect documentation numbering `onAuthenticationFailure` should return http code 401 Unauthorized (RFC 7235) not 403 Forbidden. added missing information about defining `access_control` - figuring this out kept me hanging for a while used `ROLE_API` instead of `ROLE_USER` to demonstrate `access_control` configuration
removed message from BadCredentialsException as defining custom message is confusing, because `onAuthenticationFailure` is using `getMessageKey()` instead of `getMessage()`
| @@ -434,6 +435,46 @@ using the ``simple_preauth`` and ``provider`` keys respectively: | |||
| ), | |||
| )); | |||
|
|
|||
| If you have defined `access_control`, make sure to add new entry: | |||
There was a problem hiding this comment.
This needs to be enclosed by double instead of single backticks.
|
@gondo I left a minor comment. Can you fix that and also rebase here (otherwise we can do that while merging)? This should be mergeable then. |
wouterj
added a commit
that referenced
this pull request
Jul 4, 2016
…WouterJ) This PR was merged into the 2.7 branch. Discussion ---------- Update "How to Authenticate Users with API Keys" Finishes #6157 Original PR description: > * `supportsToken` should be defined above `authenticateToken` to reflect documentation numbering > * `onAuthenticationFailure` should return http code 401 Unauthorized (RFC 7235) not 403 Forbidden. > * added missing information about defining `access_control` - figuring this out kept me hanging for a while > * used `ROLE_API` instead of `ROLE_USER` to demonstrate `access_control` configuration Commits ------- f008819 Use a more realistic /api instead of /admin 81dd5e7 removed message from BadCredentialsException dbd8bb9 fixes
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
supportsTokenshould be defined aboveauthenticateTokento reflect documentation numberingonAuthenticationFailureshould return http code 401 Unauthorized (RFC 7235) not 403 Forbidden.added missing information about defining
access_control- figuring this out kept me hanging for a whileused
ROLE_APIinstead ofROLE_USERto demonstrateaccess_controlconfiguration