Skip to content

OXID-eSales/jwt-authentication-component

BranchesTags

Repository files navigation

OXID eShop JWT Authentication Component

JWT-based authentication component for OXID eShop API endpoints.

Features

  • JWT token generation and validation
  • Integration with OXID user system
  • Role-based access control with Symfony Security
  • #[IsGranted] and #[CurrentUser] attributes for protecting endpoints
  • Ready-to-use login and profile endpoints

Installation

composer require oxid-esales/jwt-authentication-component

Configuration

Set the JWT secret key in your .env file:

API_JWT_SECRET=your-secret-key-here

Generate a secure secret:

openssl rand -base64 64

Usage

Login

curl -X POST https://your-shop.com/api/login \
  -H "Content-Type: application/json" \
  -d '{"username": "user@example.com", "password": "password"}'

To authenticate against a specific subshop, pass the shp query parameter:

curl -X POST "https://your-shop.com/api/login?shp=2" \
  -H "Content-Type: application/json" \
  -d '{"username": "user@example.com", "password": "password"}'

Response:

{
  "token": "eyJ0eXAiOiJKV1QiLCJhbGc...",
  "user": {
    "id": "abc123",
    "username": "user@example.com",
    "roles": ["ROLE_USER"]
  }
}

Protecting Endpoints

Use Symfony's #[IsGranted] attribute to protect endpoints:

use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\Attribute\Route;
use Symfony\Component\Security\Http\Attribute\IsGranted;

final readonly class MyApiController
{
    #[Route('/api/protected', methods: ['GET'])]
    #[IsGranted('IS_AUTHENTICATED')]
    public function getData(): Response
    {
        // Requires authentication
    }

    #[Route('/api/admin/settings', methods: ['GET'])]
    #[IsGranted('ROLE_ADMIN')]
    public function getSettings(): Response
    {
        // Requires ROLE_ADMIN
    }
}

Accessing Authenticated User

use OxidEsales\AuthComponent\Security\User\ApiUser;
use Symfony\Component\Security\Http\Attribute\CurrentUser;

public function getData(#[CurrentUser] ApiUser $user): Response
{
    return new JsonResponse([
        'user_id' => $user->getUserId(),
        'username' => $user->getUserIdentifier(),
        'roles' => $user->getRoles()
    ]);
}

Available Roles

  • ROLE_USER - All authenticated users
  • ROLE_ADMIN - Admin users
  • ROLE_ADMIN_MALL - Mall admin users

Role Hierarchy

The component includes a configurable role hierarchy. By default, ROLE_ADMIN_MALL inherits ROLE_ADMIN, meaning mall admins can access all admin endpoints.

Default configuration in services.yaml:

parameters:
  oxid_jwt_authenticator.role_hierarchy:
    ROLE_ADMIN_MALL:
      - ROLE_ADMIN

For more complex role hierarchies, implement RoleResolverInterface with custom resolution logic.

License

Proprietary

About

No description, website, or topics provided.

Resources

Readme

License

View license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages