stackoom
  简体   繁体   中英

Token/stateless auth in Silex application with a Microservice architecture?

 原文  2016-04-18 13:05:31       php/ session/ authentication/ silex/ microservices

Question

I would like to use Silex as a base framework for couple of services. It would be used by different clients and apis (mobile, web etc.) so I'm generally trying to avoid cookies/session and 'do it' using headers.

Setup/flow of what I'm trying to achieve:

  1. user logins in his mobile app/on webpage producing request to authservice.domain.com, gets back new token as a response which is as well registered in token store

  2. when user access from web or mobile app products.domain.com the token is read from the headers and checked in store

Everything looks beautiful, but somehow I cannot make Silex add headers to requests following the login step, I'm able to add it to response, but not to request (i tried using before/after middleware so 1st auth, then add token in $app->after/before)... btw. im not sure if I understand it right, but if a user press a refresh page button when setting headers this way won't the custom header get lost? if that's the case is it possible to keep token persisted in headers without cookies/sessions after all?

Here's example code I'm running after getting token, it gets sets on response (and i can see it in chrome), but it won't get set on request - I tried as well using with before middleware 

    $this->after(function(Request $request, Response $response) {
        $response->headers->set("X-token","2");
        $request->headers->set("X-token","2");
    });

Any suggestions on how I can achieve this? So... stateless auth using headers over multiple services in plain (Silex : )) php without keeping token in cookies or (api gateway) sessions?

1 answers

solution1
 2 ACCPTED  2016-04-19 09:03:55

I'm not sure it will answer your question but you could take a look at WSSE authentication mechanism, it is stateless and works with headers so it may be what your are looking for.

There is a symfony2 implementation example in the official doc here , which is also nicely explained here .

You can find github libs which implements WSSE for Silex as well, maybe you should give them a try :

Hope this will help you or other people looking for a way to achieve nice RESTful-ish/stateless mechanism in Silex, and sorry if it's not what your are looking for.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Auth token resets after redirect in Silex Silex Custom Auth with Guard Socialite stateless auth Getting Instance Of Silex\Application Class 'Silex\Application' not found Monolog in Silex application “A Token was not found in the SecurityContext” on Silex / Symfony Unable to find controller in Silex Application Run Silex Application in Command Line Silex Security Provider - Token failing to be set
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM