Last active
October 13, 2023 11:52
-
-
Save wouterj/14cc1a253808c0123c1d2df508b6256b to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| namespace App\Security; | |
| use App\Security\User; | |
| use Lcobucci\JWT\Encoding\CannotDecodeContent; | |
| use Lcobucci\JWT\Token\InvalidTokenStructure; | |
| use Lcobucci\JWT\Token\Parser; | |
| use Lcobucci\JWT\Token\UnsupportedHeaderFound; | |
| use Lcobucci\JWT\Validation\Constraint\RelatedTo; | |
| use Lcobucci\JWT\Validation\RequiredConstraintsViolated; | |
| use Lcobucci\JWT\Validation\Validator; | |
| use Symfony\Component\Security\Core\Exception\BadCredentialsException; | |
| use Symfony\Component\Security\Http\Authenticator\AccessTokenHandlerInterface; | |
| use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge; | |
| class JwtAccessTokenHandler implements AccessTokenHandlerInterface | |
| { | |
| public function __construct( | |
| private readonly Parser $parser, | |
| private readonly Validator $validator | |
| ) | |
| { | |
| } | |
| public function getUserBadgeFrom(#[\SensitiveParameter] string $accessToken): UserBadge | |
| { | |
| try { | |
| $token = $this->parser->parse($accessToken); | |
| $this->validator->assert($token, ...); | |
| return new UserBadge($token->getClaim('sub'), function (string $userIdentifier): User use ($token) { | |
| return new User($userIdentifier, $token->getClaim('roles')); // or whatever you need | |
| }); | |
| } catch (CannotDecodeContent | InvalidTokenStructure | UnsupportedHeaderFound | RequiredConstraintsViolated $e) { | |
| throw new BadCredentialsException('Invalid credentials.', $e->getCode, $e); | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment