In my first Symfony 4.4 project, I need to authenticate users from database. Unfortunately, before user sign-in I need to check user status in remote API service. If user is active in this service and credentials are same as in my database, I can authenticate user in my app.
Where is best place to check that user is active before authentication in my app? I need to create custom guard? Custom user provider?
I use Lexik JWT authentication, there is my /config/packages/security.yaml
security:
providers:
app_user_provider:
entity:
class: App\Entity\User
property: email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
authorization:
pattern: ^/api/v1/auth/
stateless: true
anonymous: true
json_login:
check_path: /api/v1/auth/sign-in/
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
username_path: email
api:
pattern: ^/api/v1/(user|req)/
stateless: true
anonymous: false
provider: app_user_provider
guard:
authenticators:
- lexik_jwt_authentication.jwt_token_authenticator
I haven't used Symfony after 4.1 so things might have changed recently. You just need to check.
Where is best place to check that user is active before authentication in my app? I need to create custom guard? Custom user provider?
User Provider is the answer. If you look at the UserProviderInterface it says "Internally, a user provider can load users from any source (databases, configuration, web service)."
... before user sign-in I need to check user status in remote API service. If user is active in this service and credentials are same as in my database, I can authenticate user in my app.
So what you can do is to meet your requirement:
firewall
in your serurity.yaml and make it use simple_preauth
.simple_preauth. authenticator
. This wires everything up as far as the authentication goes.Resources: