How to handle authentication? about symfony-react-sandbox HOT 11 CLOSED

I think that this is an interesting example, yes. I wouldn't focus as much in particular implementations of users, which is too broad I think, but in a general approach. Users can be as simple as using a memory provider (http://symfony.com/doc/current/security.html#b-configuring-how-users-are-loaded) with hardcoded users, and then, if somebody needs something particular, they can always use another provider later on, as this is not something specific of react/symfony.

I guess that we should use something like (https://github.com/lexik/LexikJWTAuthenticationBundle) user/pass form, then getting a user token, and then then being able to use it in subsequent requests. I have used it in the past but not with server-side rendering.

It is an interesting case for the server-side rendering side, yes. I think that we should provide the token as props if the user is already authenticated.

In the client side, my feeling is that this kind of work will be much simpler to integrate with the redux example than the pure react one, as the user state tends to be something that is better stored in redux, so different components can access to it easily, instead of passing it as props in the tree in the simple app.

On a side note, I am also open to change the recipes app. When I thought about adding the forms part, I had initially the idea of making it a "add recipe" form, but then I realized that it would be much more complex because it involves uploading a file and generating thumbnails (so people need gd, imagemagick, or similar, and asking users to have those to run the sandbox is too much). Also the code would be less simple because of all the annoying file handling, which is not in the focus of this sandbox. So if you work on this idea and you have an idea of an example that makes more sense of what to do with users, feel free.

from symfony-react-sandbox.

Yes, but in order to have an example of authentication I wanted an example of something to secure, and I was unhappy with the current example. I thought that it made more sense to have a public "recipes" page plus and small admin. Thus I have done that admin now. Next step is to secure it.

from symfony-react-sandbox.

Hi, I have secured the "admin" part with JWT tokens. It is mostly an example about how to handle it with server side rendering, as without would be just regular use of JWT.

The admin page now, if the user is not yet authenticated, shows a login form in a React component. The Symfony controller knows about this, so it is not providing sensitive data such as the list of recipes in the html of the page (that data is of course public in this demo, but let's pretend that it is not).

Then, after login, we set the JWT token in a cookie, that can be used in subsequent requests to Symfony, so it will know that it should render the admin form instead of the login form server side.

On the other hand, requests to the API are using the JWT in headers. And that is it.

I think that I am going to close this issue, as I think that the initial request is fulfilled. A more complete example, with roles, profile pictures would be the subject of a whole book, and although maybe it is interesting, I cannot just commit myself to writing that kind of tutorial, as it would be a huge investment of time.

Thanks for the suggestion of this issue and for pointing other areas that might be interesting to explore.

from symfony-react-sandbox.

from symfony-react-sandbox.

Thanks @Tylerm22 - But I meant more the session / login process and server side rendering aspects of it. Not how to model a user.

from symfony-react-sandbox.

from symfony-react-sandbox.

Ook, I made some progress. Now the form is about editing recipes, so this means that there is an example of file uploading. In fact image uploading with Validation Constraints working.

With this, the "liform" section could be transformed into some kind of mini-admin app, where to do the auth work.

from symfony-react-sandbox.

Cool, is there anyway you can add the user authentication or some sort of example roles system to the sandbox? I think React would be much better in achieving the goal of real-time user-session checking.

from symfony-react-sandbox.

Ok cool! Hopefully with that example, in addition to user rendering, I can morph the form into something like a user-edit page in an admin site. Will you also be including in the user/roles integration a way to add a role/roles to a user? Also a (request) is to have the app send out realtime notifications without reloading the page and have it auto-send an activation email, etc.

from symfony-react-sandbox.

hows this going??

from symfony-react-sandbox.

@Tylerm22 Where is your PR? I coudn't find it 😄

from symfony-react-sandbox.