From 097d56c275475f77a3394e7e3b2d9137e74f5e80 Mon Sep 17 00:00:00 2001 From: konradoboza Date: Thu, 13 Jun 2024 08:36:32 +0200 Subject: [PATCH 1/5] IBX-8356: Reworked JWT GraphQL firewall configuration to comply with Symfony-based authentication --- ibexa/commerce/5.0/config/packages/security.yaml | 7 +------ ibexa/experience/5.0/config/packages/security.yaml | 7 +------ ibexa/headless/5.0/config/packages/security.yaml | 7 +------ ibexa/oss/5.0/config/packages/security.yaml | 7 +------ 4 files changed, 4 insertions(+), 24 deletions(-) diff --git a/ibexa/commerce/5.0/config/packages/security.yaml b/ibexa/commerce/5.0/config/packages/security.yaml index 79f2071e..47d9048c 100644 --- a/ibexa/commerce/5.0/config/packages/security.yaml +++ b/ibexa/commerce/5.0/config/packages/security.yaml @@ -101,13 +101,8 @@ security: #ibexa_jwt_graphql: # request_matcher: Ibexa\GraphQL\Security\NonAdminGraphQLRequestMatcher - # user_checker: Ibexa\Core\MVC\Symfony\Security\UserChecker - # anonymous: ~ - # guard: - # authenticators: - # - lexik_jwt_authentication.jwt_token_authenticator - # entry_point: lexik_jwt_authentication.jwt_token_authenticator # stateless: true + # jwt: ~ # Uncomment ibexa_oauth2_connect, ibexa_oauth2_front rules and comment ibexa_front firewall # to enable OAuth2 authentication diff --git a/ibexa/experience/5.0/config/packages/security.yaml b/ibexa/experience/5.0/config/packages/security.yaml index cc194187..76d66d0b 100644 --- a/ibexa/experience/5.0/config/packages/security.yaml +++ b/ibexa/experience/5.0/config/packages/security.yaml @@ -89,13 +89,8 @@ security: #ibexa_jwt_graphql: # request_matcher: Ibexa\GraphQL\Security\NonAdminGraphQLRequestMatcher - # user_checker: Ibexa\Core\MVC\Symfony\Security\UserChecker - # anonymous: ~ - # guard: - # authenticators: - # - lexik_jwt_authentication.jwt_token_authenticator - # entry_point: lexik_jwt_authentication.jwt_token_authenticator # stateless: true + # jwt: ~ # Uncomment ibexa_oauth2_connect, ibexa_oauth2_front rules and comment ibexa_front firewall # to enable OAuth2 authentication diff --git a/ibexa/headless/5.0/config/packages/security.yaml b/ibexa/headless/5.0/config/packages/security.yaml index cc194187..76d66d0b 100644 --- a/ibexa/headless/5.0/config/packages/security.yaml +++ b/ibexa/headless/5.0/config/packages/security.yaml @@ -89,13 +89,8 @@ security: #ibexa_jwt_graphql: # request_matcher: Ibexa\GraphQL\Security\NonAdminGraphQLRequestMatcher - # user_checker: Ibexa\Core\MVC\Symfony\Security\UserChecker - # anonymous: ~ - # guard: - # authenticators: - # - lexik_jwt_authentication.jwt_token_authenticator - # entry_point: lexik_jwt_authentication.jwt_token_authenticator # stateless: true + # jwt: ~ # Uncomment ibexa_oauth2_connect, ibexa_oauth2_front rules and comment ibexa_front firewall # to enable OAuth2 authentication diff --git a/ibexa/oss/5.0/config/packages/security.yaml b/ibexa/oss/5.0/config/packages/security.yaml index db8cad76..342b0a44 100644 --- a/ibexa/oss/5.0/config/packages/security.yaml +++ b/ibexa/oss/5.0/config/packages/security.yaml @@ -67,13 +67,8 @@ security: #ibexa_jwt_graphql: # request_matcher: Ibexa\GraphQL\Security\NonAdminGraphQLRequestMatcher - # user_checker: Ibexa\Core\MVC\Symfony\Security\UserChecker - # anonymous: ~ - # guard: - # authenticators: - # - lexik_jwt_authentication.jwt_token_authenticator - # entry_point: lexik_jwt_authentication.jwt_token_authenticator # stateless: true + # jwt: ~ ibexa_rest: pattern: ^/api/ibexa From 29308a004c7d59f28bbf92038239bec084029672 Mon Sep 17 00:00:00 2001 From: konradoboza Date: Thu, 27 Jun 2024 08:57:06 +0200 Subject: [PATCH 2/5] added missing lexik_jwt_authentication.yaml to OSS and Headless editions --- .../config/packages/lexik_jwt_authentication.yaml | 12 ++++++++++++ .../config/packages/lexik_jwt_authentication.yaml | 12 ++++++++++++ 2 files changed, 24 insertions(+) create mode 100644 ibexa/headless/5.0/config/packages/lexik_jwt_authentication.yaml create mode 100644 ibexa/oss/5.0/config/packages/lexik_jwt_authentication.yaml diff --git a/ibexa/headless/5.0/config/packages/lexik_jwt_authentication.yaml b/ibexa/headless/5.0/config/packages/lexik_jwt_authentication.yaml new file mode 100644 index 00000000..42ddd3ce --- /dev/null +++ b/ibexa/headless/5.0/config/packages/lexik_jwt_authentication.yaml @@ -0,0 +1,12 @@ +lexik_jwt_authentication: + secret_key: '%env(APP_SECRET)%' + encoder: + signature_algorithm: HS256 + # Disabled by default, because Page builder use an custom extractor + token_extractors: + authorization_header: + enabled: false + cookie: + enabled: false + query_parameter: + enabled: false diff --git a/ibexa/oss/5.0/config/packages/lexik_jwt_authentication.yaml b/ibexa/oss/5.0/config/packages/lexik_jwt_authentication.yaml new file mode 100644 index 00000000..42ddd3ce --- /dev/null +++ b/ibexa/oss/5.0/config/packages/lexik_jwt_authentication.yaml @@ -0,0 +1,12 @@ +lexik_jwt_authentication: + secret_key: '%env(APP_SECRET)%' + encoder: + signature_algorithm: HS256 + # Disabled by default, because Page builder use an custom extractor + token_extractors: + authorization_header: + enabled: false + cookie: + enabled: false + query_parameter: + enabled: false From a4b28059d00095655e84d557942e32a1231b2225 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Szo=C5=82tysek?= Date: Thu, 27 Jun 2024 09:16:20 +0200 Subject: [PATCH 3/5] [tmp] set jwt gql to enabled --- .../5.0/config/packages/lexik_jwt_authentication.yaml | 2 +- ibexa/commerce/5.0/config/packages/security.yaml | 8 ++++---- .../5.0/config/packages/lexik_jwt_authentication.yaml | 2 +- ibexa/experience/5.0/config/packages/security.yaml | 8 ++++---- .../5.0/config/packages/lexik_jwt_authentication.yaml | 2 +- ibexa/headless/5.0/config/packages/security.yaml | 8 ++++---- .../oss/5.0/config/packages/lexik_jwt_authentication.yaml | 2 +- ibexa/oss/5.0/config/packages/security.yaml | 8 ++++---- 8 files changed, 20 insertions(+), 20 deletions(-) diff --git a/ibexa/commerce/5.0/config/packages/lexik_jwt_authentication.yaml b/ibexa/commerce/5.0/config/packages/lexik_jwt_authentication.yaml index 42ddd3ce..e1e64743 100644 --- a/ibexa/commerce/5.0/config/packages/lexik_jwt_authentication.yaml +++ b/ibexa/commerce/5.0/config/packages/lexik_jwt_authentication.yaml @@ -5,7 +5,7 @@ lexik_jwt_authentication: # Disabled by default, because Page builder use an custom extractor token_extractors: authorization_header: - enabled: false + enabled: true cookie: enabled: false query_parameter: diff --git a/ibexa/commerce/5.0/config/packages/security.yaml b/ibexa/commerce/5.0/config/packages/security.yaml index 47d9048c..c8fe0843 100644 --- a/ibexa/commerce/5.0/config/packages/security.yaml +++ b/ibexa/commerce/5.0/config/packages/security.yaml @@ -99,10 +99,10 @@ security: # success_handler: lexik_jwt_authentication.handler.authentication_success # failure_handler: lexik_jwt_authentication.handler.authentication_failure - #ibexa_jwt_graphql: - # request_matcher: Ibexa\GraphQL\Security\NonAdminGraphQLRequestMatcher - # stateless: true - # jwt: ~ + ibexa_jwt_graphql: + request_matcher: Ibexa\GraphQL\Security\NonAdminGraphQLRequestMatcher + stateless: true + jwt: ~ # Uncomment ibexa_oauth2_connect, ibexa_oauth2_front rules and comment ibexa_front firewall # to enable OAuth2 authentication diff --git a/ibexa/experience/5.0/config/packages/lexik_jwt_authentication.yaml b/ibexa/experience/5.0/config/packages/lexik_jwt_authentication.yaml index 42ddd3ce..e1e64743 100644 --- a/ibexa/experience/5.0/config/packages/lexik_jwt_authentication.yaml +++ b/ibexa/experience/5.0/config/packages/lexik_jwt_authentication.yaml @@ -5,7 +5,7 @@ lexik_jwt_authentication: # Disabled by default, because Page builder use an custom extractor token_extractors: authorization_header: - enabled: false + enabled: true cookie: enabled: false query_parameter: diff --git a/ibexa/experience/5.0/config/packages/security.yaml b/ibexa/experience/5.0/config/packages/security.yaml index 76d66d0b..3d079d66 100644 --- a/ibexa/experience/5.0/config/packages/security.yaml +++ b/ibexa/experience/5.0/config/packages/security.yaml @@ -87,10 +87,10 @@ security: # success_handler: lexik_jwt_authentication.handler.authentication_success # failure_handler: lexik_jwt_authentication.handler.authentication_failure - #ibexa_jwt_graphql: - # request_matcher: Ibexa\GraphQL\Security\NonAdminGraphQLRequestMatcher - # stateless: true - # jwt: ~ + ibexa_jwt_graphql: + request_matcher: Ibexa\GraphQL\Security\NonAdminGraphQLRequestMatcher + stateless: true + jwt: ~ # Uncomment ibexa_oauth2_connect, ibexa_oauth2_front rules and comment ibexa_front firewall # to enable OAuth2 authentication diff --git a/ibexa/headless/5.0/config/packages/lexik_jwt_authentication.yaml b/ibexa/headless/5.0/config/packages/lexik_jwt_authentication.yaml index 42ddd3ce..e1e64743 100644 --- a/ibexa/headless/5.0/config/packages/lexik_jwt_authentication.yaml +++ b/ibexa/headless/5.0/config/packages/lexik_jwt_authentication.yaml @@ -5,7 +5,7 @@ lexik_jwt_authentication: # Disabled by default, because Page builder use an custom extractor token_extractors: authorization_header: - enabled: false + enabled: true cookie: enabled: false query_parameter: diff --git a/ibexa/headless/5.0/config/packages/security.yaml b/ibexa/headless/5.0/config/packages/security.yaml index 76d66d0b..3d079d66 100644 --- a/ibexa/headless/5.0/config/packages/security.yaml +++ b/ibexa/headless/5.0/config/packages/security.yaml @@ -87,10 +87,10 @@ security: # success_handler: lexik_jwt_authentication.handler.authentication_success # failure_handler: lexik_jwt_authentication.handler.authentication_failure - #ibexa_jwt_graphql: - # request_matcher: Ibexa\GraphQL\Security\NonAdminGraphQLRequestMatcher - # stateless: true - # jwt: ~ + ibexa_jwt_graphql: + request_matcher: Ibexa\GraphQL\Security\NonAdminGraphQLRequestMatcher + stateless: true + jwt: ~ # Uncomment ibexa_oauth2_connect, ibexa_oauth2_front rules and comment ibexa_front firewall # to enable OAuth2 authentication diff --git a/ibexa/oss/5.0/config/packages/lexik_jwt_authentication.yaml b/ibexa/oss/5.0/config/packages/lexik_jwt_authentication.yaml index 42ddd3ce..e1e64743 100644 --- a/ibexa/oss/5.0/config/packages/lexik_jwt_authentication.yaml +++ b/ibexa/oss/5.0/config/packages/lexik_jwt_authentication.yaml @@ -5,7 +5,7 @@ lexik_jwt_authentication: # Disabled by default, because Page builder use an custom extractor token_extractors: authorization_header: - enabled: false + enabled: true cookie: enabled: false query_parameter: diff --git a/ibexa/oss/5.0/config/packages/security.yaml b/ibexa/oss/5.0/config/packages/security.yaml index 342b0a44..61eb446a 100644 --- a/ibexa/oss/5.0/config/packages/security.yaml +++ b/ibexa/oss/5.0/config/packages/security.yaml @@ -65,10 +65,10 @@ security: # success_handler: lexik_jwt_authentication.handler.authentication_success # failure_handler: lexik_jwt_authentication.handler.authentication_failure - #ibexa_jwt_graphql: - # request_matcher: Ibexa\GraphQL\Security\NonAdminGraphQLRequestMatcher - # stateless: true - # jwt: ~ + ibexa_jwt_graphql: + request_matcher: Ibexa\GraphQL\Security\NonAdminGraphQLRequestMatcher + stateless: true + jwt: ~ ibexa_rest: pattern: ^/api/ibexa From a30627926f674e9ac64a1cff5ee2341b93761a11 Mon Sep 17 00:00:00 2001 From: konradoboza Date: Thu, 27 Jun 2024 11:29:38 +0200 Subject: [PATCH 4/5] specified user provider explicitly for all reworked firewalls --- ibexa/commerce/5.0/config/packages/security.yaml | 4 ++++ ibexa/experience/5.0/config/packages/security.yaml | 4 ++++ ibexa/headless/5.0/config/packages/security.yaml | 4 ++++ ibexa/oss/5.0/config/packages/security.yaml | 4 ++++ 4 files changed, 16 insertions(+) diff --git a/ibexa/commerce/5.0/config/packages/security.yaml b/ibexa/commerce/5.0/config/packages/security.yaml index c8fe0843..6d6941ae 100644 --- a/ibexa/commerce/5.0/config/packages/security.yaml +++ b/ibexa/commerce/5.0/config/packages/security.yaml @@ -90,6 +90,7 @@ security: # Uncomment the rules below to enable JSON Web Token (JWT) authentication for REST and/or GraphQL #ibexa_jwt_rest: # request_matcher: Ibexa\Rest\Security\AuthorizationHeaderRESTRequestMatcher + # provider: ibexa # user_checker: Ibexa\Core\MVC\Symfony\Security\UserChecker # stateless: true # json_login: @@ -101,6 +102,7 @@ security: ibexa_jwt_graphql: request_matcher: Ibexa\GraphQL\Security\NonAdminGraphQLRequestMatcher + provider: ibexa stateless: true jwt: ~ @@ -128,6 +130,7 @@ security: ibexa_rest: pattern: ^/api/ibexa + provider: ibexa user_checker: Ibexa\Core\MVC\Symfony\Security\UserChecker context: ibexa custom_authenticators: @@ -135,6 +138,7 @@ security: ibexa_front: pattern: ^/ + provider: ibexa user_checker: Ibexa\Core\MVC\Symfony\Security\UserChecker context: ibexa form_login: diff --git a/ibexa/experience/5.0/config/packages/security.yaml b/ibexa/experience/5.0/config/packages/security.yaml index 3d079d66..4e094981 100644 --- a/ibexa/experience/5.0/config/packages/security.yaml +++ b/ibexa/experience/5.0/config/packages/security.yaml @@ -78,6 +78,7 @@ security: # Uncomment the rules below to enable JSON Web Token (JWT) authentication for REST and/or GraphQL #ibexa_jwt_rest: # request_matcher: Ibexa\Rest\Security\AuthorizationHeaderRESTRequestMatcher + # provider: ibexa # user_checker: Ibexa\Core\MVC\Symfony\Security\UserChecker # stateless: true # json_login: @@ -89,6 +90,7 @@ security: ibexa_jwt_graphql: request_matcher: Ibexa\GraphQL\Security\NonAdminGraphQLRequestMatcher + provider: ibexa stateless: true jwt: ~ @@ -116,6 +118,7 @@ security: ibexa_rest: pattern: ^/api/ibexa + provider: ibexa user_checker: Ibexa\Core\MVC\Symfony\Security\UserChecker context: ibexa custom_authenticators: @@ -123,6 +126,7 @@ security: ibexa_front: pattern: ^/ + provider: ibexa user_checker: Ibexa\Core\MVC\Symfony\Security\UserChecker context: ibexa form_login: diff --git a/ibexa/headless/5.0/config/packages/security.yaml b/ibexa/headless/5.0/config/packages/security.yaml index 3d079d66..4e094981 100644 --- a/ibexa/headless/5.0/config/packages/security.yaml +++ b/ibexa/headless/5.0/config/packages/security.yaml @@ -78,6 +78,7 @@ security: # Uncomment the rules below to enable JSON Web Token (JWT) authentication for REST and/or GraphQL #ibexa_jwt_rest: # request_matcher: Ibexa\Rest\Security\AuthorizationHeaderRESTRequestMatcher + # provider: ibexa # user_checker: Ibexa\Core\MVC\Symfony\Security\UserChecker # stateless: true # json_login: @@ -89,6 +90,7 @@ security: ibexa_jwt_graphql: request_matcher: Ibexa\GraphQL\Security\NonAdminGraphQLRequestMatcher + provider: ibexa stateless: true jwt: ~ @@ -116,6 +118,7 @@ security: ibexa_rest: pattern: ^/api/ibexa + provider: ibexa user_checker: Ibexa\Core\MVC\Symfony\Security\UserChecker context: ibexa custom_authenticators: @@ -123,6 +126,7 @@ security: ibexa_front: pattern: ^/ + provider: ibexa user_checker: Ibexa\Core\MVC\Symfony\Security\UserChecker context: ibexa form_login: diff --git a/ibexa/oss/5.0/config/packages/security.yaml b/ibexa/oss/5.0/config/packages/security.yaml index 61eb446a..e9d84c0b 100644 --- a/ibexa/oss/5.0/config/packages/security.yaml +++ b/ibexa/oss/5.0/config/packages/security.yaml @@ -56,6 +56,7 @@ security: # Uncomment the rules below to enable JSON Web Token (JWT) authentication for REST and/or GraphQL #ibexa_jwt_rest: # request_matcher: Ibexa\Rest\Security\AuthorizationHeaderRESTRequestMatcher + # provider: ibexa # user_checker: Ibexa\Core\MVC\Symfony\Security\UserChecker # stateless: true # json_login: @@ -67,11 +68,13 @@ security: ibexa_jwt_graphql: request_matcher: Ibexa\GraphQL\Security\NonAdminGraphQLRequestMatcher + provider: ibexa stateless: true jwt: ~ ibexa_rest: pattern: ^/api/ibexa + provider: ibexa user_checker: Ibexa\Core\MVC\Symfony\Security\UserChecker context: ibexa custom_authenticators: @@ -79,6 +82,7 @@ security: ibexa_front: pattern: ^/ + provider: ibexa user_checker: Ibexa\Core\MVC\Symfony\Security\UserChecker context: ibexa form_login: From 9763796864364008a8128fe222eeec27a80fffa9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Szo=C5=82tysek?= Date: Mon, 1 Jul 2024 12:53:24 +0200 Subject: [PATCH 5/5] Revert "[tmp] set jwt gql to enabled" This reverts commit a4b28059d00095655e84d557942e32a1231b2225. --- .../5.0/config/packages/lexik_jwt_authentication.yaml | 2 +- ibexa/commerce/5.0/config/packages/security.yaml | 10 +++++----- .../5.0/config/packages/lexik_jwt_authentication.yaml | 2 +- ibexa/experience/5.0/config/packages/security.yaml | 10 +++++----- .../5.0/config/packages/lexik_jwt_authentication.yaml | 2 +- ibexa/headless/5.0/config/packages/security.yaml | 10 +++++----- .../5.0/config/packages/lexik_jwt_authentication.yaml | 2 +- ibexa/oss/5.0/config/packages/security.yaml | 10 +++++----- 8 files changed, 24 insertions(+), 24 deletions(-) diff --git a/ibexa/commerce/5.0/config/packages/lexik_jwt_authentication.yaml b/ibexa/commerce/5.0/config/packages/lexik_jwt_authentication.yaml index e1e64743..42ddd3ce 100644 --- a/ibexa/commerce/5.0/config/packages/lexik_jwt_authentication.yaml +++ b/ibexa/commerce/5.0/config/packages/lexik_jwt_authentication.yaml @@ -5,7 +5,7 @@ lexik_jwt_authentication: # Disabled by default, because Page builder use an custom extractor token_extractors: authorization_header: - enabled: true + enabled: false cookie: enabled: false query_parameter: diff --git a/ibexa/commerce/5.0/config/packages/security.yaml b/ibexa/commerce/5.0/config/packages/security.yaml index 6d6941ae..0cb6afa1 100644 --- a/ibexa/commerce/5.0/config/packages/security.yaml +++ b/ibexa/commerce/5.0/config/packages/security.yaml @@ -100,11 +100,11 @@ security: # success_handler: lexik_jwt_authentication.handler.authentication_success # failure_handler: lexik_jwt_authentication.handler.authentication_failure - ibexa_jwt_graphql: - request_matcher: Ibexa\GraphQL\Security\NonAdminGraphQLRequestMatcher - provider: ibexa - stateless: true - jwt: ~ + #ibexa_jwt_graphql: + # request_matcher: Ibexa\GraphQL\Security\NonAdminGraphQLRequestMatcher + # provider: ibexa + # stateless: true + # jwt: ~ # Uncomment ibexa_oauth2_connect, ibexa_oauth2_front rules and comment ibexa_front firewall # to enable OAuth2 authentication diff --git a/ibexa/experience/5.0/config/packages/lexik_jwt_authentication.yaml b/ibexa/experience/5.0/config/packages/lexik_jwt_authentication.yaml index e1e64743..42ddd3ce 100644 --- a/ibexa/experience/5.0/config/packages/lexik_jwt_authentication.yaml +++ b/ibexa/experience/5.0/config/packages/lexik_jwt_authentication.yaml @@ -5,7 +5,7 @@ lexik_jwt_authentication: # Disabled by default, because Page builder use an custom extractor token_extractors: authorization_header: - enabled: true + enabled: false cookie: enabled: false query_parameter: diff --git a/ibexa/experience/5.0/config/packages/security.yaml b/ibexa/experience/5.0/config/packages/security.yaml index 4e094981..ef1de294 100644 --- a/ibexa/experience/5.0/config/packages/security.yaml +++ b/ibexa/experience/5.0/config/packages/security.yaml @@ -88,11 +88,11 @@ security: # success_handler: lexik_jwt_authentication.handler.authentication_success # failure_handler: lexik_jwt_authentication.handler.authentication_failure - ibexa_jwt_graphql: - request_matcher: Ibexa\GraphQL\Security\NonAdminGraphQLRequestMatcher - provider: ibexa - stateless: true - jwt: ~ + #ibexa_jwt_graphql: + # request_matcher: Ibexa\GraphQL\Security\NonAdminGraphQLRequestMatcher + # provider: ibexa + # stateless: true + # jwt: ~ # Uncomment ibexa_oauth2_connect, ibexa_oauth2_front rules and comment ibexa_front firewall # to enable OAuth2 authentication diff --git a/ibexa/headless/5.0/config/packages/lexik_jwt_authentication.yaml b/ibexa/headless/5.0/config/packages/lexik_jwt_authentication.yaml index e1e64743..42ddd3ce 100644 --- a/ibexa/headless/5.0/config/packages/lexik_jwt_authentication.yaml +++ b/ibexa/headless/5.0/config/packages/lexik_jwt_authentication.yaml @@ -5,7 +5,7 @@ lexik_jwt_authentication: # Disabled by default, because Page builder use an custom extractor token_extractors: authorization_header: - enabled: true + enabled: false cookie: enabled: false query_parameter: diff --git a/ibexa/headless/5.0/config/packages/security.yaml b/ibexa/headless/5.0/config/packages/security.yaml index 4e094981..ef1de294 100644 --- a/ibexa/headless/5.0/config/packages/security.yaml +++ b/ibexa/headless/5.0/config/packages/security.yaml @@ -88,11 +88,11 @@ security: # success_handler: lexik_jwt_authentication.handler.authentication_success # failure_handler: lexik_jwt_authentication.handler.authentication_failure - ibexa_jwt_graphql: - request_matcher: Ibexa\GraphQL\Security\NonAdminGraphQLRequestMatcher - provider: ibexa - stateless: true - jwt: ~ + #ibexa_jwt_graphql: + # request_matcher: Ibexa\GraphQL\Security\NonAdminGraphQLRequestMatcher + # provider: ibexa + # stateless: true + # jwt: ~ # Uncomment ibexa_oauth2_connect, ibexa_oauth2_front rules and comment ibexa_front firewall # to enable OAuth2 authentication diff --git a/ibexa/oss/5.0/config/packages/lexik_jwt_authentication.yaml b/ibexa/oss/5.0/config/packages/lexik_jwt_authentication.yaml index e1e64743..42ddd3ce 100644 --- a/ibexa/oss/5.0/config/packages/lexik_jwt_authentication.yaml +++ b/ibexa/oss/5.0/config/packages/lexik_jwt_authentication.yaml @@ -5,7 +5,7 @@ lexik_jwt_authentication: # Disabled by default, because Page builder use an custom extractor token_extractors: authorization_header: - enabled: true + enabled: false cookie: enabled: false query_parameter: diff --git a/ibexa/oss/5.0/config/packages/security.yaml b/ibexa/oss/5.0/config/packages/security.yaml index e9d84c0b..579fce3c 100644 --- a/ibexa/oss/5.0/config/packages/security.yaml +++ b/ibexa/oss/5.0/config/packages/security.yaml @@ -66,11 +66,11 @@ security: # success_handler: lexik_jwt_authentication.handler.authentication_success # failure_handler: lexik_jwt_authentication.handler.authentication_failure - ibexa_jwt_graphql: - request_matcher: Ibexa\GraphQL\Security\NonAdminGraphQLRequestMatcher - provider: ibexa - stateless: true - jwt: ~ + #ibexa_jwt_graphql: + # request_matcher: Ibexa\GraphQL\Security\NonAdminGraphQLRequestMatcher + # provider: ibexa + # stateless: true + # jwt: ~ ibexa_rest: pattern: ^/api/ibexa