JWT Authentication bundle for Symfony

• PHP 7.3+
• Symfony 4.4+
• Auth0 PHP 7.6+

Using Composer:

composer require auth0/jwt-auth-bundle:"~4.0"

After installing the bundle in your project you should find a new file located at config/packages/jwt_auth.yaml. These values should read from variables set in your .env file. Available configuration options are:

jwt_auth:
  #  The domain of your registered Auth0 tenant.
  domain: "%env(AUTH0_DOMAIN)%"
  # The client ID string of your registered Auth0 application.
  client_id: "%env(AUTH0_CLIENT_ID)%"
  # The audience/identifier string of your registered Auth0 API.
  audience: "%env(AUTH0_API_AUDIENCE)%"

  # Defaults to RS256. Supported options are RS256 or HS256.
  algorithm: "RS256"
  # If you're using HS256, you need to provide the client secret for your registered Auth0 application.
  client_secret: "%env(AUTH0_CLIENT_SECRET)%"

  # Recommended. A PSR-6 or PSR-16 compatible cache.
  # See: https://symfony.com/doc/current/components/cache.html
  cache: "cache.app"

  # Token validations to run during JWT decoding:
  validations:
    # Validate AUD claim against a value, such as an API identifier. Set to false to skip. Defaults to jwt_auth.audience.
    aud: "%env(AUTH0_API_AUDIENCE)%"
    # Validate the AZP claim against a value, such as a client ID. Set to false to skip. Defaults to false.
    azp: "%env(AUTH0_CLIENT_ID)%"
    # Validate ORG_ID claim against a value, such as the Auth0 Organization. Set to false to skip. Defaults to false.
    org_id: "%env(AUTH0_ORGANIZATION)%"
    # Maximum age (in seconds) since the auth_time of the token. Set to false to skip. Defaults to false.
    max_age: 3600
    # Clock tolerance (in seconds) for token expiration checks. Requires an integer value. Defaults to 60 seconds.
    leeway: 60

The Auth0 PHP SDK is included in this bundle to handle the processing of JWTs. You can inject to your UserProvider to get the user profile, example code.

We appreciate your feedback and contributions to the project! Before you get started, please review the following:

• Auth0's general contribution guidelines
• Auth0's code of conduct guidelines
• The Auth0 PHP SDK contribution guide

• The Auth0 Community is a valuable resource for asking questions and finding answers, staffed by the Auth0 team and a community of enthusiastic developers
• For code-level support (such as feature requests and bug reports) we encourage you to open issues here on our repo
• For customers on paid plans, our support center is available for opening tickets with our knowledgeable support specialists

Further details about our support solutions are available on our website.

Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.

Auth0 helps you to:

• Add authentication with multiple authentication sources, either social like Google, Facebook, Microsoft, LinkedIn, GitHub, Twitter, Box, Salesforce (amongst others), or enterprise identity systems like Windows Azure AD, Google Apps, Active Directory, ADFS or any SAML Identity Provider.
• Add authentication through more traditional username/password databases.
• Add support for passwordless and multi-factor authentication.
• Add support for linking different user accounts with the same user.
• Analytics of how, when and where users are logging in.
• Pull data from other sources and add it to the user profile, through JavaScript rules.

Why Auth0?

This project is open source software licensed under the MIT license. See the LICENSE file for more info.