PHPackages                             ghost-agency/stateless-auth-bundle - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. ghost-agency/stateless-auth-bundle

ActiveSymfony-bundle

ghost-agency/stateless-auth-bundle
==================================

Handle stateless authentication.

1.0.0(8y ago)1301MITPHPPHP &gt;=7.0.0

Since Mar 8Pushed 8y ago1 watchersCompare

[ Source](https://github.com/GaryPEGEOT/stateless-auth-bundle)[ Packagist](https://packagist.org/packages/ghost-agency/stateless-auth-bundle)[ RSS](/packages/ghost-agency-stateless-auth-bundle/feed)WikiDiscussions master Synced 2mo ago

READMEChangelogDependencies (5)Versions (4)Used By (0)

stateless-auth-bundle
=====================

[](#stateless-auth-bundle)

[![Build Status](https://camo.githubusercontent.com/1aa0b70a6b7f5b27ca1beac2bcae965c48819c42fa78a9ff5ee53ae0d457f074/68747470733a2f2f7472617669732d63692e6f72672f47617279504547454f542f73746174656c6573732d617574682d62756e646c652e7376673f6272616e63683d6d6173746572)](https://camo.githubusercontent.com/1aa0b70a6b7f5b27ca1beac2bcae965c48819c42fa78a9ff5ee53ae0d457f074/68747470733a2f2f7472617669732d63692e6f72672f47617279504547454f542f73746174656c6573732d617574682d62756e646c652e7376673f6272616e63683d6d6173746572)

Handle stateless authentication without SSH key needed. (Inspired from LexikJWTAuthenticationBundle)

Getting started
---------------

[](#getting-started)

### Prerequisites

[](#prerequisites)

This bundle requires Symfony 2.8+.

**Protip:** Though the bundle doesn't enforce you to do so, it is highly recommended to use HTTPS.

Installation
------------

[](#installation)

Add [`ghost-agency/stateless-auth-bundle`](https://packagist.org/packages/ghost-agency/stateless-auth-bundle)to your `composer.json` file:

```
php composer.phar require "ghost-agency/stateless-auth-bundle"

```

Register the bundle in `app/AppKernel.php`:

```
public function registerBundles()
{
    return array(
        // ...
        new GhostAgency\Bundle\StatelessAuthBundle\GhostAgencyStatelessAuthBundle(),
    );
}
```

### Configuration

[](#configuration)

Configure the hash key in your `config.yml` :

```
ghost_agency_stateless_auth:
    hash_key:  '%env(JWT_TOKEN_KEY)%'
    token_ttl: '%env(JWT_TOKEN_TTL)%' # Default to 3600 (1 hour)
```

Configure your `security.yml` :

```
security:
    # ...

    firewalls:

        main:
            pattern:  ^/api/login
            stateless: true
            anonymous: true
            json_login:
                check_path:               /api/login_check
                success_handler:          ghost_agency_stateless_auth.success_handler
                require_previous_session: false

        api:
            pattern:   ^/api
            stateless: true
            guard:
                authenticators:
                    - ghost_agency_stateless_auth.guard

    access_control:
        - { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/api,       roles: IS_AUTHENTICATED_FULLY }
```

Configure your `routing.yml` :

```
api_login_check:
    path: /api/login_check
```

### Usage

[](#usage)

#### 1. Obtain the token

[](#1-obtain-the-token)

The first step is to authenticate the user using its credentials. A classical form\_login on an anonymously accessible firewall will do perfect.

Just set the provided `ghost_agency_stateless_auth.success_handler` service as success handler to generate the token and send it as part of a json response body.

Store it (client side), the JWT is reusable until its ttl has expired (3600 seconds by default).

Note: You can test getting the token with a simple curl command like this:

```
curl -X POST http://localhost:8000/api/login_check --data {"username": "Miaou", "password": "LeChat"}
```

If it works, you will receive something like this:

```
{
   "token" : "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXUyJ9.eyJleHAiOjE0MzQ3Mjc1MzYsInVzZXJuYW1lIjoia29ybGVvbiIsImlhdCI6IjE0MzQ2NDExMzYifQ.nh0L_wuJy6ZKIQWh6OrW5hdLkviTs1_bau2GqYdDCB0Yqy_RplkFghsuqMpsFls8zKEErdX5TYCOR7muX0aQvQxGQ4mpBkvMDhJ4-pE4ct2obeMTr_s4X8nC00rBYPofrOONUOR4utbzvbd4d2xT_tj4TdR_0tsr91Y7VskCRFnoXAnNT-qQb7ci7HIBTbutb9zVStOFejrb4aLbr7Fl4byeIEYgp2Gd7gY"
}
```

### 2. Use the token

[](#2-use-the-token)

Simply pass the JWT on each request to the protected firewall as an authorization header.

By default only the authorization header mode is enabled : `Authorization: Bearer {token}`

#### Important note for Apache users

[](#important-note-for-apache-users)

As stated in [this link](http://stackoverflow.com/questions/11990388/request-headers-bag-is-missing-authorization-header-in-symfony-2) and [this one](http://stackoverflow.com/questions/19443718/symfony-2-3-getrequest-headers-not-showing-authorization-bearer-token/19445020), Apache server will strip any `Authorization header` not in a valid HTTP BASIC AUTH format.

If you intend to use the authorization header mode of this bundle (and you should), please add those rules to your VirtualHost configuration :

```
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
```

###  Health Score

28

—

LowBetter than 54% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity13

Limited adoption so far

Community7

Small or concentrated contributor base

Maturity60

Established project with proven stability

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Unknown

Total

1

Last Release

2967d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/deb239f09a0bc8fe72b095ed01bfe2eecab58553a0d26f498acd4226b7deaa75?d=identicon)[GaryPEGEOT](/maintainers/GaryPEGEOT)

---

Top Contributors

[![GaryPEGEOT](https://avatars.githubusercontent.com/u/8696117?v=4)](https://github.com/GaryPEGEOT "GaryPEGEOT (12 commits)")

### Embed Badge

![Health badge](/badges/ghost-agency-stateless-auth-bundle/health.svg)

```
[![Health](https://phpackages.com/badges/ghost-agency-stateless-auth-bundle/health.svg)](https://phpackages.com/packages/ghost-agency-stateless-auth-bundle)
```

###  Alternatives

[symfony/security-bundle

Provides a tight integration of the Security component into the Symfony full-stack framework

2.5k172.9M1.8k](/packages/symfony-security-bundle)[civicrm/civicrm-core

Open source constituent relationship management for non-profits, NGOs and advocacy organizations.

728272.9k17](/packages/civicrm-civicrm-core)[sonata-project/entity-audit-bundle

Audit for Doctrine Entities

644989.8k1](/packages/sonata-project-entity-audit-bundle)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)