PHPackages lingoda/b2b-crosslogin-bundle - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. lingoda/b2b-crosslogin-bundle ActiveProject lingoda/b2b-crosslogin-bundle ============================= B2B Cross-Login Bundle 1.1.0(1mo ago)042.0k↓30.6%proprietaryPHPPHP ^8.3CI passing Since Jun 18Pushed 1mo ago8 watchersCompare [ Source](https://github.com/lingoda/b2b-crosslogin-bundle)[ Packagist](https://packagist.org/packages/lingoda/b2b-crosslogin-bundle)[ RSS](/packages/lingoda-b2b-crosslogin-bundle/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (4)Dependencies (38)Versions (6)Used By (0) Lingoda B2B Cross-Login Bundle ============================== [](#lingoda-b2b-cross-login-bundle) This bundle provides a way to cross-login between apps on B2B. ### Installation [](#installation) ``` composer require lingoda/b2b-crosslogin-bundle ``` Then add the bundle to your `config/bundles.php`, if it is not added automatically: ``` return [ // ... Lingoda\CrossLoginBundle\LingodaCrossLoginBundle::class => ['all' => true], ]; ``` ### Configuration [](#configuration) Add the following configuration to your `config/packages/lingoda_cross_login.yaml`: ``` lingoda_cross_login: # This should match the value of lexik_jwt_authentication.query_parameter.name parameter, # if LexikJWTAuthenticationBundle built-in authenticator is used query_parameter_name: bearer issuer: 'https://your-issuer.com' # this overrides the value from LexikJWTAuthenticationBundle configuration, only for the cross-bundle JWT token, # and it will not affect other tokens generated via LexikJWTAuthenticationBundle token_ttl: 5 # in seconds; make it as short as possible, to minimize the risk of token theft; Maximum allowed value is 10, minimum is 1; Default and recommended value is 5 ``` !!! For security reasons, the `audience` of a generated token on one app has to match the `issuer` of the other app, and vice versa. Tokens that do not match this requirement will be rejected. The `audience` is automatically generated from the `host` and `port` of the URL provided. The following statements should be true, in order to have a successful cross-login: - App A `issuer` ENV var = App B JWT token `audience` (`aud`) - App B `issuer` ENV var = App A JWT token `audience` (`aud`) ### Configuration for LexikJWTAuthenticationBundle [](#configuration-for-lexikjwtauthenticationbundle) Add the following configuration to your `config/packages/lexik_jwt_authentication.yaml`: ``` lexik_jwt_authentication: secret_key: '%env(resolve:JWT_SECRET_KEY)%' public_key: '%env(resolve:JWT_PUBLIC_KEY)%' pass_phrase: '%env(JWT_PASSPHRASE)%' token_ttl: 3600 token_extractors: # if LexikJWTAuthenticationBundle is not used for anything else, you can disable other extractors # authorization_header: # enabled: false query_parameter: enabled: true name: bearer ``` ### Configuring the firewall [](#configuring-the-firewall) Then, add the following configuration to your `config/packages/security.yaml`: ``` security: firewalls: your-firewall-name: # ... jwt: ~ ``` ### Configuring the routes [](#configuring-the-routes) Finally, add the following to your `config/routes.yaml`: ``` _lingoda_cross_login: resource: '@LingodaCrossLoginBundle/config/routes.php' prefix: /admin # optional, but recommended to have it behind a firewall, so it can't be accessed by unauthorized users ``` ### Important note! [](#important-note) - Keep in mind, all apps need to have the same `JWT_PUBLIC_KEY` value (`public.pem` content, not path), so the JWT token can be validated across apps. ### Usage in Twig [](#usage-in-twig) You can use the following Twig functions to generate JWT tokens and URLs: ``` # to generate a JWT token, use the following function: {{ crosslogin_generate_token(url('a_route_name_here')) }} # to generate a URL that will redirect to the signed URL, use the following function: {{ crosslogin_sign_and_redirect_url('https://example.com/?foo=bar#fragment') }} # to generate a signed URL that you can use on an iFrame, use the following function: {{ crosslogin_sign_url('https://example.com/?foo=bar#fragment') }} ``` ### Use cases [](#use-cases) #### 1. Bypassing JWT token authentication failure [](#1-bypassing-jwt-token-authentication-failure) If you don't want the authentication to fail if the JWT token is invalid, expired, or not provided, you can add the `BypassFailureJWTAuthenticator` to your firewall's `custom_authenticators`: ``` # config/packages/security.yaml security: firewalls: your-firewall-name: # ... jwt: authenticator: Lingoda\CrossLoginBundle\Security\Authenticator\BypassFailureJWTAuthenticator ``` And register the authenticator in your `config/services.yaml`: ``` services: # ... Lingoda\CrossLoginBundle\Security\Authenticator\BypassFailureJWTAuthenticator: parent: lexik_jwt_authentication.security.jwt_authenticator ``` #### 2. Stateful cross-login [](#2-stateful-cross-login) If you want to make the cross-login stateful, add the `jwt` configuration to a stateful firewall, e.g.: ``` # config/packages/security.yaml security: firewalls: admin: # ... jwt: ~ form_login: ~ entry_point: form_login # ... do not add stateless: true to this firewall, as it will make the cross-login stateless ``` ### Dependencies [](#dependencies) - [LexikJWTAuthenticationBundle](https://github.com/lexik/LexikJWTAuthenticationBundle) is used for JWT token generating. ### Health Score 50 — FairBetter than 96% of packages Maintenance89 Actively maintained with recent releases Popularity29 Limited adoption so far Community10 Small or concentrated contributor base Maturity59 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~215 days Total 4 Last Release 55d ago PHP version history (2 changes)v1.0.0PHP ^8.2 1.1.0PHP ^8.3 ### Community Maintainers ![](https://www.gravatar.com/avatar/30c0431d32647bf0f71a0dbb9d2c6b9e71f18ae88124366d07a3305dc2505114?d=identicon)[balazscsaba2006](/maintainers/balazscsaba2006) --- Top Contributors [![balazscsaba2006](https://avatars.githubusercontent.com/u/1202594?v=4)](https://github.com/balazscsaba2006 "balazscsaba2006 (25 commits)") ### Code Quality TestsPHPUnit Static AnalysisPHPStan Code StyleECS Type Coverage Yes ### Embed Badge ![Health badge](/badges/lingoda-b2b-crosslogin-bundle/health.svg) ``` [![Health](https://phpackages.com/badges/lingoda-b2b-crosslogin-bundle/health.svg)](https://phpackages.com/packages/lingoda-b2b-crosslogin-bundle) ``` ### Alternatives [sylius/sylius E-Commerce platform for PHP, based on Symfony framework. 8.4k5.6M651](/packages/sylius-sylius)[sulu/sulu Core framework that implements the functionality of the Sulu content management system 1.3k1.3M152](/packages/sulu-sulu)[simplesamlphp/simplesamlphp A PHP implementation of a SAML 2.0 service provider and identity provider. 1.1k12.4M193](/packages/simplesamlphp-simplesamlphp)[shopware/platform The Shopware e-commerce core 3.3k1.5M3](/packages/shopware-platform)[contao/core-bundle Contao Open Source CMS 1231.6M2.4k](/packages/contao-core-bundle)[prestashop/prestashop PrestaShop is an Open Source e-commerce platform, committed to providing the best shopping cart experience for both merchants and customers. 9.0k15.4k](/packages/prestashop-prestashop) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)