PHPackages                             shoprenter/sr-oauth-jwt-security - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. shoprenter/sr-oauth-jwt-security

ActiveSymfony-bundle[Authentication &amp; Authorization](/categories/authentication)

shoprenter/sr-oauth-jwt-security
================================

This package provides the ability to secure endpoints with shoprenter oauth token

v1.0.5(1y ago)011MITPHPPHP &gt;=8.2

Since Jun 27Pushed 1y agoCompare

[ Source](https://github.com/Shoprenter/sr-oauth-jwt-security)[ Packagist](https://packagist.org/packages/shoprenter/sr-oauth-jwt-security)[ RSS](/packages/shoprenter-sr-oauth-jwt-security/feed)WikiDiscussions main Synced today

READMEChangelogDependencies (4)Versions (8)Used By (0)

OAuth JWT Security Bundle for Symfony 6.4
=========================================

[](#oauth-jwt-security-bundle-for-symfony-64)

This Symfony bundle provides JWT-based OAuth token verification and user authentication for securing your API endpoints.

Installation
------------

[](#installation)

1. Install the bundle using Composer:

    ```
    composer require shoprenter/sr-oauth-jwt-security
    ```
2. Configure the bundle in `config/packages/shoprenter.yaml`:

    ```
    shoprenter_oauth_jwt_security:
      oauth_jwt_security:
        public_key_path: '%kernel.project_dir%/config/jwt/jwtRS256.key.pub'
    ```
3. Configure security in `config/packages/security.yaml`:

    ```
    security:
        providers:
          jwt_users:
            id: Shoprenter\OauthJWTSecurity\User\OAuthAccessTokenUserProvider

        firewalls:
          jwt_bearer:
            pattern: ^/api
            stateless: true
            access_token:
              provider: jwt_users
              token_handler: Shoprenter\OauthJWTSecurity\AccessToken\OAuthAccessTokenHandler

        access_control:
            - { path: ^/api, roles: ROLE_JWT_AUTHENTICATED_USER }
    ```

Usage
-----

[](#usage)

### Securing Endpoints with Scopes

[](#securing-endpoints-with-scopes)

Use voter attributes to check for specific OAuth scopes:

```
use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
use Symfony\Component\HttpFoundation\Response;

class ProductController extends AbstractController
{
    public function getProducts(AuthorizationCheckerInterface $authChecker): Response
    {
        // Check if the user has the 'read_products' scope
        if (!$authChecker->isGranted('product.product:read')) {
            throw $this->createAccessDeniedException('Missing required scope');
        }

        // Your protected code here...
    }
}
```

### Using Annotations/Attributes

[](#using-annotationsattributes)

With Symfony 6.4, you can use PHP attributes to secure controllers:

```
use Symfony\Component\Security\Http\Attribute\IsGranted;

class ProductController extends AbstractController
{
    #[IsGranted('product.product:read')]
    public function getProducts(): Response
    {
        // This endpoint requires the 'product.product:write' scope
        // ...
    }

    #[IsGranted('product.product:write')]
    public function createProduct(): Response
    {
        // This endpoint requires the 'product.product:write' scope
        // ...
    }
}
```

Client Authentication
---------------------

[](#client-authentication)

Clients must include a Bearer token in the Authorization header:

```
Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5...

```

Error Handling
--------------

[](#error-handling)

The authenticator will return a JSON response with a 401 status code if authentication fails.

It will return 403 status if a required scope is missing.

Technical Implementation Details
--------------------------------

[](#technical-implementation-details)

### Service Configuration

[](#service-configuration)

This bundle follows Symfony's best practices for service configuration:

- Services are defined in `src/Resources/config/services.yaml`
- The service configuration is loaded by the bundle's extension class (`ShoprenterOauthJWTSecurityExtension`)
- When the bundle is enabled in your application, all services are automatically registered with the Symfony container

This approach ensures that services are properly loaded and configured without requiring manual setup in your application.

Development
-----------

[](#development)

```
```shell
docker build -t sr-oauth-jwt-security .
```

```

Run the container:

```
```shell
docker run -d --name sr-oauth-jwt-security-container -v $(pwd):/var/www sr-oauth-jwt-security
```

```

This command:

-d: Runs the container in detached mode (background) --name: Assigns a name to the container -v $(pwd):/var/www: Mounts your current directory to /var/www in the container

Enter the running container:

```
```shell
docker exec -it sr-oauth-jwt-security-container bash
```

```

### Running Tests

[](#running-tests)

The bundle includes comprehensive unit tests for all core components. To run the tests:

1. Install the development dependencies:

    ```
    composer install --dev
    ```
2. Run the PHPUnit tests:

    ```
    ./vendor/bin/phpunit
    ```

###  Health Score

31

—

LowBetter than 66% of packages

Maintenance49

Moderate activity, may be stable

Popularity5

Limited adoption so far

Community8

Small or concentrated contributor base

Maturity54

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 88.9% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~0 days

Total

6

Last Release

373d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/c4de02d26e419d94f1c73cebc30c1582da0111b8dfd224aa9693047ad75e4f73?d=identicon)[epalmai\_shoprenter](/maintainers/epalmai_shoprenter)

---

Top Contributors

[![epalmai](https://avatars.githubusercontent.com/u/26679159?v=4)](https://github.com/epalmai "epalmai (24 commits)")[![szabo-laszlo-shoprenter](https://avatars.githubusercontent.com/u/153600720?v=4)](https://github.com/szabo-laszlo-shoprenter "szabo-laszlo-shoprenter (3 commits)")

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/shoprenter-sr-oauth-jwt-security/health.svg)

```
[![Health](https://phpackages.com/badges/shoprenter-sr-oauth-jwt-security/health.svg)](https://phpackages.com/packages/shoprenter-sr-oauth-jwt-security)
```

###  Alternatives

[google/auth

Google Auth Library for PHP

1.4k294.2M220](/packages/google-auth)[easycorp/easyadmin-bundle

Admin generator for Symfony applications

4.3k17.9M388](/packages/easycorp-easyadmin-bundle)[web-auth/webauthn-framework

FIDO2/Webauthn library for PHP and Symfony Bundle.

515100.5k3](/packages/web-auth-webauthn-framework)[rcsofttech/audit-trail-bundle

Enterprise-grade, high-performance Symfony audit trail bundle. Automatically track Doctrine entity changes with split-phase architecture, multiple transports (HTTP, Queue, Doctrine), and sensitive data masking.

1189.8k](/packages/rcsofttech-audit-trail-bundle)[ellaisys/aws-cognito

Laravel Authentication using AWS Cognito (Web and API)

123256.9k1](/packages/ellaisys-aws-cognito)[web-auth/webauthn-symfony-bundle

FIDO2/Webauthn Security Bundle For Symfony

66529.9k11](/packages/web-auth-webauthn-symfony-bundle)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
