PHPackages shoprenter/sr-oauth-jwt-security - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. shoprenter/sr-oauth-jwt-security ActiveSymfony-bundle[Authentication & Authorization](/categories/authentication) shoprenter/sr-oauth-jwt-security ================================ This package provides the ability to secure endpoints with shoprenter oauth token v1.0.5(10mo ago)011MITPHPPHP >=8.2 Since Jun 27Pushed 10mo agoCompare [ Source](https://github.com/Shoprenter/sr-oauth-jwt-security)[ Packagist](https://packagist.org/packages/shoprenter/sr-oauth-jwt-security)[ RSS](/packages/shoprenter-sr-oauth-jwt-security/feed)WikiDiscussions main Synced 1mo ago READMEChangelogDependencies (4)Versions (8)Used By (0) OAuth JWT Security Bundle for Symfony 6.4 ========================================= [](#oauth-jwt-security-bundle-for-symfony-64) This Symfony bundle provides JWT-based OAuth token verification and user authentication for securing your API endpoints. Installation ------------ [](#installation) 1. Install the bundle using Composer: ``` composer require shoprenter/sr-oauth-jwt-security ``` 2. Configure the bundle in `config/packages/shoprenter.yaml`: ``` shoprenter_oauth_jwt_security: oauth_jwt_security: public_key_path: '%kernel.project_dir%/config/jwt/jwtRS256.key.pub' ``` 3. Configure security in `config/packages/security.yaml`: ``` security: providers: jwt_users: id: Shoprenter\OauthJWTSecurity\User\OAuthAccessTokenUserProvider firewalls: jwt_bearer: pattern: ^/api stateless: true access_token: provider: jwt_users token_handler: Shoprenter\OauthJWTSecurity\AccessToken\OAuthAccessTokenHandler access_control: - { path: ^/api, roles: ROLE_JWT_AUTHENTICATED_USER } ``` Usage ----- [](#usage) ### Securing Endpoints with Scopes [](#securing-endpoints-with-scopes) Use voter attributes to check for specific OAuth scopes: ``` use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface; use Symfony\Component\HttpFoundation\Response; class ProductController extends AbstractController { public function getProducts(AuthorizationCheckerInterface $authChecker): Response { // Check if the user has the 'read_products' scope if (!$authChecker->isGranted('product.product:read')) { throw $this->createAccessDeniedException('Missing required scope'); } // Your protected code here... } } ``` ### Using Annotations/Attributes [](#using-annotationsattributes) With Symfony 6.4, you can use PHP attributes to secure controllers: ``` use Symfony\Component\Security\Http\Attribute\IsGranted; class ProductController extends AbstractController { #[IsGranted('product.product:read')] public function getProducts(): Response { // This endpoint requires the 'product.product:write' scope // ... } #[IsGranted('product.product:write')] public function createProduct(): Response { // This endpoint requires the 'product.product:write' scope // ... } } ``` Client Authentication --------------------- [](#client-authentication) Clients must include a Bearer token in the Authorization header: ``` Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5... ``` Error Handling -------------- [](#error-handling) The authenticator will return a JSON response with a 401 status code if authentication fails. It will return 403 status if a required scope is missing. Technical Implementation Details -------------------------------- [](#technical-implementation-details) ### Service Configuration [](#service-configuration) This bundle follows Symfony's best practices for service configuration: - Services are defined in `src/Resources/config/services.yaml` - The service configuration is loaded by the bundle's extension class (`ShoprenterOauthJWTSecurityExtension`) - When the bundle is enabled in your application, all services are automatically registered with the Symfony container This approach ensures that services are properly loaded and configured without requiring manual setup in your application. Development ----------- [](#development) ``` ```shell docker build -t sr-oauth-jwt-security . ``` ``` Run the container: ``` ```shell docker run -d --name sr-oauth-jwt-security-container -v $(pwd):/var/www sr-oauth-jwt-security ``` ``` This command: -d: Runs the container in detached mode (background) --name: Assigns a name to the container -v $(pwd):/var/www: Mounts your current directory to /var/www in the container Enter the running container: ``` ```shell docker exec -it sr-oauth-jwt-security-container bash ``` ``` ### Running Tests [](#running-tests) The bundle includes comprehensive unit tests for all core components. To run the tests: 1. Install the development dependencies: ``` composer install --dev ``` 2. Run the PHPUnit tests: ``` ./vendor/bin/phpunit ``` ### Health Score 32 — LowBetter than 72% of packages Maintenance54 Moderate activity, may be stable Popularity5 Limited adoption so far Community8 Small or concentrated contributor base Maturity54 Maturing project, gaining track record Bus Factor1 Top contributor holds 88.9% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~0 days Total 6 Last Release 319d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/c4de02d26e419d94f1c73cebc30c1582da0111b8dfd224aa9693047ad75e4f73?d=identicon)[epalmai\_shoprenter](/maintainers/epalmai_shoprenter) --- Top Contributors [![epalmai](https://avatars.githubusercontent.com/u/26679159?v=4)](https://github.com/epalmai "epalmai (24 commits)")[![szabo-laszlo-shoprenter](https://avatars.githubusercontent.com/u/153600720?v=4)](https://github.com/szabo-laszlo-shoprenter "szabo-laszlo-shoprenter (3 commits)") ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/shoprenter-sr-oauth-jwt-security/health.svg) ``` [![Health](https://phpackages.com/badges/shoprenter-sr-oauth-jwt-security/health.svg)](https://phpackages.com/packages/shoprenter-sr-oauth-jwt-security) ``` ### Alternatives [google/auth Google Auth Library for PHP 1.4k272.7M162](/packages/google-auth)[gesdinet/jwt-refresh-token-bundle Implements a refresh token system over Json Web Tokens in Symfony 70516.4M35](/packages/gesdinet-jwt-refresh-token-bundle)[thenetworg/oauth2-azure Azure Active Directory OAuth 2.0 Client Provider for The PHP League OAuth2-Client 2509.6M48](/packages/thenetworg-oauth2-azure)[stevenmaguire/oauth2-keycloak Keycloak OAuth 2.0 Client Provider for The PHP League OAuth2-Client 2275.9M27](/packages/stevenmaguire-oauth2-keycloak)[robsontenorio/laravel-keycloak-guard 🔑 Simple Keycloak Guard for Laravel 5161.1M3](/packages/robsontenorio-laravel-keycloak-guard)[scheb/2fa Two-factor authentication for Symfony applications (please use scheb/2fa-bundle to install) 578630.7k1](/packages/scheb-2fa) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)