PHPackages                             wakeonweb/kong-oauth2-firewall-bundle - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. wakeonweb/kong-oauth2-firewall-bundle

ActiveSymfony-bundle

wakeonweb/kong-oauth2-firewall-bundle
=====================================

Kong OAuth2 Firewall Bundle

v1.0.0(7y ago)0215MITPHP

Since Nov 7Pushed 7y ago1 watchersCompare

[ Source](https://github.com/WakeOnWeb/kong-oauth2-firewall-bundle)[ Packagist](https://packagist.org/packages/wakeonweb/kong-oauth2-firewall-bundle)[ RSS](/packages/wakeonweb-kong-oauth2-firewall-bundle/feed)WikiDiscussions master Synced 2mo ago

READMEChangelog (1)Dependencies (2)Versions (2)Used By (0)

WakeOnWebKongOAuth2FirewallBundle
=================================

[](#wakeonwebkongoauth2firewallbundle)

**Note:** The bundle handle the authentication of user when used behind a Kong API Gateway. Be sure to isolate your application from the outside world. Kong transform user credentials into a set of headers that are used to authenticate the user. An attacker can fake them with a direct access to your app.

Configuration
-------------

[](#configuration)

*/config/packages/security.yaml*

```
security:
    providers:
        trusted:
            id: WakeOnWeb\Bundle\KongOAuth2FirewallBundle\Security\TrustedUserProvider
        # OR USE YOUR OWN PROVIDER
        # in_memory:
        #     memory:
        #         users:
        #             66ce7c7d-ef0a-47f9-b952-a7dd44ebc7cc: ~

    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        main:
            kong:
                consumer_ids:
                    - 8ca2548f-3b97-4a03-847e-9e42c150e644
                anonymous_consumer_ids:
                    - 836b6e33-fd83-43b6-ab77-74390873d7b6

    access_control:
        - { path: ^/me, roles: IS_AUTHENTICATED_FULLY }
        - { path: ^/ping, roles: IS_AUTHENTICATED_ANONYMOUSLY }

```

The authentication mechanism use a combination of headers provided by kong. An authenticated user will have the following two headers `X-Consumer-ID` and `X-Authenticated-UserID`. An anonymous user will only have the header `X-Anonymous-Consumer`.

It appears that the `X-Authenticated-UserID` header is not reliable at all. The firewall could only trust the `X-Consumer-ID` and the `X-Anonymous-Consumer`. That's why both the IDs should appears in the firewall configuration.

Todo
----

[](#todo)

- Add an HTTP Client / Guzzle Middleware that forwards the kong authentication headers when communicating with other local microservices.

###  Health Score

28

—

LowBetter than 54% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity11

Limited adoption so far

Community7

Small or concentrated contributor base

Maturity61

Established project with proven stability

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Unknown

Total

1

Last Release

2741d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/47c3006a9e7662031ee9d3fa064238fef88479fd7d60f18dd47f038fbbd7dc5a?d=identicon)[steph\_py](/maintainers/steph_py)

---

Top Contributors

[![stephpy](https://avatars.githubusercontent.com/u/232744?v=4)](https://github.com/stephpy "stephpy (1 commits)")

### Embed Badge

![Health badge](/badges/wakeonweb-kong-oauth2-firewall-bundle/health.svg)

```
[![Health](https://phpackages.com/badges/wakeonweb-kong-oauth2-firewall-bundle/health.svg)](https://phpackages.com/packages/wakeonweb-kong-oauth2-firewall-bundle)
```

###  Alternatives

[sylius/sylius

E-Commerce platform for PHP, based on Symfony framework.

8.4k5.6M648](/packages/sylius-sylius)[shopware/platform

The Shopware e-commerce core

3.3k1.5M3](/packages/shopware-platform)[neuron-core/neuron-ai

The PHP Agentic Framework.

1.8k245.3k20](/packages/neuron-core-neuron-ai)[shopware/core

Shopware platform is the core for all Shopware ecommerce products.

595.2M386](/packages/shopware-core)[ec-cube/ec-cube

EC-CUBE EC open platform.

78527.0k1](/packages/ec-cube-ec-cube)[open-dxp/opendxp

Content & Product Management Framework (CMS/PIM)

7310.3k29](/packages/open-dxp-opendxp)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)