Update "How to Authenticate Users with API Keys" #5252
Comments
|
@mvar Nice thinking! I definitely agree with the And avoiding manual injection of the |
|
@weaverryan thanks for your feedback. I've submitted a PR with discussed changes. Actually I have one more idea. How bad it would be to suggest to treat API key as a username? I.e. to use |
xabbuh
added
hasPR
This sounds too confusing for me. Often your users will have both a username and an API key (or even more than one API key, one for each authorised third-party application, for example), won't they? |
…ction (mvar) This PR was submitted for the 2.5 branch but it was merged into the 2.6 branch instead (closes #5255). Discussion ---------- [Cookbook] Use configured user provider instead of injection | Q | A | ------------- | --- | Doc fix? | yes | New docs? | no | Applies to | 2.5, 2.6 | Fixed tickets | #5252 Commits ------- 8556ae2 Improve invalid user provider exception message 77fdbbe Check user provider type f7d7f81 Use configured user provider instead of injection
While reading How to Authenticate Users with API Keys cookbook few ideas just came into my mind.
Is there any reason why this cookbook suggests to [manually] inject custom user provider (
ApiKeyUserProvider) into authenticator service (ApiKeyAuthenticator)? Using this solution I see two minor issues that can be solved another way. First, we need to inject another service... Second,$userProviderargument ofApiKeyAuthenticator :: authenticateToken()method is left unused.If I'm right, we can achieve the same goal by eliminating injection and additiong few lines to
security.yml:If we inject
ApiKeyUserProvidermanually, then there is no reason to register it as provider or even implementUserProviderInterface.What do you think?
Also in few places
ApiKeyAuthenticationshould be renamed toApiKeyAuthenticator.The text was updated successfully, but these errors were encountered: