Symfony and JWT (JSON Web Token)
In a nutshell in JWT when the client logs in the client gets a token back from the server, instead of a cookie. The token contains something called a claim. This is simply a JSON object, which includes what the developer considers necessary. This is the user ID as a minimum, but can contain other things such as username or security roles.
The client saves the token and on subsequent passes the token as a part request the header. The server then validates the token on the history on previous requests and returns the appropriate response based on whether the token validates or not.
The JWT technology is supported by a wide range of platforms and programming languages. The Symfony framework is one of these and the use of JWTs in real world applications was already mentioned in the case study for Namshi and Symfony2 in 2014 on Symfony.com.
Since 2014 the popularity of JWT has grown tremendously and there are now a number of interesting articles describing the use of JWT with Symfony2, many of which use the LexikJWTAuthenticationBundle underneath:
- Log In To A Symfony API With JWTs
- Symfony JSON Web Tokens Authentication with Guard
- Symfony client for an API secured with LexikJWTAuthenticationBundle, user authenticator and user provider
- Symfony RESTful API: Authentication with JWT (Course 4)
- Symfony Guard Authentication: Fun with API Token, Social Login, JWT and more
Any new application should definitely consider using JWT instead of the classic cookie authentication method.