Sunday, January 23, 2022

[FIXED] Lexik JWT, how to allow only user's infrmations

Issue

I wonder how can I configure JWT Lexik to authorize the user who is connected to have access only to his informations, and not all informations of all API like it's the case for me now. My JWT is functional

thanks

Laurie


Solution

First, you will have to understand the concept of the Symfony Security Component. The job of this component is to manage everything related to the security in your application : Such as authentication, permissions, roles, etc.

More information: https://symfony.com/doc/current/components/security.html

The job of Lexik JWT is to provide an auth system with JWT tokens.

It is not the job of LexikJWT to do that, but the job of the security component.

More information about how to restrict access: https://symfony.com/doc/current/security.html#denying-access-roles-and-other-authorization



Answered By - Martin Paucot
at

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.