use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; $app->get('/protected', function(Request $request) use ($app) { $user = $app['security.token_storage']->getToken()->getUser(); if (!$user) { return new Response( 'Please log in.', Response::HTTP_UNAUTHORIZED, array('WWW-Authenticate' => 'Basic realm="My Realm"') ); } // do something if user is authenticated })->bind('protected');
$app->post('/login', function (Request $request) use ($app) { $username = $request->request->get('username'); $password = $request->request->get('password'); // validate username and password $user = // get user from database or other storage // generate a token for the user $token = $app['security.jwt.encoder']->encode([ 'username' => $user['username'], 'roles' => $user['roles'] ]); return $app->json(['token' => $token]); }); $app->get('/protected', function(Request $request) use ($app) { $token = $request->headers->get('Authorization'); if (!$token) { return new Response('Unauthorized', Response::HTTP_UNAUTHORIZED); } // decode token and verify user // do something if user is authenticated })->bind('protected');
$app->post('/login', function (Request $request) use ($app) { $client_id = $request->request->get('client_id'); $client_secret = $request->request->get('client_secret'); // validate client_id and client_secret $access_token = // request access token from OAuth2 server return $app->json(['access_token' => $access_token]); }); $app->get('/protected', function(Request $request) use ($app) { $access_token = $request->headers->get('Authorization'); if (!$access_token) { return new Response('Unauthorized', Response::HTTP_UNAUTHORIZED); } // validate access token with OAuth2 server // do something if user is authenticated })->bind('protected');Application Protect is part of Silex's SecurityServiceProvider package, which provides additional security features such as CSRF protection and rate limiting.