Integrate Authorization Enabler
Edit on GitHubThis document describes how to integrate the Authorization Enabler into a Spryker project.
Prerequisites
To start the integration, review and install the necessary features:
| NAME | VERSION |
|---|---|
| Spryker Core |
1) Install the required modules
- Install the required modules using Composer:
composer require spryker/authorization spryker/glue-application-authorization-connector --update-with-dependencies
- Optional: Install or update modules with endpoint authorization:
composer require spryker/orders-rest-api:"^4.10.0" spryker/availability-notifications-rest-api:"^1.1.0" spryker/carts-rest-api:"^5.16.0" spryker/customers-rest-api:"^1.19.0" --update-with-dependencies
Verificaiton
Ensure that the following modules have been installed in vendor/spryker:
| MODULE | EXPECTED DIRECTORY |
|---|---|
| Authorization | vendor/spryker/authorization |
| GlueApplicationAuthorizationConnector | vendor/spryker/glue-application-authorization-connector |
| AuthorizationExtension | vendor/spryker/authorization-extension |
| GlueApplicationExtension | vendor/spryker/glue-application-extension |
| GlueApplicationAuthorizationConnectorExtension | vendor/spryker/glue-application-authorization-connector-extension |
2) Set up transfer objects
Generate transfer changes:
console transfer:generate
Verificaiton
Make sure the following changes have been applied in transfer objects:
| TRANSFER | TYPE | EVENT | PATH |
|---|---|---|---|
| AuthorizationRequestTransfer | class | created | src/Generated/Shared/Transfer/AuthorizationRequestTransfer.php |
| AuthorizationResponseTransfer | class | created | src/Generated/Shared/Transfer/AuthorizationResponseTransfer.php |
| AuthorizationIdentityTransfer | class | created | src/Generated/Shared/Transfer/AuthorizationIdentityTransfer.php |
| AuthorizationEntityTransfer | class | created | src/Generated/Shared/Transfer/AuthorizationEntityTransfer.php |
| RouteAuthorizationConfigTransfer | class | created | src/Generated/Shared/Transfer/RouteAuthorizationConfigTransfer.php |
| RestErrorMessageTransfer | class | created | src/Generated/Shared/Transfer/RestErrorMessageTransfer.php |
3) Set up behavior
Set up the following behaviors.
Enable authorization plugins
Activate the following plugins:
| PLUGIN | SPECIFICATION | NAMESPACE |
|---|---|---|
| CustomerReferenceMatchingEntityIdAuthorizationStrategyPlugin | Authorization rule for the route that uses the current strategy. | Spryker\Client\Customer\Plugin |
| AuthorizationRestUserValidatorPlugin | Validates a request if the route implements the authorization interface. | Spryker\Glue\GlueApplicationAuthorizationConnector\Plugin\GlueApplication |
| AuthorizationRouterParameterExpanderPlugin | Expands a route with additional parameters. | Spryker\Glue\GlueApplicationAuthorizationConnector\Plugin\GlueApplication |
src/Pyz/Client/Authorization/AuthorizationDependencyProvider.php
<?php
namespace Pyz\Client\Authorization;
use Spryker\Client\Authorization\AuthorizationDependencyProvider as SprykerAuthorizationDependencyProvider;
use Spryker\Client\Customer\Plugin\Authorization\CustomerReferenceMatchingEntityIdAuthorizationStrategyPlugin;
class AuthorizationDependencyProvider extends SprykerAuthorizationDependencyProvider
{
/**
* @return \Spryker\Client\AuthorizationExtension\Dependency\Plugin\AuthorizationStrategyPluginInterface[]
*/
protected function getAuthorizationStrategyPlugins(): array
{
return [
new CustomerReferenceMatchingEntityIdAuthorizationStrategyPlugin(),
];
}
}
src/Pyz/Glue/GlueApplication/GlueApplicationDependencyProvider.php
<?php
namespace Pyz\Glue\GlueApplication;
....
use Spryker\Glue\GlueApplicationAuthorizationConnector\Plugin\GlueApplication\AuthorizationRestUserValidatorPlugin;
use Spryker\Glue\GlueApplicationAuthorizationConnector\Plugin\GlueApplication\AuthorizationRouterParameterExpanderPlugin;
....
class GlueApplicationDependencyProvider extends SprykerAuthorizationDependencyProvider
{
/**
* @return \Spryker\Glue\GlueApplicationExtension\Dependency\Plugin\RestUserValidatorPluginInterface[]
*/
protected function getRestUserValidatorPlugins(): array
{
return [
new AuthorizationRestUserValidatorPlugin(),
];
}
/**
* @return \Spryker\Glue\GlueApplicationExtension\Dependency\Plugin\RouterParameterExpanderPluginInterface[]
*/
protected function getRouterParameterExpanderPlugins(): array
{
return [
new AuthorizationRouterParameterExpanderPlugin(),
];
}
}
Verification
To make sure that the plugins are activated, send a request with incorrect authentication details to a protected resource and check that it returns an authorization error.
Thank you!
For submitting the form