Decoupled Glue infrastructure: Integrate the API Key authorization

Edit on GitHub

This document describes how to integrate the API Key authorization to Backend API applications in a Spryker project.

Install feature core

Follow the steps below to install the API Key authorization feature core.

Prerequisites

Install the required features:

NAME VERSION INSTALLATION GUIDE
Spryker Core 202311.0 Install the Spryker Core feature
Glue Backend API Application Integrate Storefront and Backend Glue API applications

1) Install the required modules using Composer

Install the required modules:

commposer require spryker/api-key-authorization-connector:"^1.0.0" \
spryker/spryker/glue-backend-api-application-authorization-connector:"^1.4.0"
Verification

Make sure that the following modules have been installed:

MODULE EXPECTED DIRECTORY
ApiKey vendor/spryker/api-key
ApiKeyGui vendor/spryker/api-key-gui
Authorization vendor/spryker/authorization
ApiKeyAuthorizationConnector vendor/spryker/api-key-authorization-connector
GlueBackendApiApplicationAuthorizationConnector vendor/spryker/glue-backend-api-application-authorization-connector

2) Set up database schema and transfer objects

Apply database changes and generate entity and transfer changes:

vendor/bin/console transfer:generate
vendor/bin/console propel:install
vendor/bin/console transfer:generate
Verification

Ensure that the following changes have occurred in the database:

DATABASE ENTITY TYPE EVENT
spy_api_key table created

Ensure that the following changes have occurred in transfer objects:

TRANSFER TYPE EVENT PATH
ApiKey class created src/Generated/Shared/Transfer/ApiKeyTransfer
ApiKeyCollectionRequest class created src/Generated/Shared/Transfer/ApiKeyCollectionRequestTransfer
ApiKeyCollectionReqsponse class created src/Generated/Shared/Transfer/ApiKeyCollectionReqsponseTransfer
ApiKeyCollectionDeleteCriteria class created src/Generated/Shared/Transfer/ApiKeyCollectionDeleteCriteriaTransfer
ApiKeyCollection class created src/Generated/Shared/Transfer/ApiKeyCollectionTransfer
ApiKeyCriteria class created src/Generated/Shared/Transfer/ApiKeyCriteriaTransfer
ApiKeyConditions class created src/Generated/Shared/Transfer/ApiKeyConditionsTransfer
CriteriaRangeFilter class created src/Generated/Shared/Transfer/CriteriaRangeFilterTransfer
GlueRequest class created src/Generated/Shared/Transfer/GlueRequestTransfer
AuthorizationIdentity class created src/Generated/Shared/Transfer/AuthorizationIdentityTransfer
AuthorizationEntity class created src/Generated/Shared/Transfer/AuthorizationEntityTransfer
AuthorizationRequest class created src/Generated/Shared/Transfer/AuthorizationRequestTransfer
AuthorizationResponse class created src/Generated/Shared/Transfer/AuthorizationResponseTransfer

3) Set up configuration

Add the configuration to your project:

CONFIGURATION SPECIFICATION NAMESPACE
AuthorizationConfig::isMultistrategyAuthorizationAllowed() Returns true if the multiple strategies authorization is allowed. Pyz\Zed\Authorization\AuthorizationConfig
src/Pyz/Zed/Authorization/AuthorizationConfig.php
<?php

namespace Pyz\Zed\Authorization;

 use Spryker\Zed\Authorization\AuthorizationConfig as SprykerAuthorizationConfig;

 class AuthorizationConfig extends SprykerAuthorizationConfig
 {
     /**
      * {@inheritDoc}
      *
      * @return bool
      */
     public function isMultistrategyAuthorizationAllowed(): bool
     {
         return true;
     }
 }

4) Set up behavior

  1. Activate the following plugins:
PLUGIN SPECIFICATION NAMESPACE
ApiKeyAuthorizationRequestExpanderPlugin Expands the request by the API Key provided. Spryker\Glue\ApiKeyAuthorizationConnector\Plugin\GlueBackendApiApplicationAuthorizationConnector
ApiKeyAuthorizationStrategyPlugin Executes the API Key verification process. Spryker\Zed\ApiKeyAuthorizationConnector\Communication\Plugin\Authorization
src/Pyz/Glue/GlueBackendApiApplicationAuthorizationConnector/GlueBackendApiApplicationAuthorizationConnectorDependencyProvider.php
<?php

namespace Pyz\Glue\GlueBackendApiApplicationAuthorizationConnector;

use Spryker\Glue\ApiKeyAuthorizationConnector\Plugin\GlueBackendApiApplicationAuthorizationConnector\ApiKeyAuthorizationRequestExpanderPlugin;
use Spryker\Glue\GlueBackendApiApplicationAuthorizationConnector\GlueBackendApiApplicationAuthorizationConnectorDependencyProvider as SprykerGlueBackendApiApplicationAuthorizationConnectorDependencyProvider;

class GlueBackendApiApplicationAuthorizationConnectorDependencyProvider extends SprykerGlueBackendApiApplicationAuthorizationConnectorDependencyProvider
{
    /**
     * @return array<\Spryker\Glue\GlueApplicationExtension\Dependency\Plugin\AuthorizationRequestExpanderPluginInterface>
     */
    protected function getAuthorizationRequestExpanderPlugins(): array
    {
        return [
            new ApiKeyAuthorizationRequestExpanderPlugin(),
        ];
    }
}

src/Pyz/Zed/Authorization/AuthorizationDependencyProvider.php
<?php

namespace Pyz\Zed\Authorization;

use Spryker\Zed\ApiKeyAuthorizationConnector\Communication\Plugin\Authorization\ApiKeyAuthorizationStrategyPlugin;
use Spryker\Zed\Authorization\AuthorizationDependencyProvider as SprykerAuthorizationDependencyProvider;

class AuthorizationDependencyProvider extends SprykerAuthorizationDependencyProvider
{
    /**
     * @return array<\Spryker\Zed\AuthorizationExtension\Dependency\Plugin\AuthorizationStrategyPluginInterface>
     */
    protected function getAuthorizationStrategyPlugins(): array
    {
        return [
            new ApiKeyAuthorizationStrategyPlugin(),
        ];
    }
}

Verification

Follow the instructions from Use API Key authorization to check that the API Key authorization has been integrated properly.