Yep! You ❤️your new API Platform-powered API! It's just missing... well... any type of security! This is a big & important topic, so let's take it head-on in part 2 of our API Platform tutorial:
- API token security? Or tried-and-true session based login form security?
- CSRF protection? SameSite Cookies? Ice Cream?
- What is JWT?
- Installing & setting up LexikJWTAuthenticationBundle
- Security firewall setup for JWT / authentication endpoint
- Authorization & roles: restricting access to your operations!
- Encoding user's password (during user creation/update)
- API Platform custom data persister
- Dynamic serialization groups: showing different fields based on the user
- Custom normalizer for dynamic fields based on user
- Custom validator to control what data a user can set
Woh. Let's do this!