8000 Update mercure.rst regarding JWT token secret by tchapi · Pull Request #16151 · symfony/symfony-docs · GitHub
[go: up one dir, main page]
Skip to content

Update mercure.rst regarding JWT token secret #16151

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 2 commits into from
Closed

Update mercure.rst regarding JWT token secret #16151

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ac4f227
Update mercure.rst regarding JWT token secret
tchapi Nov 24, 2021
bd84756
Remove unneeded JWT reference
tchapi Nov 24, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
42 changes: 9 additions & 33 deletions mercure.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -111,38 +111,7 @@ the publicly available URL (e.g. ``https://example.com/.well-known/mercure``).
The clients must also bear a `JSON Web Token`_ (JWT)
to the Mercure Hub to be authorized to publish updates and, sometimes, to subscribe.

This JWT should be stored in the ``MERCURE_JWT_SECRET`` environment variable.

The JWT must be signed with the same secret key as the one used by
the Hub to verify the JWT (``!ChangeMe!`` in you use the Local Web Server or
Symfony Docker).
Its payload must contain at least the following structure to be allowed to
publish:

.. code-block:: json

{
"mercure": {
"publish": []
}
}

Because the array is empty, the Symfony app will only be authorized to publish
public updates (see the authorization_ section for further information).

.. tip::

The jwt.io website is a convenient way to create and sign JWTs.
Checkout this `example JWT`_, that grants publishing rights for all *topics*
(notice the star in the array).
Don't forget to set your secret key properly in the bottom of the right panel of the form!

.. caution::

Don't put the secret key in ``MERCURE_JWT_SECRET``, it will not work!
This environment variable must contain a JWT, signed with the secret key.

Also, be sure to keep both the secret key and the JWTs... secrets!
This token must be signed with the same secret key as the one used by the Hub to verify the JWT (``!ChangeMe!`` in you use the Local Web Server or Symfony Docker), which should be stored in the ``MERCURE_JWT_SECRET`` environment variable.

If you don't want to use the provided environment variables,
use the following configuration:
Expand Down Expand Up @@ -482,6 +451,14 @@ And here is the controller::
}
}


.. tip::

You cannot use the ``mercure()`` helper and the ``setCookie()``
method at the same time (it would set the cookie twice on a single request). Choose
either one method or the other.


Programmatically Generating The JWT Used to Publish
---------------------------------------------------

Expand Down Expand Up @@ -734,7 +711,6 @@ Going further
.. _`Symfony Docker`: https://github.com/dunglas/symfony-docker/
.. _`API Platform distribution`: https://api-platform.com/docs/distribution/
.. _`JSON Web Token`: https://tools.ietf.org/html/rfc7519
.. _`example JWT`: https://jwt.io/#debugger-io?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJtZXJjdXJlIjp7InB1Ymxpc2giOlsiKiJdfX0.iHLdpAEjX4BqCsHJEegxRmO-Y6sMxXwNATrQyRNt3GY
.. _`IRI`: https://tools.ietf.org/html/rfc3987
.. _`practical UI`: https://twitter.com/ChromeDevTools/status/562324683194785792
.. _`the dedicated API Platform documentation`: https://api-platform.com/docs/core/mercure/
Expand Down
0