This package provides token based authentication for Neos Flow projects. It allows both sessionless and session-based authentication to be used.
Run:
composer require flownative/token-authentication
Run:
./flow hashtoken:createhashtoken --roleNames Neos.Neos:Editor
Provide the token in your requests
- as request argument
_authenticationHashToken=<myToken>or - as
Authorizationheader with the valueBearer <myToken>.
The configuration is done as usual in the Configuration/Settings.yaml file.
Neos:
Flow:
security:
authentication:
providers:
'Acme.Com:TokenAuthenticator':
provider: Flownative\TokenAuthentication\Security\HashTokenProvider
requestPatterns:
'Acme.Com:Controllers':
pattern: ControllerObjectName
patternOptions:
controllerObjectNamePattern: 'Acme\Com\Controller\.*'By default the package uses a sessionless token. If you want to use a
session-based token, set the token option in the provider configuration:
providers:
'Acme.Com:TokenAuthenticator':
provider: Flownative\TokenAuthentication\Security\HashTokenProvider
token: Flownative\TokenAuthentication\Security\SessionStartingHashToken