A beginner’s guide on JWT authentication Symfony 5 API based

I’m sure all of us learned that the best way to deal with authentication in Symfony is by using FOS, but as far it goes we can no longer take value out of that bundle since it’s no longer supported or updated

So if you found a hard way creating your own JWT authentication Api on Symfony 5, I will be covering step by step how to create your own using the JWT bundle only as an external help

1-Initialize the project

First, we need to create our Symfony 5 project with help of Symfony commands

This will create an API Based Symfony project that the structure looks similar to this:

bin: contains Symfony command console

config: contains all bundle configurations and a list of bundles in the bundle.php

public: provides access to the application via index.php

src: contains all controllers, models, and services

var: contains system logs and cache files

vendor: contains all installed external packages

2-Installing needed packages

In this section we will install all needed packages to reach our goal:

Now, we have to create a folder called JWT under the config folder that will contain our private and public keys

mkdir config/jwt

openssl genrsa -out config/jwt/private.pem -aes256 4096

openssl rsa -pubout -in config/jwt/private.pem -out config/jwt/public.pem

3-Coding part

Now the part that actually matters the most and what we can code to make what we want.

The object is to create two API one to register a user and the second to send user credentials and receive our JWT token in the process so we will start by creating a User entity first

Make sure to add in whatever fields you need but for the sake of this guide, I am gonna keep it short by creating just the basics.

For this step is up to you to add it or not but I find it a good way to up your coding level a bit by using a separate controller that handles your JSON response plus success/error code.

This controller basically contains useful methods for your custom controllers that you will be creating along with your project.

For the actual Controller that will be handling our register method and our login check

  • getTokenUSer: This is the method that will be responsible for checking and returning your JWT token if the user exists in your database and all the credentials are correct
  • register: This method will allow you to add in users by providing a username, email, and password in the JSON body of that request


The last step before it’s all working is to fill in the configuration part in each file with the right lines

First is the security file

  • providers: This will contain our provider for login mechanism, which will be our User entity + which property to use. I chose username but feel free to change to an email for example
  • firewalls: This is where will be having our two routes register and login_check make sure to keep them on top of the main or else Symfony main firewall will block their access without proving JWT token
  • access_control: is where you restrict/give access based on the user role

With all of this in place, it’s good to go for testing!!

  • Register case test
  • Login successful case
  • Login unsuccessful case

To your keyboards and happy coding for you all!

You can find all of this in this link

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store