Skip to content

Added instructions on how to generate PEM keypair, needed by JWT authentication #2812

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: 4.6
Choose a base branch
from
Open

Added instructions on how to generate PEM keypair, needed by JWT authentication #2812

wants to merge 1 commit into from

Conversation

vidarl
Copy link
Contributor

@vidarl vidarl commented Jul 4, 2025

Question Answer
JIRA Ticket N/A
Versions 4.6
Edition Content/Headless, Experience, Commerce

The current instructions are incomplete, ref https://symfony.com/bundles/LexikJWTAuthenticationBundle/current/index.html#generate-the-ssl-keys

Checklist

  • Text renders correctly
  • Text has been checked with vale
  • Description metadata is up to date
  • Redirects cover removed/moved pages
  • Code samples are working
  • PHP code samples have been fixed with PHP CS fixer
  • Added link to this PR in relevant JIRA ticket or code PR

@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 4, 2025

Preview of modified files

Preview of modified Markdown:

@vidarl vidarl changed the title Added instructions on how to generate PEM generate keypair, needed by JWT authentication Added instructions on how to generate PEM keypair, needed by JWT authentication Jul 7, 2025
mnocon
mnocon reviewed Jul 9, 2025
View reviewed changes
Copy link
Contributor

@mnocon mnocon left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(please disregard, the review was sent too quickly)

mnocon
mnocon reviewed Jul 9, 2025
View reviewed changes
Copy link
Contributor

@mnocon mnocon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a couple of small suggestions, thank you Vidar for creating this PR!

docs/infrastructure_and_maintenance/security/development_security.md
php bin/console lexik:jwt:generate-keypair
```

The generated key pair will be stored in `config/jwt`
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
The generated key pair will be stored in `config/jwt`
The generated key pair will be stored in the `config/jwt`directory.

docs/infrastructure_and_maintenance/security/development_security.md
Comment on lines +159 to +162
In order to be able to store generate and store the tokens on [[= product_name_cloud =]], you must define `config/jwt`
as a volume in `.platform.app.yaml`. If you have a 3-node-cluster setup, you must ensure the key pair is the same on all
3 servers. Either use a network share for this, or use local mount manually copy the same keu pair
to all servers
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
In order to be able to store generate and store the tokens on [[= product_name_cloud =]], you must define `config/jwt`
as a volume in `.platform.app.yaml`. If you have a 3-node-cluster setup, you must ensure the key pair is the same on all
3 servers. Either use a network share for this, or use local mount manually copy the same keu pair
to all servers
To generate and store the tokens on [[= product_name_cloud =]], define the `config/jwt` directory as a volume in the `.platform.app.yaml` file.
In 3-node cluster setups, ensure that the key pair is the same on all 3 servers.
You can use a network share, or use a local mount and manually copy the key pair between the servers.

docs/infrastructure_and_maintenance/security/development_security.md
@@ -145,3 +145,18 @@ security:
entry_point: lexik_jwt_authentication.jwt_token_authenticator
stateless: true
```

In order for the application to be able to generate JWT tokens, a [PEM encoded keyset needs to be generated](https://symfony.com/bundles/LexikJWTAuthenticationBundle/current/index.html#generate-the-ssl-keys) using the command:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
In order for the application to be able to generate JWT tokens, a [PEM encoded keyset needs to be generated](https://symfony.com/bundles/LexikJWTAuthenticationBundle/current/index.html#generate-the-ssl-keys) using the command:
Finish the setup by generating a [PEM encoded key pair](https://symfony.com/bundles/LexikJWTAuthenticationBundle/2.x/index.html#generate-the-ssl-keys) by using the command:
  1. I'd use key pair consistently, imho no need to introduce "keyset" kere
  2. Let's use the 2.x link for the 4.6 version (I will change it when upmerging)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mnocon mnocon mnocon left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@vidarl @mnocon