From dde274b4d042bd80756191dd3d58a1887b554ae9 Mon Sep 17 00:00:00 2001 From: Vidar Langseid Date: Fri, 4 Jul 2025 12:09:02 +0200 Subject: [PATCH 1/2] Added instructions on how to generate key pair for JWT authentication --- .../security/development_security.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/docs/infrastructure_and_maintenance/security/development_security.md b/docs/infrastructure_and_maintenance/security/development_security.md index e328bb94fe..5c5a588a9e 100644 --- a/docs/infrastructure_and_maintenance/security/development_security.md +++ b/docs/infrastructure_and_maintenance/security/development_security.md @@ -145,3 +145,18 @@ security: entry_point: lexik_jwt_authentication.jwt_token_authenticator stateless: true ``` + +In order for the application to be able to generate JWT tokens, a [PEM encoded keyset needs to be generated](https://symfony.com/bundles/LexikJWTAuthenticationBundle/current/index.html#generate-the-ssl-keys) using the command: + +```bash +php bin/console lexik:jwt:generate-keypair +``` + +The generated key pair will be stored in `config/jwt` + +!!! note "[[= product_name_cloud =]]" + + In order to be able to store generate and store the tokens on [[= product_name_cloud =]], you must define `config/jwt` + as a volume in `.platform.app.yaml`. If you have a 3-node-cluster setup, you must ensure the key pair is the same on all + 3 servers. Either use a network share for this, or use local mount manually copy the same keu pair + to all servers From 0ac6df8fa1bb2cc640334b40cf71ff0f8a02a045 Mon Sep 17 00:00:00 2001 From: Vidar Langseid Date: Thu, 31 Jul 2025 12:04:14 +0200 Subject: [PATCH 2/2] Apply suggestions from code review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Marek NocoĊ„ --- .../security/development_security.md | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/docs/infrastructure_and_maintenance/security/development_security.md b/docs/infrastructure_and_maintenance/security/development_security.md index 5c5a588a9e..d4f12df25e 100644 --- a/docs/infrastructure_and_maintenance/security/development_security.md +++ b/docs/infrastructure_and_maintenance/security/development_security.md @@ -146,17 +146,16 @@ security: stateless: true ``` -In order for the application to be able to generate JWT tokens, a [PEM encoded keyset needs to be generated](https://symfony.com/bundles/LexikJWTAuthenticationBundle/current/index.html#generate-the-ssl-keys) using the command: +Finish the setup by generating a [PEM encoded key pair](https://symfony.com/bundles/LexikJWTAuthenticationBundle/2.x/index.html#generate-the-ssl-keys) by using the command: ```bash php bin/console lexik:jwt:generate-keypair ``` -The generated key pair will be stored in `config/jwt` +The generated key pair will be stored in the `config/jwt`directory. !!! note "[[= product_name_cloud =]]" - In order to be able to store generate and store the tokens on [[= product_name_cloud =]], you must define `config/jwt` - as a volume in `.platform.app.yaml`. If you have a 3-node-cluster setup, you must ensure the key pair is the same on all - 3 servers. Either use a network share for this, or use local mount manually copy the same keu pair - to all servers + To generate and store the tokens on [[= product_name_cloud =]], define the `config/jwt` directory as a volume in the `.platform.app.yaml` file. + In 3-node cluster setups, ensure that the key pair is the same on all 3 servers. + You can use a network share, or use a local mount and manually copy the key pair between the servers.