Nginx has a bunch of custom https status codes that it uses internally to signal issues. One such status code is 497: the client made an http request on an https listener. These custom status codes can be used in combination with an error_page directive which can be used to redirect. This will send a… Continue reading Redirecting HTTP Requests on an HTTPS Listener in Nginx (Status Code 497)
Symfony's security configuration for logout functionality in a firewall has a few handler keys that are worth digging into: Logout Handlers These are defined in the handlers key of the configuration above and the classes behind the listed services must implement LogoutHandlerInterface. Logout handlers should perform actions related to logging the user out. For example,… Continue reading Symfony Logout Handlers vs Logout Success Handlers
Symfony has some great documentation on adding custom security authentication providers, but there is a similarly mature system for user providers. While there is support for custom user providers already which are defined as services within an application, I was looking for a way to provide something similar to the way memory user providers work:… Continue reading Custom User Provider Factories for the Symfony Security Bundle
Single Parenting is Hard My spouse was out of town last weekend, and I had our two kids alone for three nights and three days. It was rough. I can't imagine doing it all the time. Keep Authentication Tokens in Memory This is cheating a bit as I learned it over several weeks while building… Continue reading 2019-08-02 What I Learned This Week
There are broad scenarios in which a single page app (SPA) needs to handle authentication: The SPA is using an API custom built for the app itself -- the API being used is not public in any other way The SPA is using an API built for public consumption -- one with a full fledged… Continue reading Handling Authentication Tokens in Single Page Apps
This week I had to create a custom league/oauth2-client provider to talk to an private OAuth 2 server (also courtesy of The PHP League). Most of this is pretty routine. Implement some getters that are used in a few template methods. Most of those getters are public and easy to test, but a few of… Continue reading Testing Custom League OAuth2 Client Providers
I skipped this last week because I was on staycation, so cheating a bit here and doing two weeks. Attention to Detail and Perseverence Two weeks ago I did a major home improvement project: replace a bunch of cedar shingles and had to repair some rotting board underneath. I do not consider myself handy, but… Continue reading 2019-07-19 What I Learned This Week
