Skip to content

Tokenization

In most cases, it is not enough to just authenticate the user. It is necessary to obtain the user data: name, email(s), roles, etc. To solve this issue the SingleA project have the Tokenization feature, which makes it possible to generate user tokens.

A user token is a unique string that provides access to user data for a client application. Perhaps, the most popular example of a token can be considered JWT (RFC 7519: JSON Web Token). In this format user data encoded directly in the token content. The SingleA project includes an implementation of the Tokenization feature based on the JWT format. You can read more about it in the JWT bundle section.

JWT is not the only way to transmit user data to the client application. You can create your own implementation of this feature. For example, it can store user data in some storage, shared by the SingleA server and the client application, and use as a token value the key that is used to fetch stored data. Whatever the token generation logic is, you have to implement SingleA\Contracts\Tokenization\TokenizerInterface and particularly the TokenizerInterface::tokenize method, which takes as arguments the user identifier, payload (an array with user data) and client feature config (which contains at least the token TTL and the names of user attributes for the token). As a result, tokenize should return a string that will be used as a user token.

Regardless of the tokenizer implementation, a response with the token will contain an HTTP header Cache-Control: max-age with a value according the token lifetime from the client feature config (if it was specified at registration). This makes it possible to cache the token and avoid excessive load on the SingleA server.

Token TTL

Specify as a token lifetime a sufficiently small value at the client registration according to business logic of your application. The default value is 10 minutes.

SingleA provide the user:logout <identifier> command that allows you to log the user out forcibly, so use the minimal possible value as a token TTL is not always justified. But if user data can be changed between token generation requests (not only on successful authentication; see SingleA\Bundles\Singlea\Event\UserAttributesEvent description in the SingleA bundle section), it makes sense to specify a small value, otherwise the client application will work with outdated data for a long time.