'Converting stateful Symfony 3.4 app to Stateless using external JWT service

We have a large stateful Symfony 3.4 web app that stores sessions to the database. We are looking to gradually move to microservices and we have started by creating an external authentication service in node.js

Part of the optimisation is to remove the user authentication/authorisation from the session in the Symfony app, and initially store the user authentication on the client browser using the JWT stored in a cookie on the client, with a view to potentially storing the user roles/authorisation in the JWT.

There seem to be a number of articles against implementation of JWT for this, and that we are susceptible to CSRF attacks etc, but these articles seem to be old and there are other guides insisting it is safe.

Are there alternatives to using JWT to achieve a stateless approach using Symfony, but still passing through Roles and other data?

symfonyjwtstatelessstateful


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

Could not find the entrypoints file from Webpack: the file ".../public/build/entrypoints.json" does not exist

Command composer require symfony/apache-pack doesn't create .htaccess file

How to avoid terminal to catch error instead of Symfony profiler

Can't create a new Symfony project

Symfony post request body parameters?

Symfony HttpFoundation UploadedFile "not uploaded due to unknown error" when using Doctrine DataFixtures

Symfony 4 do not build in Production: Attempted to load class "WebProfilerBundle" from namespace

How to create tests w/Doctrine entities without persisting them (how to set id)

A circular reference has been detected when serializing the object of class "App\Entity\User" (configured limit: 1)

The method name must start with either findBy or findOneBy. Undefined method Symfony?

Symfony 6 - lexik JWT - Authenticator does not support the request

insert ignore on duplicate entries in Doctrine2/Symfony2

Apply session id from request header

How to minify Symfony / Twig generated HTML code to satisfy Google PageSpeed Insight?

Symfony-Twig: insert fontawesome icon in a form_widget