How can I set up mezzio to run a legacy app with user authorization/authentication?

Hi. I am trying to set up mezzio to run a legacy app.

I’ve heard of a legacy middleware approach where I can build my own LegacyMiddleware, place it after the DispatchMiddleware, and any requests that “fall through” past the DispatchMiddleware will engage my LegacyMiddleware. That’s where the legacy app will do its own routing, produce its own response and send it back up up pipeline.

I ran into an issue. I started my app with mezzio-authentication-with-authorization, fitted a legacy middleware as described above, but ran into the following:

LoginPageHandler of auth app has the following line:

$response = $handler->handle($request);

that pushes request further down the pipeline, which always engages my legacy middleware, causing the login process to break down and reach my legacy app middleware prematurely before login is completed.

I want the legacy app to only be engaged when mezzio-defined route is not caught by the DispatchMiddlware. How?

  • Can I set up my legacy app using a different mechanism that will work with the way LoginPageHandler works now?
  • Can I rewire LoginPageHandler.php authentication to not engage the pipeline past DispatchMiddlware?

My goal is to run a legacy app on top of mezzio and have user authentication & authorization. How do I best go from here?

Hi @dennis-fedco

Just seeing this now, if it is still relevant: The authentication middleware would either invoke the next handler with some kind of identity attribute attached to the request for an authenticated user. Or else return a 401 response. See mezzio-authentication/AuthenticationMiddleware.php at 1.4.x · mezzio/mezzio-authentication · GitHub.

Since you basically have two applications, you need to think about how you would like to handle authentication here. Would you like separate authentication services or should Mezzio be responsible?