A CakePHP 3 plugin for authenticating using Auth0's PHP SDK
Plugin containing AuthComponent's authenticate class for authenticating using the Auth0 PHP SDK and JSON Web Tokens.
composer require daou/cakephp-auth0-jwt-auth
In your app's config/bootstrap.php
add:
// In config/bootstrap.php
Plugin::load('Daou/Auth0JwtAuth');
or using cake's console:
./bin/cake plugin load Daou/Auth0JwtAuth
Setup AuthComponent
:
// In your controller, for e.g. src/Api/AppController.php
public function initialize()
{
parent::initialize();
$this->loadComponent('Auth', [
'storage' => 'Memory',
'authenticate' => [
'Daou/Auth0JwtAuth.Auth0' => [
'fields' => [
'username' => 'auth0id'
]
'auth0ClientSecret' => '__CLIENT_SECRET__', // only for HS256
'auth0Audience' => '__API_AUDIENCE__',
'auth0Domain' => '__DOMAIN__'
]
],
'unauthorizedRedirect' => false,
'loginAction' => false
]);
}
The authentication class checks for the token in the HTTP_AUTHORIZATION
environment variable:
It checks if token is passed using Authorization
request header.
The value should be of form Bearer <token>
.
Some servers don't populate $_SERVER['HTTP_AUTHORIZATION']
when
Authorization
header is set. So it's up to you to ensure that either
$_SERVER['HTTP_AUTHORIZATION']
or $_ENV['HTTP_AUTHORIZATION']
is set.
For e.g. for apache you could use the following:
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
Please see Admad's CakePHP JWT Authenticate plugin if you are interested in JWT without Auth0 here.
MIT. See LICENSE.