Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
0 parents
commit 93cee9f
Showing
16 changed files
with
4,281 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
.idea | ||
vendor |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
language: php | ||
php: | ||
- '7.0' | ||
before_script: | ||
- composer install --prefer-source | ||
script: phpunit |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
The MIT License (MIT) | ||
|
||
Copyright (c) 2017 Ben Bjurstrom | ||
|
||
Permission is hereby granted, free of charge, to any person obtaining a copy | ||
of this software and associated documentation files (the "Software"), to deal | ||
in the Software without restriction, including without limitation the rights | ||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | ||
copies of the Software, and to permit persons to whom the Software is | ||
furnished to do so, subject to the following conditions: | ||
|
||
The above copyright notice and this permission notice shall be included in | ||
all copies or substantial portions of the Software. | ||
|
||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | ||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | ||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | ||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | ||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | ||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN | ||
THE SOFTWARE. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,97 @@ | ||
# Laravel Passport Custom JWT Claims | ||
[![Build Status](https://travis-ci.org/benbjurstrom/passport-custom-jwt-claims.svg?branch=master)](https://travis-ci.org/benbjurstrom/passport-custom-jwt-claims) | ||
Customize the JWT claims in [Laravel/Passport](https://github.com/laravel/passport) access tokens | ||
|
||
## What are JWT claims? | ||
All access tokens issued by [Laravel/Passport](https://github.com/laravel/passport) are in fact [JSON web tokens](https://jwt.io/) (JWT). | ||
Each token contains a set of claims consisting of JSON key value pairs. Because the token is cryptographically signed | ||
using a public/private RSA key pair we can trust that the claims contained in the token were issued by Laravel/Passport. | ||
|
||
Here is an example token containing the default Laravel/Passport claims: | ||
```$xslt | ||
eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6IjllNzAxMjhmOTkwZTFlZjI0NGFmMDc0YjQzMzA2YTRmNDViZWFiNjU1MzM5NjE2ODIyOGJmODc2Y2UwMTAwNTIyNGZhMTc5MzdkMGYwMTU3In0.eyJhdWQiOiJjOGUxMDRmMC0wNTYyLTExZTctOTA1Yi0zZDc3ZGY5N2YyZjgiLCJqdGkiOiI5ZTcwMTI4Zjk5MGUxZWYyNDRhZjA3NGI0MzMwNmE0ZjQ1YmVhYjY1NTMzOTYxNjgyMjhiZjg3NmNlMDEwMDUyMjRmYTE3OTM3ZDBmMDE1NyIsImlhdCI6MTQ4OTkwMTc1NSwibmJmIjoxNDg5OTAxNzU1LCJleHAiOjE1MjE0Mzc3NTUsInN1YiI6ImM4ZGY5OWEwLTA1NjItMTFlNy05MDgyLWJmZDdhYTMzMTFlOCIsInNjb3BlcyI6W119.qFGwfeWezJZZaxNIZyPfnnGHkUdAPhHvJ3Nf3NYa8Y5Ba2ubfil21KgzeugY1aDSU93oWLMcUzGkoVblT1U79IlPV6JiGhMA4x7jHB5yJPKZeH-maaB8HKzQ8CoFG0YEAc_60G2ZwCDLv-NhuaxgDOXFc7FaX1qc3U1MpyJixEIjZc0xQ_CuRRVf3Kzx1rTXedJpbqFxTDYGDnKx4HLo5l96t8mdlmiToU6TphYDRAIkQjsTZKP9YRRIahm3cZF56nO9qaqpTpANjhiV4IJqejDki53NkBEqnhDLS4ZPJFK2qLD62Aiw7wBxKhmfNyYQJNxeC6D1PaftFzudbAi7RtQikn0xIgzKl1jmMpgjyGmAPQfnqMlE68rMIw-KqICh2nPQJcr5OO8ZsBMzL5EbjBOjemBHAm2sBViijqaU2-Ig3bwCB_kfKLrtumuUPIDbWV3tTMzBBSdY6P9dnVGJZawYiheU4rAqiru1fWZ8WpdGASrAxfRmiRTqDnRMQ82unbi5MC-f-NJhmhRwFN4QAgmxGm2T4gy0uRdKZ3ER_FDE4MEsKGb0qIkkGtjt77eLBq_jA6GXbVP948lbJAKTJsi3KOR5rMhZSAI-MywTMXWUISn5ZwgCAHfwUofPJNpGqRAkm9l5lcjMVTf2-VYCB7VdREizvg-fidZ9HcYUfSo | ||
``` | ||
|
||
If we decode the token you get the following JWT payload object: | ||
```json | ||
{ | ||
"aud": "c8e104f0-0562-11e7-905b-3d77df97f2f8", | ||
"jti": "9e70128f990e1ef244af074b43306a4f45beab6553396168228bf876ce01005224fa17937d0f0157", | ||
"iat": 1489901755, | ||
"nbf": 1489901755, | ||
"exp": 1521437755, | ||
"sub": "c8df99a0-0562-11e7-9082-bfd7aa3311e8", | ||
"scopes": [] | ||
} | ||
``` | ||
|
||
For reference, the claim `aud` is the Laravel/Passport client_id that issued the token and the key `sub` refers to the | ||
user id in your laravel users table. Note that my client_id and user_id columns are UUID data types. | ||
|
||
## Why would you need custom claims? | ||
The [OpenID Connect](http://openid.net/connect/) protocol requires JWT claims that are not included in Laravel/Passport | ||
access tokens. Adding custom claims allows us to use access tokens issued by Laravel/Passport to authenticate with other services | ||
using OpenID Connect. For example, with this package it is possible to use a Laravel/Passport access token to authenticate a laravel user on a | ||
[Couchbase Sync Gateway](https://developer.couchbase.com/documentation/mobile/1.4/guides/authentication/openid/index.html) | ||
server. | ||
|
||
## Installation | ||
Install the package via composer: | ||
```bash | ||
composer require benbjurstrom/passport-custom-jwt-claims | ||
``` | ||
|
||
Add the service provider to the config/app.php providers array. | ||
|
||
```php | ||
// config/app.php | ||
'providers' => [ | ||
... | ||
BenBjurstrom\JwtClaims\JwtClaimsServiceProvider::class | ||
]; | ||
``` | ||
|
||
Do not include `Laravel\Passport\PassportServiceProvider` in your providers array | ||
as `JwtClaimsServiceProvider` extends from it. | ||
|
||
## Configuration | ||
To set your custom claims you must publish the config file: | ||
|
||
```bash | ||
php artisan vendor:publish --provider="JwtClaimsServiceProvider" | ||
``` | ||
|
||
This is the contents of the published file. Add additional claims as needed. | ||
|
||
```php | ||
return [ | ||
|
||
/* | ||
|-------------------------------------------------------------------------- | ||
| User Claims | ||
|-------------------------------------------------------------------------- | ||
| | ||
| User claims will be loaded from the properties of the auth providers model | ||
| specified in the auth config file. | ||
| | ||
*/ | ||
'user_claims' => [ | ||
'name' => 'name', | ||
'email' => 'email', | ||
], | ||
|
||
/* | ||
|-------------------------------------------------------------------------- | ||
| App claims | ||
|-------------------------------------------------------------------------- | ||
| | ||
| App claims are static and will be given the specified value across all | ||
| tokens issued by the app. | ||
| | ||
*/ | ||
'app_claims' => [ | ||
'iss' => url('') | ||
] | ||
|
||
]; | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
{ | ||
"name": "benbjurstrom/passport-custom-jwt-claims", | ||
"description": "Customize JWT claims in Laravel Passport access tokens", | ||
"type": "laravel", | ||
"keywords": [ | ||
"jwt", | ||
"api", | ||
"laravel", | ||
"passport", | ||
"claims", | ||
"custom", | ||
"openid connect", | ||
"openid", | ||
"oidc" | ||
], | ||
"require": { | ||
"laravel/passport": "^2.0" | ||
}, | ||
"require-dev": { | ||
"phpunit/phpunit": "^5.7", | ||
"orchestra/testbench": "^3.4", | ||
"firebase/php-jwt": "^4.0" | ||
}, | ||
"license": "MIT", | ||
"authors": [ | ||
{ | ||
"name": "Ben Bjurstrom", | ||
"email": "bbjurstrom@gmail.com" | ||
} | ||
], | ||
"autoload": { | ||
"psr-4": { | ||
"BenBjurstrom\\JwtClaims\\": "src/" | ||
} | ||
}, | ||
"autoload-dev": { | ||
"psr-4": { | ||
"BenBjurstrom\\JwtClaims\\Tests\\": "tests" | ||
} | ||
}, | ||
"minimum-stability": "dev", | ||
"prefer-stable": true | ||
} |
Oops, something went wrong.