JSON Web Token Authentication for your OctoberCMS API integrated with RainLab.User
This plugin provides token based authentication to your application. Is based on the awesome package JSON Web Token Authentication for Laravel & Lumen by Sean Tymon.
RainLab.User plugin
-
[NOT REQUIRED ANY MORE] After plugin installation you need to copy /plugins/vdomah/jwtauth/config/auth.php to {root}/config/auth.php. If you want to change parameters values of auth.php you can use environment variables in .env (see "Environment options" section). {root}/config/auth.php is still supported and got priority highest then /plugins/vdomah/jwtauth/config/auth.php.
-
Generate JWT Authentication Secret. It will be used to sign your tokens. You got 2 options:
- generate using command line:
You need to assign the generated value to JWT_SECRET in your .env.
php artisan jwt:generate - go to Backend > Settings > JWTauth settings and click Generate Secret Key and save. This value has the highest priority and will override JWT_SECRET value from .env.
- generate using command line:
The plugin provides 4 endpoints:
-
/api/login
Makes attempt to authenticate and returns token if succeeded. Also the basic user info is included in the response. By defult expects 2 parameters to receive: email and password.
-
/api/signup
Tries to create a user and returns token if succeeded. The user info is included in the response. By default expects 3 parameters to receive: email, password and password_confirmation.
-
/api/refresh
Tries to refresh the token and return the new token. By default expects 1 parameter: token.
-
/api/invalidate
Tries to invalidate the given token - this can be used as an extra precaution to log the user out. By default expects 1 parameter: token.
You're free to define any of this option in your project root .env.
| Variable | Default |
|---|---|
| JWT_SECRET | |
| JWT_TTL | 60 |
| JWT_REFRESH_TTL | 20160 |
| JWT_ALGO | HS256 |
| JWT_USER_CLASS | RainLab\User\Models\User |
| JWT_IDENTIFIER | id |
| JWT_BLACKLIST_ENABLED | true |
| JWT_PROVIDERS_USER | Tymon\JWTAuth\Providers\User\EloquentUserAdapter |
| JWT_PROVIDERS_JWT | Tymon\JWTAuth\Providers\JWT\NamshiAdapter |
| JWT_PROVIDERS_AUTH | Tymon\JWTAuth\Providers\Auth\IlluminateAuthAdapter |
| JWT_PROVIDERS_STORAGE | Tymon\JWTAuth\Providers\Storage\IlluminateCacheAdapter |
| Variable | Default |
|---|---|
| AUTH_DEFAULT_GUARD | web |
| AUTH_DEFAULT_PASSWORDS | users |
| AUTH_GUARDS_WEB_DRIVER | session |
| AUTH_GUARDS_WEB_PROVIDER | users |
| AUTH_GUARDS_API_DRIVER | token |
| AUTH_GUARDS_API_PROVIDER | users |
| AUTH_PROVIDERS_USERS_DRIVER | eloquent |
| AUTH_PROVIDERS_USERS_MODEL | \RainLab\User\Models\User |
| AUTH_PASSWORDS_USERS_PROVIDER | users |
| AUTH_PASSWORDS_USERS_EMAIL | auth.emails.password |
| AUTH_PASSWORDS_USERS_TABLE | password_resets |
| AUTH_PASSWORDS_USERS_EXPIRE | 60 |
Simply add ->middleware('\Tymon\JWTAuth\Middleware\GetUserFromToken') to the end of the route in the plugin's routes.php
eg:
Route::post('test', function (\Request $request) {
return response()->json(('The test was successful'));
})->middleware('\Tymon\JWTAuth\Middleware\GetUserFromToken');
Then when making the request set the header "Authorization" to "Bearer {yourToken}"
For sign up and sign in add corresponding methods getAuthApiSignupAttributes or/and getAuthApiSigninAttributes to User model by extending it in your plugin's boot method:
User::extend(function($model) {
$model->addDynamicMethod('getAuthApiSignupAttributes', function () use ($model) {
return [
'my-attr' => $model->my_attr,
];
});
});