Skip to content
/ cakephp-jwt-auth Public
forked from ADmad/cakephp-jwt-auth

A CakePHP 3.x plugin for authenticating using JSON Web Tokens

License

MIT license
0 stars 43 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

jadb/cakephp-jwt-auth

BranchesTags
 
 

Repository files navigation

CakePHP JWT Authenticate plugin

Build Status Coverage Total Downloads License

Plugin containing AuthComponent's authenticate class for authenticating using JSON Web Tokens. You can read about JSON Web Token specification in detail here.

Requirements

  • CakePHP 3.0+

Installation

composer require admad/cakephp-jwt-auth:1.0.x-dev

Usage

In your app's config/bootstrap.php add:

// In config/bootstrap.php
Plugin::load('ADmad/JwtAuth');

or using cake's console:

./bin/cake plugin load ADmad/JwtAuth

Configuration:

Setup AuthComponent:

    // In your controller, for e.g. src/Api/AppController.php
    public function initialize()
    {
        parent::initialize();
        
        $this->loadComponent('Auth', [
            'authenticate', [
                'ADmad/JwtAuth.Jwt' => [
                    'parameter' => '_token',
                    'userModel' => 'Users',
                    'scope' => ['Users.active' => 1],
                    'fields' => [
                        'id' => 'id'
                    ]
                ]
            ],
            'unauthorizedRedirect' => false,
            // Config below is available since CakePHP 3.1.
            // It makes user info available in controller's beforeFilter() which is not possible in CakePHP 3.0.
            'checkAuthIn' => 'Controller.initialize',
        ]);
    }

Working

The authentication class checks for the token in two locations:

  • HTTP_AUTHORIZATION environment variable:

    It first checks if token is passed using Authorization request header. The value should be of form Bearer <token>.

  • The query string variable specified using parameter config:

    Next it checks if the token is present in query string. The default variable name is _token and can be customzied by using the parameter config shown above.

The payload of the token should either have key id or record. If id key exists it's value will be used to query against the primary key field of users table.

If record key exists it's value will be returned as user record. No check will be done against the database.

Additional Info

AuthComponent performs it's authentication routine for stateless auth after your controller's beforeFilter() has run. So trying to get user info using $this->Auth->user() in beforeFilter() will always return null.

As of CakPHP 3.1 though you can set a new config option checkAuthIn to Controller.initialize which makes AuthComponent do the authentication routine before controller's beforeFilter() is called.

Further reading

For an end to end usage example check out this blog post by Bravo Kernel.

About

A CakePHP 3.x plugin for authenticating using JSON Web Tokens

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • PHP 100.0%