Skip to content

JWTAuth plugin for October CMS wich provides token based authentication

License

Notifications You must be signed in to change notification settings

PubliAlex/oc-jwtauth

 
 

Repository files navigation

JWT Auth API

JSON Web Token Authentication for your OctoberCMS API integrated with RainLab.User

This plugin provides token based authentication to your application. Is based on the awesome package JSON Web Token Authentication for Laravel & Lumen by Sean Tymon.

Requirements

RainLab.User plugin

Installation

  1. [NOT REQUIRED ANY MORE] After plugin installation you need to copy /plugins/vdomah/jwtauth/config/auth.php to {root}/config/auth.php. If you want to change parameters values of auth.php you can use environment variables in .env (see "Environment options" section). {root}/config/auth.php is still supported and got priority highest then /plugins/vdomah/jwtauth/config/auth.php.

  2. Generate JWT Authentication Secret. It will be used to sign your tokens. You got 2 options:

    • generate using command line:
      php artisan jwt:generate
      
      You need to assign the generated value to JWT_SECRET in your .env.
    • go to Backend > Settings > JWTauth settings and click Generate Secret Key and save. This value has the highest priority and will override JWT_SECRET value from .env.

Endpoints

The plugin provides 4 endpoints:

  • /api/login

    Makes attempt to authenticate and returns token if succeeded. Also the basic user info is included in the response. By defult expects 2 parameters to receive: email and password.

  • /api/signup

    Tries to create a user and returns token if succeeded. The user info is included in the response. By default expects 3 parameters to receive: email, password and password_confirmation.

  • /api/refresh

    Tries to refresh the token and return the new token. By default expects 1 parameter: token.

  • /api/invalidate

    Tries to invalidate the given token - this can be used as an extra precaution to log the user out. By default expects 1 parameter: token.

Environment options

You're free to define any of this option in your project root .env.

JWT config

Variable Default
JWT_SECRET
JWT_TTL 60
JWT_REFRESH_TTL 20160
JWT_ALGO HS256
JWT_USER_CLASS RainLab\User\Models\User
JWT_IDENTIFIER id
JWT_BLACKLIST_ENABLED true
JWT_PROVIDERS_USER Tymon\JWTAuth\Providers\User\EloquentUserAdapter
JWT_PROVIDERS_JWT Tymon\JWTAuth\Providers\JWT\NamshiAdapter
JWT_PROVIDERS_AUTH Tymon\JWTAuth\Providers\Auth\IlluminateAuthAdapter
JWT_PROVIDERS_STORAGE Tymon\JWTAuth\Providers\Storage\IlluminateCacheAdapter

Laravel auth config

Variable Default
AUTH_DEFAULT_GUARD web
AUTH_DEFAULT_PASSWORDS users
AUTH_GUARDS_WEB_DRIVER session
AUTH_GUARDS_WEB_PROVIDER users
AUTH_GUARDS_API_DRIVER token
AUTH_GUARDS_API_PROVIDER users
AUTH_PROVIDERS_USERS_DRIVER eloquent
AUTH_PROVIDERS_USERS_MODEL \RainLab\User\Models\User
AUTH_PASSWORDS_USERS_PROVIDER users
AUTH_PASSWORDS_USERS_EMAIL auth.emails.password
AUTH_PASSWORDS_USERS_TABLE password_resets
AUTH_PASSWORDS_USERS_EXPIRE 60

Extending

How to use this in another plugin?

Simply add ->middleware('\Tymon\JWTAuth\Middleware\GetUserFromToken') to the end of the route in the plugin's routes.php

eg:

Route::post('test', function (\Request $request) {
   return response()->json(('The test was successful'));
})->middleware('\Tymon\JWTAuth\Middleware\GetUserFromToken');

Then when making the request set the header "Authorization" to "Bearer {yourToken}"

How to define own set of user attributes in response?

For sign up and sign in add corresponding methods getAuthApiSignupAttributes or/and getAuthApiSigninAttributes to User model by extending it in your plugin's boot method:

    User::extend(function($model) {
        $model->addDynamicMethod('getAuthApiSignupAttributes', function () use ($model) {
            return [
                'my-attr' => $model->my_attr,
            ];
        });
    });

About

JWTAuth plugin for October CMS wich provides token based authentication

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • PHP 96.2%
  • HTML 3.8%