Download the PHP package abublihi/laravel-external-jwt-guard without Composer

On this page you can find all versions of the php package abublihi/laravel-external-jwt-guard. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Example code of abublihi/laravel-external-jwt-guard

Informations about the package laravel-external-jwt-guard

Laravel External JWT Guard

Latest Version on Packagist Total Downloads Tests

This package provides a simple custom authentication guard for Laravel using an external JWT provided by an OAuth server or Any type of SSO that uses a JWT. Below a figure describe the flow.

Installation

You can install the package via composer:

publish the configuration file externaljwtguard.php

Usage

The package is very simple but also powerful when it comes to customization, After installation and publishing of the configurations you should first configure your default authorization server,

NOTE: The package allow you to add multiple authorization servers but for mostly use cases you only need one authorization server.

Configure your Authorization server

please head to configuration file config/externaljwtguard.php, the configurations is separated in three main Sections:

Identification settings

First will go over the configuration of Identification settings, as the name denotes, the Identification settings is the configurations that allows the package to identify the user by using the JWT claims.

NOTE: please make sure these are configured well.

Name Description Required?
id_claim the claim provided in The JWT by your SSO that identifies the user, for example UUID or Email it should be Unique Yes
roles_claim the claim where your SSO put the Roles of the user No
id_attribute the attribute in your system of the package can match by the id_claim Yes

NOTE: id_attribute is in your system, the package use it to identify the authenticated user for example if you have configured the guard to a provider that is configured to a User model the package will look for the id_attribute and match it with the id_claim from the JWT

Creation setting (optional)

The creation setting is used to configure how will create a user if not exists in the system, you can disable this feature and we encourage disabling it.

Name Description Required?
create_user boolean (to disable or enable the creation of the user if not exists) No
create_user_action_class An action class for creation of a user (default: null) No, yes if create_user=true

NOTE: You have to make your own action to create the user that should implement the interface Abublihi\LaravelExternalJwtGuard\Interfaces\CreateUserActionInterface

Validation settings

Name Description Required?
issuer the issuer of the JWT No, yes if validate_issuer=true
validate_issuer boolean (validate the issuer or not) No
public_key the public key of your authorization server Yes
signing_algorithm the signing algorithm of your authorization server Yes

Guard Configuration

After we have configured our Authorization server next we have to configure the our guard in config/auth.php

in the Guards you can add/modify the guards where you want to use JWT as authentication guard by setting the driver to external-jwt-auth . We have a custom attribute which is auth_server_key that indcates the authroization server key, it's by default set to default .

Test your configuration

Add a route in for example routes/api.php

JWT role middleware

The package also comes with a role middleware that checks the roles of the JWT (User), you should configure it right first by using the config file roles_claim to the right roles claim which should be an array of roles. to use the middleware you have two options:

  1. define an alias in app/Http/Kernel.php
  2. use it directly without an alias

Defining the middleware Alias in the kernel

Go to app/Http/Kernel.php and add the following line

NOTE: The name of the alias could be any thing

Using the middleware in the routes

You can specify multiple roles with a | (pipe) character, which is treated as OR

Using the Middleware directly without defining it on the kernel

You can specify multiple roles with a | (pipe) character, which is treated as OR

Example JWT with roles claim

Testing

ActingAs Functionality

This package provide actingAs function which help you to test you routes that are protected by the external-jwt-auth guard, To use it simply use the \Abublihi\LaravelExternalJwtGuard\Traits\ActingAs trait in your test, then call actingAsExternalJwt function, this will generate a configiruation (private and public key) and a vaild token then add it to the request headers using $this->withHeader(..)

if you want to generate a token with some custom claims or as invaild or as expired, you can pass an instance of Abublihi\LaravelExternalJwtGuard\Support\FakeTokenIssuer to actingAsExternalJwt

if you want to generate a token which is invaild or expired for example you can pass an instance of Abublihi\LaravelExternalJwtGuard\Support\FakeTokenIssuer to actingAsExternalJwt

The generated code and configuration will be set to the default authorization server, you can change it by passing the authorization server key to the second param.

Testin the package

Changelog

Please see CHANGELOG for more information what has changed recently.

Contributing

Please see CONTRIBUTING for details.

Security

If you discover any security related issues, please email [email protected] instead of using the issue tracker.

Credits

License

The MIT License (MIT). Please see License File for more information.

All versions of laravel-external-jwt-guard with dependencies

PHP Build Version
Package Version
Requires php Version ^8.0
illuminate/support Version ^8.0|^9.0|^10.0|^11.0
lcobucci/clock Version ^2.0|^3.0
lcobucci/jwt Version ^4.2|^5.0
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package abublihi/laravel-external-jwt-guard contains the following files

Loading the files please wait ....