Download the PHP package agungsugiarto/codeigniter4-authentication-jwt without Composer

CodeIgniter4 Authentication JWT

About

JSON Web Token for codeigniter4-authentication. This package is port from tymondesigns/jwt-auth for compability with agungsugiarto/codeigniter4-authentication.

Documentation

Install Via Composer

Copy the config

Copy the config file from vendor/agungsugiarto/codeigniter4-authentication-jwt/src/Config/JWT.php to config folder of your codeigniter4 application and change class extends from BaseConfig to \Fluent\JWTAuth\Config\JWT

Update your User entities

Firstly you need to implement the Fluent\JWTAuth\Contracts\JWTSubjectInterface contract on your User entities, which requires that you implement the 2 methods getJWTIdentifier() and getJWTCustomClaims().

The example below should give you an idea of how this could look. Obviously you should make any changes, as necessary, to suit your own needs.

Adding \Fluent\JWTAuth\JWTGuard::class Guards

We need to define \Fluent\JWTAuth\JWTGuard::class authentication guards using the extend method on the Auth facade or service. You should place your call to the extend method within a service provider. Since codeigniter4-authentication already ships with an AuthServiceProvider, we can place the code in that provider. Open \App\Providers\AuthServiceProvider:

Configure Auth guard

Inside the app/Config/Auth.php file you will need to make a few changes to configure codeigniter4-authentication to use the jwt guard to power your application authentication.

Make the following changes to the file:

Here we are telling the api guard to use the \Fluent\JWTAuth\JWTGuard::class driver, and we are setting the api guard.

Next we need to register this App\Providers\AuthServiceProvider to lifecycle application. Open App\Config\Events add this line:

We can now use codeigniter4-authentication built in Auth system, with codeigniter4-authentication-jwt doing the work behind the scenes!

Add some basic authentication routes

First let's add some routes in app/Config/Routes.php as follows:

Create the AuthController

Then create the JwtauthController, either manually or by running the spark command:

Then add the following:

You should now be able to POST to the login endpoint (e.g. http://example.dev/jwt/login) with some valid credentials and see a response like:

This token can then be used to make authenticated requests to your application.

Authenticated requests

There are a number of ways to send the token via http:

Authorization header

Query string parameter

Post parameter

Cookies

Methods

The following methods are available on the Auth guard instance.

Multiple Guards

If the newly created 'api' guard is not set as a default guard or you have defined multiple guards to handle authentication, you should specify the guard when calling auth().

attempt()

Attempt to authenticate a user via some credentials.

This will return either a jwt or boolean

login()

Log a user in and return a jwt for them.

user()

Get the currently authenticated user.

If the user is not then authenticated, then null will be returned.

userOrFail()

Get the currently authenticated user or throw an exception.

If the user is not set, then a Fluent\JWTAuth\Exceptions\UserNotDefinedException will be thrown

logout()

Log the user out - which will invalidate the current token and unset the authenticated user.

refresh()

Refresh a token, which invalidates the current one

invalidate()

Invalidate the token (add it to the blacklist)

tokenById()

Get a token based on a given user's id.

payload()

Get the raw JWT payload

validate()

Validate a user's credentials

More advanced usage

Adding custom claims

Set the token explicitly

Set the request instance explicitly

Override the token ttl

Contributing

Contributions are very welcome.

License

Released under the MIT License, see LICENSE.