Download the PHP package cube43/slim-jwt-auth without Composer
On this page you can find all versions of the php package cube43/slim-jwt-auth. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download cube43/slim-jwt-auth
More information about cube43/slim-jwt-auth
Files in cube43/slim-jwt-auth
Package slim-jwt-auth
Short Description PSR-7 and PSR-15 JWT Authentication Middleware
License MIT
Homepage https://github.com/tuupola/slim-jwt-auth
Informations about the package slim-jwt-auth
Slim JWT Auth
PSR-7 and PSR-15 Middleware for JWT Authentication. This is a strict-typed, modern rewrite of the popular JWT middleware, designed for Slim Framework and other PSR-15 compliant frameworks.
Installation
Install via Composer:
Usage
This library splits the JWT logic into two separate middlewares to provide better flexibility:
JwtAuthentication: Parses and validates the token. If valid, it attaches the decoded token to the request tokenAttributeNames. It does not block the request if the token is missing (it acts as a hydrator).JwtAuthentificationFirewall: Checks if the request requires authentication (based on rules). If it does, and no valid token was found by the previous middleware, it returns a 401 Unauthorized response.
Complete Example
Here is a complete example setup for Slim 4, including custom handlers and rules:
Important: In Slim, middleware is executed Last-In-First-Out. You must ensure
JwtAuthenticationruns beforeJwtAuthentificationFirewallso the token is available when the firewall checks for it.
Configuration Options
The JwtAuthenticationOption class uses a fluent interface for configuration.
Token Extraction
You define how the token is extracted when creating the JwtAuthentication middleware. You can pass multiple extractors.
Firewall Rules
To define which requests require authentication, pass RuleInterface implementations to the JwtAuthentificationFirewall constructor.
Path Rule
Restrict authentication to specific paths, or ignore specific paths.
Method Rule
Ignore specific HTTP methods (e.g., OPTIONS).
Handlers
You can customize behavior using handlers.
Before Handler
Modify the request after the token is decoded but before the next middleware.
After Handler
Modify the response before returning it.
Unauthorized Handler
Customize the response when authentication fails (used by the Firewall).
Security
By default, the middleware throws a RuntimeException if you attempt to use it over HTTP (insecure). To allow HTTP for development, use withAllowedInsecureHosts:
All versions of slim-jwt-auth with dependencies
lcobucci/jwt Version ^5.1
psr/http-message Version ^1.1 || ^2.0
psr/http-server-middleware Version ^1.0.2
psr/log Version ^1.0|^2.0|^3.0