Download the PHP package kongka/cakephp-3-jwt-auth without Composer
On this page you can find all versions of the php package kongka/cakephp-3-jwt-auth. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download kongka/cakephp-3-jwt-auth
More information about kongka/cakephp-3-jwt-auth
Files in kongka/cakephp-3-jwt-auth
Package cakephp-3-jwt-auth
Short Description CakePHP plugin for authenticating using JSON Web Tokens fork from admad/cakephp-jwt-auth
License MIT
Homepage http://github.com/kongka/cakephp-3-jwt-auth
Informations about the package cakephp-3-jwt-auth
CakePHP JWT Authenticate plugin
Plugin containing AuthComponent's authenticate class for authenticating using JSON Web Tokens. You can read about JSON Web Token specification in detail here.
Installation
Usage
In your app's config/bootstrap.php
add:
or using cake's console:
Configuration:
Setup AuthComponent
:
Working
The authentication class checks for the token in two locations:
-
HTTP_AUTHORIZATION
environment variable:It first checks if token is passed using
Authorization
request header. The value should be of formBearer <token>
. TheAuthorization
header name and token prefixBearer
can be customized using optionsheader
andprefix
respectively. -
The query string variable specified using
parameter
config:Next it checks if the token is present in query string. The default variable name is
token
and can be customzied by using theparameter
config shown above.
Known Issue
Some servers don't populate $_SERVER['HTTP_AUTHORIZATION']
when
Authorization
header is set. So it's up to you to ensure that either
$_SERVER['HTTP_AUTHORIZATION']
or $_ENV['HTTP_AUTHORIZATION']
is set.
For e.g. for apache you could use the following:
or
Token Generation
You can use \Firebase\JWT\JWT::encode()
of the firebase/php-jwt
lib, which this plugin depends on, to generate tokens.
The payload should have the "sub" (subject) claim whose value is used to query the Users model and find record matching the "id" field.
You can set the queryDatasource
option to false
to directly return the token's
payload as user info without querying datasource for matching user record.
Further reading
For an end to end usage example check out this blog post by Bravo Kernel.