Download the PHP package quankim/cakephp-jwt-auth without Composer
On this page you can find all versions of the php package quankim/cakephp-jwt-auth. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download quankim/cakephp-jwt-auth
More information about quankim/cakephp-jwt-auth
Files in quankim/cakephp-jwt-auth
Package cakephp-jwt-auth
Short Description QuanKim/JwtAuth plugin for CakePHP 3
License
Informations about the package cakephp-jwt-auth
QuanKim/JwtAuth custom plugin for CakePHP
Installation
You can install this plugin into your CakePHP application using composer.
The recommended way to install composer packages is:
Usage
In your app's config/bootstrap.php
add:
or using cake's console:
Migrate AuthToken table:
Configuration:
Setup AuthComponent
:
Setup Config/app.php
Add in bottom of file:
Working
The authentication class checks for the token in two locations:
-
HTTP_AUTHORIZATION
environment variable:It first checks if token is passed using
Authorization
request header. The value should be of formBearer <token>
. TheAuthorization
header name and token prefixBearer
can be customzied using optionsheader
andprefix
respectively.Note: Some servers don't populate
$_SERVER['HTTP_AUTHORIZATION']
whenAuthorization
header is set. So it's upto you to ensure that either$_SERVER['HTTP_AUTHORIZATION']
or$_ENV['HTTP_AUTHORIZATION']
is set.For e.g. for apache you could use the following:
-
The query string variable specified using
parameter
config:Next it checks if the token is present in query string. The default variable name is
token
and can be customzied by using theparameter
config shown above.
Token Generation
You can use \Firebase\JWT\JWT::encode()
of the firebase/php-jwt
lib, which this plugin depends on, to generate tokens.
The payload should have the "sub" (subject) claim whos value is used to query the Users model and find record matching the "id" field.
Example:
You can set the queryDatasource
option to false
to directly return the token's
payload as user info without querying datasource for matching user record.
Further reading
For an end to end usage example check out this blog post by Bravo Kernel.