Download the PHP package rrd108/api-token-authenticator without Composer
On this page you can find all versions of the php package rrd108/api-token-authenticator. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download rrd108/api-token-authenticator
More information about rrd108/api-token-authenticator
Files in rrd108/api-token-authenticator
Package api-token-authenticator
Short Description A Simple Token Authentication Plugin for CakePHP 5 REST API-s
License MIT
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package api-token-authenticator
CakePHP ApiTokenAuthenticator Plugin
A Simple Token Authentication Plugin for CakePHP 5 REST API-s.
For CakePHP 4 version see rrd108/api-token-authenticator
For a REST API you may want to use a cors plugin like rrd108/cakephp-cors and a json api exception plugin like rrd108/cakephp-json-api-exception.
If you use vuejs as your frontend you may wnat to bake your vue components with rrd108/vue-bake.
Configuration
Users table
In your users table you should have a field named token, or whatever name you choose for the token. We will use token in the examples. The token value will not be automatically generated by the plugin. You can generate it in your UsersController.php file's login() method (or elsewhere if you want). See the example below.
Changing the default settings
If you are happy with the default settings, you can skip this section.
For defaults see config/apiTokenAuthenticator.php file in the plugin's directory.
If you want to change any of the values then create your own config/apiTokenAuthenticator.php file at your project's config directory. In your config file, you should use only those keys that you want to change. It will be merged to the default one. So, for example, if you are happy with all the options, except in your case the token's header name is Authorization, then you have to put this into your on config file.
Authorization with Bearer token
If you want to use the Authorization header with Bearer token, you should set the header key to Authorization and the prefix key to Bearer in your config/apiTokenAuthenticator.php file.
Authentication
The plugin authentication workflow is the following.
At your client appliacation you should send a POST request to /users/login.json (or what you set in your config/apiTokenAuthenticator.php file) with a JSON object like this.
If the login was successful than you will get a response like this.
Than you can use this token to authenticate yourself for accessing urls what requires authentication. The token should be sent in a request header named Token (or what you set in your config/apiTokenAuthenticator.php file).
Installation
1. Install the plugin
Including the plugin is pretty much as with every other CakePHP plugin:
Then, to load the plugin either run the following command:
or manually add the following line to your app's config/plugins.php:
2. Disable CSRF protection
You should comment out (or delete) CsrfProtectionMiddleware in your /src/Application.php file's middleware() method.
3. Load the plugin's components
At your AppController.php file's initialize() function you should include these components:
And add JSON view support to AppController.php.
4. Set password hasher
Update your src/Model/Entity/User.php file adding the following.
Do not forget to remove the token field from the $_hidden array.
5. Set extensions for routes
As you probably will use JSON urls, do not forget to add this line to your config/routes.php file.
5. Set JSON response in controllers
In your controllers you should set the JSON response type.
As CakePHP response use content type negotiation it is important to add the Accept: application/json header to your requests.
That's it. It should be up and running.
The login() method
If you use static tokens
Login method is not added automatically, you should implement it. Here is an example how.
The login method should be added to the list of actions that are allowed to be accessed without authentication.
If you use dynamic tokens
Token expiration
By default tokens are not invalidated by the plugin, you can use them permanently or as long as there is no new login session like in the example code above.
If you want the plugin to use tokens only for a certain period of time, you should do the following steps.
-
Add a column to your
userstable namedtoken_expirationand set it's type todatetime. You can use a different field name, but you have to change it in the following steps. -
In your
config/apiTokenAuthenticator.phpfile set'tokenExpiration' => 'token_expiration'. -
Update your
src/Model/Entity/User.phpfile adding the field to the$accessiblearray. -
Update your
src/Model/Table/UsersTable.phpfile adding the following. - In your
src/Controller/UsersController.phpfile you should modifylogin()method.
Access without authentication
If you want to let the users to access a resource without authentication you should state it in the controller's beforeFilter() method. The login, register methods are good candidates to allow unauthenticated access.
This will allow users to access /users/login.json and /users.json url without authentication.
