Download the PHP package yawaweb/yii2-jwt without Composer
On this page you can find all versions of the php package yawaweb/yii2-jwt. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download yawaweb/yii2-jwt
More information about yawaweb/yii2-jwt
Files in yawaweb/yii2-jwt
Package yii2-jwt
Short Description The Yii2 JWT extension enables JWT authentication in Yii2 applications. It simplifies API authentication by creating and verifying JWT tokens, handling expiration, and supporting token refresh for secure access control.
License MIT
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package yii2-jwt
Kaabar JWT Auth Extension
The Yii2 JWT extension is a tool for implementing JWT (JSON Web Token) authentication in Yii2 applications. It allows developers to create APIs that require authentication and authorization, ensuring that only authorized users can access certain resources. The extension provides a simple and flexible way to implement JWT authentication in Yii2, using the JWT library and following the JWT specification. It includes support for creating and verifying JWT tokens, as well as handling token expiration and refresh. The Yii2 JWT extension can be easily integrated into any Yii2 application, making it a powerful tool for API authentication and authorization.
The preferred way to install this extension is through composer.
Either run
or add
to the require section of your composer.json file.
Implementation Steps
- Yii2 installed
- An https enabled site is required for the HttpOnly cookie to work cross-site
-
A database table for storing RefreshTokens:
-
Add JWT parameters in /config/params.php
-
Add component in configuration in /config/web.php for initializing JWT authentication:
-
Add the authenticator behavior to your controllers
-
For AuthController.php we must exclude actions that do not require being authenticated, like login, options (when browser sends the cross-site OPTIONS request).
-
Add the methods generateJwt() and generateRefreshToken() to AuthController.php. We'll be using them in the login/refresh-token actions. Adjust class name for your user model if different.
-
Add the login action to AuthController.php:
-
Add the refresh-token action to AuthController.php. Call POST /auth/refresh-token when JWT has expired, and call DELETE /auth/refresh-token when user requests a logout (and then delete the JWT token from localStorage).
-
Adapt findIdentityByAccessToken() in your user model to find the authenticated user via the uid claim from the JWT:
-
Also remember to purge all RefreshTokens for the user when the password is changed, eg. in afterSave() in your user model:
- Make a page where user can delete his RefreshTokens. List the records from user_refresh_tokens that belongs to the given user and allow him to delete the ones he chooses.
