2017 © Pedro Peláez
 

library phalcon-jwt-auth

A simple JWT middleware for Phalcon Micro to handle stateless authentication

image

emog/phalcon-jwt-auth

A simple JWT middleware for Phalcon Micro to handle stateless authentication

  • Wednesday, December 27, 2017
  • by emog
  • Repository
  • 2 Watchers
  • 2 Stars
  • 20 Installations
  • PHP
  • 0 Dependents
  • 0 Suggesters
  • 1 Forks
  • 0 Open issues
  • 2 Versions
  • 0 % Grown

The README.md

phalcon-jwt-auth

A simple JWT middleware for Phalcon Micro to handle stateless authentication., (*1)

Installation

$ composer require emog/phalcon-jwt-auth

or in your composer.json, (*2)

{
    "require": {
        "emog/phalcon-jwt-auth" : "dev-master"
    }
}

then run, (*3)

$ composer update

Usage

Configuration - Loading the config service

in config.ini or in any config file, (*4)

[jwtAuth]

; JWT Secret Key
secretKey = 923753F2317FC1EE5B52DF23951B

; JWT default Payload

;; expiry time in minutes
payload[exp] = 1440
payload[iss] = phalcon-jwt-auth

; Micro Applications do not have a controller or dispatcher
; so to know the resource being called we have to check the actual URL.

; If you want to disable the middleware on certain routes or resource:
;; index
ignoreUri[] = /

;; regex pattern with http methods
ignoreUri[] = regex:/application/
ignoreUri[] = regex:/users/:POST,PUT

;; literal strings
ignoreUri[] = /auth/user:POST,PUT
ignoreUri[] = /auth/application

in bootstrap or index file, (*5)

use Phalcon\Mvc\Micro;
use Phalcon\Config\Adapter\Ini as ConfigIni;
use Phalcon\Di\FactoryDefault;
use EmoG\Phalcon\Auth\Middleware\Micro as AuthMicro;

// set default services
$di = new FactoryDefault();

/**
 * IMPORTANT:
 * You must set "config" service that will load the configuration file. 
 */
$config = new ConfigIni( APP_PATH . "app/config/config.ini");
$di->set(
    "config",
    function () use($config) {
        return $config;
    }
);

$app = new Micro($di);

// AUTH MICRO
$auth = new AuthMicro($app);

$app->handle();

Configuration - Don't want to use a config file? then pass the config instead

in bootstrap or index file, (*6)

use Phalcon\Mvc\Micro;
use Phalcon\Config\Adapter\Ini as ConfigIni;
use Phalcon\Di\FactoryDefault;
use EmoG\Phalcon\Auth\Middleware\Micro as AuthMicro;

// set default services
$di = new FactoryDefault();

$app = new Micro($di);

// SETUP THE CONFIG
$authConfig = [
    'secretKey' => '923753F2317FC1EE5B52DF23951B1',
    'payload' => [
            'exp' => 1440,
            'iss' => 'phalcon-jwt-auth'
        ],
     'ignoreUri' : [
            '/',
            'regex:/application/',
            'regex:/users/:POST,PUT',
            '/auth/user:POST,PUT',
            '/auth/application'
        ]
];

// AUTH MICRO
$auth = new AuthMicro($app, $authConfig);

$app->handle();

Authentication

To make authenticated requests via http, you will need to set an authorization headers as follows:, (*7)

Authorization: Bearer {yourtokenhere}

or pass the token as a query string, (*8)

?token={yourtokenhere}

Callbacks

By default if the authentication fails, the middleware will stop the execution of routes and will immediately return a response of 401 Unauthorized. If you want to add your own handler:, (*9)

$auth->onUnauthorized(function($authMicro, $app) {

    $response = $app["response"];
    $response->setStatusCode(401, 'Unauthorized');
    $response->setContentType("application/json");

    // to get the error messages
    $response->setContent(json_encode([$authMicro->getMessages()[0]]));
    $response->send();

    // return false to stop the execution
    return false;
});

If you want an additional checking on the authentication, like intentionally expiring a token based on the payload issued date, you may do so:, (*10)

$auth->onCheck(function($auth) {
 // to get the payload
 $data = $auth->data();

 if($data['iat'] <= strtotime('-1 day')) ) {
    // return false to invalidate the authentication
    return false;
 }

});

The Auth service

You can access the middleware by calling the "auth" service., (*11)

print_r( $app['auth']->data() );

print_r( $app->getDI()->get('auth')->data('email') );

// in your contoller
print_r( $this->auth->data() );

If you want to change the service name:, (*12)

AuthMicro::$diName = 'jwtAuth';

Creating a token

In your controller or route handler, (*13)

$payload = [ 
    'sub'   => $user->id, 
    'email' => $user->email,
    'username' =>  $user->username,
    'role'  => 'admin',
    'iat' => time(),
];
$token = $this->auth->make($payload);

Accessing the authenticated user / data

In your controller or route handler, (*14)

echo $this->auth->id(); // will look for sub or id payload

echo $this->auth->data(); // return all payload

echo $this->auth->data('email');

Extending

If you want to add your own middleware or play around:, (*15)

EmoG\Phalcon\Auth\Auth.php and its adapters - does all the authentication

EmoG\Phalcon\Auth\TokenGetter\TokenGetter.php and its adapters - does the parsing or getting of token

JWT

Phalcon JWT Auth uses the Firebase JWT library. To learn more about it and JSON Web Tokens in general, visit: https://github.com/firebase/php-jwt https://jwt.io/introduction/, (*16)

#

If you are using php 7 you can use Dmkit version which is compatible https://github.com/dmkit/phalcon-jwt-auth, (*17)

The Versions

27/12 2017

dev-master

9999999-dev

A simple JWT middleware for Phalcon Micro to handle stateless authentication

  Sources   Download

The Requires

 

by Emil Georgiev

authentication jwt phalcon

31/08 2017

1.0.0

1.0.0.0

A simple JWT middleware for Phalcon Micro to handle stateless authentication

  Sources   Download

The Requires

 

by Emil Georgiev

authentication jwt phalcon