Plugin containing AuthComponent's authenticate class for authenticating using JSON Web Tokens. You can read about JSON Web Token specification in detail here.
- CakePHP 3.0+
composer require admad/cakephp-jwt-auth:1.0.x-dev
In your app's config/bootstrap.php
add:
// In config/bootstrap.php
Plugin::load('ADmad/JwtAuth');
or using cake's console:
./bin/cake plugin load ADmad/JwtAuth
Setup AuthComponent
:
// In your controller, for e.g. src/Api/AppController.php
public function initialize()
{
parent::initialize();
$this->loadComponent('Auth', [
'authenticate', [
'ADmad/JwtAuth.Jwt' => [
'parameter' => '_token',
'userModel' => 'Users',
'scope' => ['Users.active' => 1],
'fields' => [
'id' => 'id'
]
]
],
'unauthorizedRedirect' => false,
// Config below is available since CakePHP 3.1.
// It makes user info available in controller's beforeFilter() which is not possible in CakePHP 3.0.
'checkAuthIn' => 'Controller.initialize',
]);
}
The authentication class checks for the token in two locations:
-
HTTP_AUTHORIZATION
environment variable:It first checks if token is passed using
Authorization
request header. The value should be of formBearer <token>
. -
The query string variable specified using
parameter
config:Next it checks if the token is present in query string. The default variable name is
_token
and can be customzied by using theparameter
config shown above.
The payload of the token should either have key id
or record
. If
id
key exists it's value will be used to query against the primary key field
of users table.
If record
key exists it's value will be returned as user record. No check
will be done against the database.
AuthComponent
performs it's authentication routine for stateless auth after your controller's beforeFilter()
has run. So trying to get user info using $this->Auth->user()
in beforeFilter()
will always return null
.
As of CakPHP 3.1 though you can set a new config option checkAuthIn
to Controller.initialize
which makes AuthComponent
do the authentication routine before controller's beforeFilter()
is called.
For an end to end usage example check out this blog post by Bravo Kernel.