agungsugiarto/codeigniter4-authentication-jwt
Composer 安装命令:
composer require agungsugiarto/codeigniter4-authentication-jwt
包简介
JSON Web Token for codeigniter4 authentication.
README 文档
README
About
JSON Web Token for codeigniter4-authentication. This package is port from tymondesigns/jwt-auth for compability with agungsugiarto/codeigniter4-authentication.
Documentation
Install Via Composer
composer require agungsugiarto/codeigniter4-authentication-jwt
Copy the config
Copy the config file from vendor/agungsugiarto/codeigniter4-authentication-jwt/src/Config/JWT.php to config folder of your codeigniter4 application and change class extends from BaseConfig to \Fluent\JWTAuth\Config\JWT
Update your User entities
Firstly you need to implement the Fluent\JWTAuth\Contracts\JWTSubjectInterface contract on your User entities, which requires that you implement the 2 methods getJWTIdentifier() and getJWTCustomClaims().
The example below should give you an idea of how this could look. Obviously you should make any changes, as necessary, to suit your own needs.
namespace App\Entities; //.. use Fluent\JWTAuth\Contracts\JWTSubjectInterface; class User extends Entity implements //.. JWTSubjectInterface { /** * {@inheritdoc} */ public function getJWTIdentifier() { return $this->id; } /** * {@inheritdoc} */ public function getJWTCustomClaims() { return []; } }
Adding \Fluent\JWTAuth\JWTGuard::class Guards
We need to define \Fluent\JWTAuth\JWTGuard::class authentication guards using the extend method on the Auth facade or service. You should place your call to the extend method within a service provider. Since codeigniter4-authentication already ships with an AuthServiceProvider, we can place the code in that provider. Open \App\Providers\AuthServiceProvider:
namespace App\Providers; use Fluent\Auth\AbstractServiceProvider; use Fluent\Auth\Facades\Auth; use Fluent\JWTAuth\Config\Services; use Fluent\JWTAuth\JWTGuard; class AuthServiceProvider extends AbstractServiceProvider { /** * {@inheritdoc} */ public static function register() { Auth::extend(JWTGuard::class, function ($auth, $name, array $config) { return new JWTGuard( Services::getSharedInstance('jwt'), Services::getSharedInstance('request'), $auth->createUserProvider($config['provider']), ); }); } }
Configure Auth guard
Inside the app/Config/Auth.php file you will need to make a few changes to configure codeigniter4-authentication to use the jwt guard to power your application authentication.
Make the following changes to the file:
public $guards = [ //.. 'api' => [ 'driver' => \Fluent\JWTAuth\JWTGuard::class, 'provider' => 'users', ], ];
Here we are telling the api guard to use the \Fluent\JWTAuth\JWTGuard::class driver, and we are setting the api guard.
Next we need to register this App\Providers\AuthServiceProvider to lifecycle application. Open App\Config\Events add this line:
Events::on('pre_system', [\App\Providers\AuthServiceProvider::class, 'register']);
We can now use codeigniter4-authentication built in Auth system, with codeigniter4-authentication-jwt doing the work behind the scenes!
Add some basic authentication routes
First let's add some routes in app/Config/Routes.php as follows:
$routes->group('jwt', function ($routes) { $routes->post('login', 'JwtauthController::login'); $routes->post('logout', 'JwtauthController::logout', ['filter' => 'auth:api']); $routes->post('refresh', 'JwtauthController::refresh', ['filter' => 'auth:api']); $routes->match(['get', 'post'], 'user', 'JwtauthController::user', ['filter' => 'auth:api']); });
Create the AuthController
Then create the JwtauthController, either manually or by running the spark command:
php spark make:controller JwtauthController
Then add the following:
<?php namespace App\Controllers; use App\Controllers\BaseController; use CodeIgniter\API\ResponseTrait; class JwtauthController extends BaseController { use ResponseTrait; /** * Get a JWT via given credentials. * * @return \CodeIgniter\Http\Response */ public function login() { // Validate this credentials request. if (! $this->validate(['email' => 'required|valid_email', 'password' => 'required'])) { return $this->fail($this->validator->getErrors()); } $credentials = [ 'email' => $this->request->getPost('email'), 'password' => $this->request->getPost('password') ]; if (! $token = auth('api')->attempt($credentials)) { return $this->fail(lang('Auth.failed'), 401); } return $this->respondWithToken($token); } /** * Get the authenticated User. * * @return \CodeIgniter\Http\Response */ public function user() { return $this->response->setJson(auth('api')->user()); } /** * Log the user out (Invalidate the token). * * @return \CodeIgniter\Http\Response */ public function logout() { auth('api')->logout(); return $this->response->setJson(['message' => 'Successfully logged out']); } /** * Refresh a token. * * @return \CodeIgniter\Http\Response */ public function refresh() { return $this->respondWithToken(auth('api')->refresh()); } /** * Get the token array structure. * * @param string $token * * @return \CodeIgniter\Http\Response */ protected function respondWithToken($token) { return $this->response->setJson([ 'access_token' => $token, 'token_type' => 'bearer', 'expires_in' => auth('api')->factory()->getTTL() * 60, ]); } }
You should now be able to POST to the login endpoint (e.g. http://example.dev/jwt/login) with some valid credentials and see a response like:
{
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ",
"token_type": "bearer",
"expires_in": 3600
}
This token can then be used to make authenticated requests to your application.
Authenticated requests
There are a number of ways to send the token via http:
Authorization header
Authorization: Bearer eyJhbGciOiJIUzI1NiI...
Query string parameter
http://example.dev/me?token=eyJhbGciOiJIUzI1NiI...
Post parameter
Cookies
Methods
The following methods are available on the Auth guard instance.
Multiple Guards
If the newly created 'api' guard is not set as a default guard or you have defined multiple guards to handle authentication, you should specify the guard when calling auth().
$token = auth('api')->attempt($credentials);
attempt()
Attempt to authenticate a user via some credentials.
// Generate a token for the user if the credentials are valid $token = auth('api')->attempt($credentials);
This will return either a jwt or boolean
login()
Log a user in and return a jwt for them.
// Get some user from somewhere $user = (new UserModel())->first(); // Get the token $token = auth('api')->login($user);
user()
Get the currently authenticated user.
// Get the currently authenticated user $user = auth('api')->user();
If the user is not then authenticated, then null will be returned.
userOrFail()
Get the currently authenticated user or throw an exception.
try { $user = auth('api')->userOrFail(); } catch (\Fluent\JWTAuth\Exceptions\UserNotDefinedException $e) { // do something }
If the user is not set, then a Fluent\JWTAuth\Exceptions\UserNotDefinedException will be thrown
logout()
Log the user out - which will invalidate the current token and unset the authenticated user.
auth('api')->logout(); // Pass true to force the token to be blacklisted "forever" auth('api')->logout(true);
refresh()
Refresh a token, which invalidates the current one
$newToken = auth('api')->refresh(); // Pass true as the first param to force the token to be blacklisted "forever". // The second parameter will reset the claims for the new token $newToken = auth('api')->refresh(true, true);
invalidate()
Invalidate the token (add it to the blacklist)
auth('api')->invalidate(); // Pass true as the first param to force the token to be blacklisted "forever". auth('api')->invalidate(true);
tokenById()
Get a token based on a given user's id.
$token = auth('api')->tokenById(123);
payload()
Get the raw JWT payload
$payload = auth('api')->payload(); // then you can access the claims directly e.g. $payload->get('sub'); // = 123 $payload['jti']; // = 'asfe4fq434asdf' $payload('exp') // = 123456 $payload->toArray(); // = ['sub' => 123, 'exp' => 123456, 'jti' => 'asfe4fq434asdf'] etc
validate()
Validate a user's credentials
if (auth('api')->validate($credentials)) { // credentials are valid }
More advanced usage
Adding custom claims
$token = auth('api')->claims(['foo' => 'bar'])->attempt($credentials);
Set the token explicitly
$user = auth('api')->setToken('eyJhb...')->user();
Set the request instance explicitly
$user = auth('api')->setRequest($request)->user();
Override the token ttl
$token = auth('api')->setTTL(7200)->attempt($credentials);
Contributing
Contributions are very welcome.
License
Released under the MIT License, see LICENSE.
agungsugiarto/codeigniter4-authentication-jwt 适用场景与选型建议
agungsugiarto/codeigniter4-authentication-jwt 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 570 次下载、GitHub Stars 达 27, 最近一次更新时间为 2021 年 03 月 03 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「Authentication」 「auth」 「jwt」 「JSON Web Token」 「codeigniter4」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 agungsugiarto/codeigniter4-authentication-jwt 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 agungsugiarto/codeigniter4-authentication-jwt 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 agungsugiarto/codeigniter4-authentication-jwt 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
Laravel Multiauth package
Automatically logs-in users if they are already authenticated by a remote source. (e.g. environment variable REMOTE_USER)
GraphQL authentication for your headless Craft CMS applications.
A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants. This library will allow you to secure your API with OAuth and allow your applications users to approve apps that want to access their data from your API.
A simple library to decode and parse Apple Sign In client tokens.
Laravel middleware to restrict a site or specific routes using HTTP basic authentication
统计信息
- 总下载量: 570
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 28
- 点击次数: 6
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2021-03-03