clarkwinkelmann/flarum-ext-jwt-cookie-login
Composer 安装命令:
composer require clarkwinkelmann/flarum-ext-jwt-cookie-login
包简介
Stateless login for Flarum through JWT cookie
README 文档
README
This extension implements quasi-stateless JWT-based sessions in Flarum.
The use case for this extension is implementing global login with an external platform serving as the master. Your code is responsible for setting and updating the cookie, and Flarum will automatically connect and/or create users based on the content of the JWT. No example code is available for the master implementation. The information below should allow you to implement it in any programming language.
Users are matched through the jwt_subject column in the database that is matched to the token's sub value.
By default, tokens are validated using Google Firebase public keys (automatically retrieved and cached from Google servers) but custom keys can also be used.
A callback hook can be defined to obtain default values for new users from an external API.
The JWT subject ID for the hook call can be retrieved by using the replacement code {uid} as part of the hook URL, by reading the JWT in the Authorization header or by reading the data.id value in the hook JSON POST body.
The hook should return a JSON:API compliant object describing the Flarum user attributes.
These attributes will be passed internally to POST /api/users so any attribute added by an extension can also be provided.
{
"data": {
"attributes": {
"username": "example",
"email": "example@app.tld"
}
}
}
The validity of the hook request can be checked via the Authorization header.
It will contain Token <JWT token> by default, but can be customized to a hard-coded secret token via the admin settings.
The custom header setting will be applied verbatim as the header value, without any added prefix (i.e., Token is not added).
Users can be edited via their JWT subject ID by using the PATCH /api/jwt/users/<sub> endpoint.
It works exactly the same way as PATCH /api/users/<id> but takes the JWT subject ID instead of Flarum ID.
By default, all accounts will be automatically enabled.
You can change this behaviour by returning "isEmailConfirmed": false attribute in the registration hook.
An admin user is used internally to call the REST API that creates new Flarum users.
By default, user with ID 1 will be used but this can be customized in the admin settings.
The value must be the Flarum ID (MySQL auto-increment) and not the JWT subject ID.
The original Flarum session object (Symfony session) and cookie are not used for stateless authentication, however the cookie session is kept because Flarum and some extensions cannot work without it. This session object is not invalidated during "login" and "logout" of the stateless JWT authentication, so there could be issues with extensions that rely on that object for other purposes than validation messages.
Hidden Iframe
The hidden iframe offers a way to refresh the cookie in the background and optionally to provide auto login.
If the hidden iframe setting is set, the given URL will be loaded in a 0x0 iframe placed outside the browser viewport.
The iframe can use window.postMessage to inform Flarum of a change in the session state.
The message can be sent at any time and any number of times.
You can use a loop repeatedly sending the current state if necessary.
Flarum will check for a change in the reported state and prompt the user to refresh the page if it changes.
If {jwtSessionState: 'login'} is sent while Flarum is logged out, Flarum will say the user has been automatically logged in and may refresh the page.
If {jwtSessionState: 'logout'} is sent while Flarum is logged in, Flarum will say the session has expired and the user may refresh the page.
If the time elapsed between Flarum boot and the postMessage is smaller than the configured "Auto Login Delay", the page will refresh without user interaction.
Switching user without going through logout state is current not supported.
Code example for the iframe:
window.parent.postMessage({ jwtSessionState: 'login', }, 'https://myforum.mydomain.tld');
The last parameter should be set to the Flarum origin.
'*' can also be used but isn't recommended.
Installation
composer require clarkwinkelmann/flarum-ext-jwt-cookie-login
Support
This extension is under minimal maintenance.
It was developed for a client and released as open-source for the benefit of the community. I might publish simple bugfixes or compatibility updates for free.
You can contact me to sponsor additional features or updates.
Support is offered on a "best effort" basis through the Flarum community thread.
Sponsors: Dater.com
Links
clarkwinkelmann/flarum-ext-jwt-cookie-login 适用场景与选型建议
clarkwinkelmann/flarum-ext-jwt-cookie-login 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 1.07k 次下载、GitHub Stars 达 4, 最近一次更新时间为 2022 年 02 月 22 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「jwt」 「firebase」 「flarum」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 clarkwinkelmann/flarum-ext-jwt-cookie-login 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 clarkwinkelmann/flarum-ext-jwt-cookie-login 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 clarkwinkelmann/flarum-ext-jwt-cookie-login 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
A simple library to decode and parse Apple Sign In client tokens.
simple api library.
Adds more BBCode
Output of discussions lists in form of cards
Yii2 Extension for sending push notification with both Firebase Cloud Messaging (FCM) HTTP Server Protocols (APIs).
JWT API authentication driver (Guard) for Laravel.
统计信息
- 总下载量: 1.07k
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 4
- 点击次数: 10
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2022-02-22