定制 kakadu-dev/yii2-jwt-auth 二次开发

按需修改功能、优化性能、对接业务系统,提供一站式技术支持

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

kakadu-dev/yii2-jwt-auth

Composer 安装命令:

composer require kakadu-dev/yii2-jwt-auth

包简介

Extension provide JWT auth for Yii2

README 文档

README

Yii2 JWT Auth

Installation

The preferred way to install this extension is through composer.

Either run

php composer.phar require --prefer-dist kakadu-dev/yii2-jwt-auth "@dev"

or add

"kakadu-dev/yii2-jwt-auth": "@dev"

to the require section of your composer.json file.

Usage

Once the extension is installed, simply use it in your code by:

Add this package migration namespace, to you console config (console/config/main.php):

return [
    'components' => [
        'migrate' => [
            'class'               => yii\console\controllers\MigrateController::class,
            // set false if you use namespaces
            'migrationPath'       => '@console/migrations',
            'migrationNamespaces' => [
                // ...
                'Kakadu\Yii2JwtAuth\migrations',
            ],
        ],
    ],
];

Configure api tokens component (e.g. common/config/main.php):

return [
    'components' => [
        'apiTokens' => [
            'class'           => \Kakadu\Yii2JwtAuth\ApiTokenService::class,
            'secretKey'       => '', // set in main-local.php or yii-params.domainSecretKey
            'issuer'          => 'you-domain-name', // or yii-params.domain
            'audience'        => ['you-domain-name', 'second-domain-name'], // or yii-params.domain
            'audienceSecrets' => [
                'you-domain-name'    => '', // or yii-params.domainSecretKey
                'second-domain-name' => '', // or yii-params.secondDomainSecretKey
            ],
            'seamlessLogin'   => false,
        ],
    ],
];

All values in secretKey, issuer, audience, audienceSecrets which contain yii-params.param-name will be converted to Yii::$app->params['param-name']

TBD: add example for yii-params.* config (e.g. for audienceSecrets).

Now, after user registration, create JWT tokens and add their in response headers. Also add an action to update tokens.
E.g.:

class AuthController extends yii\rest\Controller
{
    public function actionSignUp()
    {
        // After create user $newUser
        // Same actions for login url
        $tokens = \Yii::$app->apiTokens->create($newUser->id, ['someField' => 'someValue']);
        
        \Kakadu\Yii2JwtAuth\JwtBearerAuth::addJwtToHeader(\Yii::$app->response, $tokens);
    }
    
    public function actionSignIn()
    {
        // After verify user login and password
    
        $tokens = \Yii::$app->apiTokens->create($user->id, ['someField' => 'someValue']);
        
        \Kakadu\Yii2JwtAuth\JwtBearerAuth::addJwtToHeader(\Yii::$app->response, $tokens);
    }
    
    /**
     * Autologin, if access token expired and refresh token not expired.
     * This action needed only if 'seamlessLogin' set to false.
     */
    public function actionRefreshTokens()
    {
        // Get from post or headers or ...
        $accessToken = Yii::$app->request->post('access_token');
        $refreshToken = Yii::$app->request->post('refresh_token');
    
        // Convert to jwt token model
        $jwtAccessToken  = \Yii::$app->apiTokens->getJwtToken($accessToken);
        $jwtRefreshToken = \Yii::$app->apiTokens->getJwtToken($refreshToken);
    
        // Renew
        $newTokens = \Yii::$app->apiTokens->renewJwtToken($jwtAccessToken, $jwtRefreshToken);
        
        \Kakadu\Yii2JwtAuth\JwtBearerAuth::addJwtToHeader(\Yii::$app->response, $newTokens);
    }
}

or use renew tokens action:

use Kakadu\Yii2JwtAuth\RefreshTokensAction;

class AuthController extends yii\rest\Controller
{
    /**
     * @inheritdoc
     */
    public function behaviors(): array
    {
        return ArrayHelper::merge(parent::behaviors(), [
            'authenticator' => [
                'class'  => JwtBearerAuth::class,
                'except' => ['renew-token'],
            ],
            'access'        => [
                'class' => AccessControl::class,
                'rules' => [
                    [
                        'allow'   => true,
                        'actions' => ['renew-token'],
                        'roles'   => ['?'],
                    ],
                ],
            ],
        ];
    }
            
    /**
     * @inheritdoc
     */
    public function actions(): array
    {
        return ArrayHelper::merge(parent::actions(), [
            'renew-token' => RefreshTokensAction::class,
        ]);
    }
}

And finally add Jwt Auth to secure controller:

class SecureController extends yii\rest\Controller
{
    /**
     * @inheritdoc
     */
    public function behaviors(): array
    {
        return ArrayHelper::merge(parent::behaviors(), [
            'authenticator' => [
                'class' => \Kakadu\Yii2JwtAuth\JwtBearerAuth::class,
            ],
            'access'        => [
                'class' => AccessControl::class,
                'rules' => [
                   ...
                ],
            ],
        ]);
    }
}

Procedure:

  • seamlessLogin is false

    1. Register, get access and refresh token and save their on client side.
    2. Use only access token for request to security endpoint.
    3. After access token expired, you get 401 Unauthorized exception.
    4. Use expire access and not expire refresh token to get new tokens. (/refresh-token url)
    5. If refresh token expire, go to sign in
  • seamlessLogin is true

    1. Register, get access and refresh token and save their on client side.
    2. Use only access token for request to security endpoint.
    3. After access token expired, you get 401 Unauthorized exception.
    4. Repeat request use expire access and not expire refresh token to get new tokens. (/same url)
    5. If refresh token expire, go to sign in.

That's all. Check it.

统计信息

  • 总下载量: 5.79k
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 10
  • 点击次数: 0
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 10
  • Watchers: 3
  • Forks: 6
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2018-10-25

承接程序开发

PHP开发

VUE

Vue开发

前端开发

小程序开发

公众号开发

系统定制

数据库设计

云部署

网站建设

安全加固