yiisoft / auth-jwt Goto Github PK

View Code? Open in Web Editor NEW

32.0 19.0 11.0 135 KB

Home Page: https://www.yiiframework.com/

License: BSD 3-Clause "New" or "Revised" License

PHP 100.00%

yii3 auth jwt-authentication middleware psr-15 hacktoberfest authentication

auth-jwt's Introduction

Yii Auth JWT

The package provides JWT authentication method for Yii Auth.

Requirements

PHP 8.0 or higher.

Installation

The package could be installed with composer:

composer require yiisoft/auth-jwt

General usage

Configuring within Yii

Set JWT parameters in your params.php config file:

'yiisoft/auth-jwt' => [
    'algorithms' => [
        // your signature algorithms
    ],
    'serializers' => [
        // your token serializers
    ],
    'key' => [
        'secret' => 'your-secret',
        'file' => 'your-certificate-file',
    ],
],

Setup definitions, required for \Yiisoft\Auth\Middleware\Authentication middleware in a config, for example, in config/web/auth.php:

/** @var array $params */

use Yiisoft\Auth\Jwt\TokenManagerInterface;
use Yiisoft\Auth\Jwt\TokenManager;
use Yiisoft\Auth\AuthenticationMethodInterface;
use Yiisoft\Auth\Jwt\JwtMethod;

return [
    KeyFactoryInterface::class => [
        'class' => FromSecret::class,
        '__construct()' => [
            $params['yiisoft/auth-jwt']['key']['secret']
        ],
    ],
    
    AuthenticationMethodInterface::class => JwtMethod::class,
];

Note: Don't forget to declare your implementations of \Yiisoft\Auth\IdentityInterface and \Yiisoft\Auth\IdentityRepositoryInterface.

Use Yiisoft\Auth\Middleware\Authentication middleware. Read more about middlewares in the middleware guide.

Configuring independently

You can configure Authentication middleware manually:

/** @var \Yiisoft\Auth\IdentityRepositoryInterface $identityRepository */
$identityRepository = getIdentityRepository();

$tokenRepository = $container->get(\Yiisoft\Auth\Jwt\TokenRepositoryInterface::class);

$authenticationMethod = new \Yiisoft\Auth\Jwt\JwtMethod($identityRepository, $tokenRepository);

$middleware = new \Yiisoft\Auth\Middleware\Authentication(
    $authenticationMethod,
    $responseFactory, // PSR-17 ResponseFactoryInterface.
    $failureHandler // Optional, \Yiisoft\Auth\Handler\AuthenticationFailureHandler by default.
);

Documentation

Internals

If you need help or have a question, the Yii Forum is a good place for that. You may also check out other Yii Community Resources.

License

The Yii Auth JWT is free software. It is released under the terms of the BSD License. Please see LICENSE for more information.

Maintained by Yii Software.

Support the project

Follow updates

auth-jwt's People

Contributors

Stargazers

Watchers

Forkers

rustamwin skugarev dagpro allannp wiperawa fantom409 eluhr strorch sankaest seanpm2001 luizcmarin

auth-jwt's Issues

JWT encrypted with RS256 instead of HS256

What steps will reproduce the problem?

I am using an RS256 algorithm instead of the (default) HS256 algorithm. RS256 uses a public/private key pair instead of a secret. The TokenManager only implements the possibility to define a secret but not a public or private file path or encryption key.

config/web/auth.php

<?php

declare(strict_types=1);

/** 
 * @var array $params
 */

use Jose\Component\Signature\Algorithm\RS256;
use Yiisoft\Auth\Jwt\TokenManagerInterface;
use Yiisoft\Auth\Jwt\TokenManager;
use Yiisoft\Auth\AuthenticationMethodInterface;
use Yiisoft\Auth\Jwt\JwtMethod;

return [
    TokenManagerInterface::class => [
        '__class' => TokenManager::class,
        '__construct()' => [
             // `secret` not needed for this algorithm, but must be defined for the token manager constructor
            'secret' => $params['yiisoft/auth-jwt']['secret'],
            'algorithms' => [new RS256()]
           // where do i define the public/private key file path or the encryption key?
        ]
    ],
    AuthenticationMethodInterface::class => JwtMethod::class
];

What is the expected result?

A possibility to define a public and private key file path for the token manager and the secret not to be a default

What do you get instead?

No possibility to use a JWT with RS256 algorithm

Additional info

Q	A
Version	dev-master#cc62114
PHP version	7.4.12
Operating system	Docker yiisoftware/yii-php:7.4-apache

Which jwt library?

@rustamwin suggests lcobucci/jwt in this issue from yiisoft/yii-web

yiisoft/yii-web#114 (comment)

The Problem is, we will need version v4.x (php 7.3) but this version is not stable and we don't know, how long it will takes.

Update `web-token/*` library

What steps will reproduce the problem?

composer update

What is the expected result?

Outdated packages are not installed.

What do you get instead?

composer: Package web-token/* is abandoned, you should avoid using it. Use web-token/jwt-library instead.

Additional info

Q	A
Version	2.0.1
PHP version	8.3
Operating system	macOS

About JWT(JSON Web Tokens [RFC 7519]):
https://jwt.io
Yii2 RESTful Web Services Authentication:
https://www.yiiframework.com/doc/guide/2.0/en/rest-authentication

yiisoft / auth-jwt Goto Github PK

auth-jwt's Introduction

Yii Auth JWT

Requirements

Installation

General usage

Configuring within Yii

Configuring independently

Documentation

License

Support the project

Follow updates

auth-jwt's People

Contributors

Stargazers

Watchers

Forkers

auth-jwt's Issues

What steps will reproduce the problem?

What is the expected result?

What do you get instead?

Additional info

What steps will reproduce the problem?

What is the expected result?

What do you get instead?

Additional info

Recommend Projects

Recommend Topics

Recommend Org