Login/Register
Generating tokens with slim-jwt-auth
Asked Answered
Solved phpjwtslim-3
F

2

6

I'm using slim-jwt-auth to create token based authentication for a JSON API.

The docs are very helpful, but one thing I don't understand is how are the tokens generated? The docs say that the middleware is able to decode the token, but can't see any way to encode.

Some projects I've seen use firebase/jwt, but I'm not sure if this is needed, or compatible with slim-jwt-auth.

Is slim-jwt-auth able to generate tokens?

Frit answered 22/11, 2016 at 15:8 Comment(0)
C
9

You can but you do not need to install extra libraries to generate the token. The middleware uses firebase/php-jwt internally so you can use the same library to generate the token. Something like the following.

use \Firebase\JWT\JWT;
use \Tuupola\Base62;

$now = new DateTime();
$future = new DateTime("now +2 hours");
$jti = Base62::encode(random_bytes(16));

$secret = "your_secret_key";

$payload = [
    "jti" => $jti,
    "iat" => $now->getTimeStamp(),
    "nbf" => $future->getTimeStamp()
];

$token = JWT::encode($payload, $secret, "HS256");

You might also check the Slim API Skeleton for inspiration.

Cosetta answered 23/11, 2016 at 3:38 Comment(0)
W
0

According to the disclaimer on the slim-jwt-auth landing page the middleware only processes tokens; does not provide any way to generate them.

HEADS UP! Middleware does not implement OAuth 2.0 authorization server nor does it provide ways to generate, issue or store authentication tokens. It only parses and authenticates a token when passed via header or cookie.

(emphasis is mine)

You can indeed use another library to generate JWT tokens which will then be consumed by slim-jwt-auth. As long as both libraries implemented the specification correctly you should have no interoperability problems at least if you only use the mandatory to implement parts of the specification.

You can check jwt.io for a list of PHP libraries for JWT processing, but firebase/jwt would be a good starting point. If instead of generating the tokens yourself you're looking into completely delegate the authentication and issuance of tokens to a third-party, then I would suggest having a look at Auth0.

Disclosure: I work at Auth0.

Washington answered 22/11, 2016 at 15:42 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.