slim-jwt-auth | PSR-7 and PSR-15 JWT Authentication Middleware | Authentication library

by tuupola PHP Version: 3.7.0 License: MIT

X-Ray Key Features Code Snippets Community Discussions(4)Vulnerabilities Install Support

kandi X-RAY | slim-jwt-auth Summary

slim-jwt-auth is a PHP library typically used in Security, Authentication applications. slim-jwt-auth has no bugs, it has no vulnerabilities, it has a Permissive License and it has medium support. You can download it from GitHub.

PSR-7 and PSR-15 JWT Authentication Middleware

Support

Quality

Security

License

Reuse

Support

slim-jwt-auth has a medium active ecosystem.

It has 790 star(s) with 132 fork(s). There are 29 watchers for this library.

It had no major release in the last 6 months.

There are 28 open issues and 148 have been closed. On average issues are closed in 66 days. There are 8 open pull requests and 0 closed requests.

It has a neutral sentiment in the developer community.

The latest version of slim-jwt-auth is 3.7.0

Quality

slim-jwt-auth has 0 bugs and 0 code smells.

Security

slim-jwt-auth has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.

slim-jwt-auth code analysis shows 0 unresolved vulnerabilities.

There are 0 security hotspots that need review.

License

slim-jwt-auth is licensed under the MIT License. This license is Permissive.

Permissive licenses have the least restrictions, and you can use them in most projects.

Reuse

slim-jwt-auth releases are not available. You will need to build from source code and install.

Installation instructions, examples and code snippets are available.

It has 327 lines of code, 30 functions and 4 files.

It has medium code complexity. Code complexity directly impacts maintainability of the code.

Top functions reviewed by kandi - BETA

kandi has reviewed slim-jwt-auth and discovered the below as its top functions. This is intended to give you an instant insight into slim-jwt-auth implemented functionality, and help decide if they suit your requirements.

Handle middleware .
Fetch token from request .
Hydrate options .
Decode JWT token .
Return a new instance with the rules added .
Determine if the request should authenticate .
Process error .
Set the secret .
Set the after callback .
Set the error callback .

Get all kandi verified functions for this library.

slim-jwt-auth Key Features

No Key Features are available at this moment for slim-jwt-auth.

slim-jwt-auth Examples and Code Snippets

No Code Snippets are available at this moment for slim-jwt-auth.

Community Discussions

Trending Discussions on slim-jwt-auth

Slim framework not working as expected using Composer (Class not found)

How to authenticate JSON web tokens (JWT) across different APIs?

Composer Could not find package jwt-auth

Can't access token stored in container

QUESTION

Slim framework not working as expected using Composer (Class not found)

Asked 2019-Jun-13 at 08:23

Can you help me? I'm facing a strange issue. First, I'm downloading this https://github.com/tuupola/slim-jwt-auth using composer:

...

ANSWER

Answered 2019-Jun-13 at 08:23

First of all, you need to actually add the Slim framework to your Composer package. You can do this by running:

Source https://stackoverflow.com/questions/56575825

QUESTION

How to authenticate JSON web tokens (JWT) across different APIs?

Asked 2019-Mar-29 at 08:33

I've created a Rest API based on the PHP Slim framework which uses JSON Web Tokens (JWT) to authenticate and authorize access.

To use the API the client must first authenticate themselves by sending their credentials to a special /auth/token route which if correct, returns a digitally signed token containing a list of allowed permissions. All subsequent requests to the API require the token for authentication and authorization. This is pretty standard stuff and works well.

But now I now want to separate the /auth/token service into its own micro-service so I can reuse it with other APIs in the future.

The problem is, how will the APIs now authenticate the JWT as they don't have access to the secret that was used to generate it?

I use the Firebase\JWT\JWT to generate the token, which will be moved to the new auth service. And I use tuupola/slim-jwt-auth middleware to authenticate the received token on each API.

As each API and the new auth service will be running on the same host I could maybe share the secret between them all but this feels like bad practice. Is there a better way?

...

ANSWER

Answered 2019-Mar-29 at 08:33

It is better to sign JWT using private/public key (RSA or ECDSA algorithm) instead of a secret (HMAC algorithm). In that case your auth service would sign JWT with private key and other APIs would validate JWT with public key, well... you still need to distribute a public key to your APIs then, but you have options.

Depends on your architecture, you might look at:

API Gateway pattern

For microservice architecture a good practice is to use API Gateway pattern. More about gateway pattern. API Gateway can validate JWT token and then proxy requests to your services. So auth service would sign JWT token with private key, then requests to APIs would go though API Gateway. API Gateway would validate token with public key, so you would not distribute public key to all APIs behind the proxy.

With this approach your would need an API Gateway, you can look at: express-gateway, kong + jwt plugin, tyk etc, also there is much more benefits from API Gateway rather then just JWT token validation, like traffic control, analytics, logging, requests and responses transformations and so on.

Secrets management

Instead of or additionally to API Gateway you can take a look at centralised secrets management systems, like Hashi Vault. Depends on the project/team size it could be an overkill for your project.

Source https://stackoverflow.com/questions/55394912

QUESTION

Composer Could not find package jwt-auth

Asked 2019-Jan-28 at 09:11

I'm trying to add jwt-auth to my Symfony project.

trying to execute the below command

...

ANSWER

Answered 2019-Jan-28 at 09:11

Doing:

Source https://stackoverflow.com/questions/54397149

QUESTION

Can't access token stored in container

Asked 2017-Feb-08 at 07:14

I followed the instructions to save token in container with callback function (https://github.com/tuupola/slim-jwt-auth):

...

ANSWER

Answered 2017-Feb-07 at 18:14

The instruction you linked to states:

Callback is called only when authentication succeeds. It receives decoded token in arguments. If callback returns boolean false authentication is forced to be failed.

Do you meet this requirement when testing, i.e do you authenticate successfully? Also consider using var_dump($decode) instead of print_r($decode) when testing.

Source https://stackoverflow.com/questions/42092486

Community Discussions, Code Snippets contain sources that include Stack Exchange Network

Vulnerabilities

No vulnerabilities reported

Install slim-jwt-auth

Install latest version using composer. If using Apache add the following to the .htaccess file. Otherwise PHP wont have access to Authorization: Bearer header.