Geek Answers Handbook

JWT: authentication in slim v3 and Android

I am using Slim framework to return JSON to my Android device. I am currently working on logging in to my device. I use 3 different login methods: Facebook, Google and account. When he takes an account, he can register a new account or log in with an existing one.

For security in my web service, I thought of using JWT security. So I read and watch a video on how this works. I think I understand how this works, but I cannot find anything about how to implement it correctly.

The second software that I use for slim v3 is called: Slim-JWT-Auth . I found the following link to implement this in my fine structure, and it works correctly, I think.

Now my questions are:

  • How do I create a token?
  • When do I create my token?
  • Do I also need a token when using login on Google or Facebook? because they already use Auth2.0 token?

I understand how this works, but no one talks about when and how to implement it. So, when do I need to generate a token (when logging into a web service?), And do I need to generate a token after each application launch, or do I just need to wait until the token expires?

+4
1

?

firebase/php-jwt, .

$now = new DateTime();
$future = new DateTime("now +2 hours");
$server = $request->getServerParams();
$payload = [
    "iat" => $now->getTimeStamp(),
    "exp" => $future->getTimeStamp(),
    "sub" => $server["PHP_AUTH_USER"]
];

$secret = "supersecretkeyyoushouldnotcommittogithub";
$token = JWT::encode($payload, $secret, "HS256");

?

api , , , . , /token, JWT. .

$app->add(new \Slim\Middleware\HttpBasicAuthentication([
    "path" => "/token",
    "users" => [
        "test" => "test"
    ]
]);

$app->add(new \Slim\Middleware\JwtAuthentication([
    "secret" => "supersecretkeyyoushouldnotcommittogithub"
    "rules" => [
        new RequestPathRule([
            "path" => "/",
            "passthrough" => ["/token"]
        ])
    ]
]);

$app->post("/token", function ($request, $response, $arguments) {

    $now = new DateTime();
    $future = new DateTime("now +2 hours");
    $server = $request->getServerParams();

    $payload = [
        "iat" => $now->getTimeStamp(),
        "exp" => $future->getTimeStamp(),
        "sub" => $server["PHP_AUTH_USER"],
    ];
    $secret = "supersecretkeyyoushouldnotcommittogithub";
    $token = JWT::encode($payload, $secret, "HS256");
    $data["status"] = "ok";
    $data["token"] = $token;

    return $response->withStatus(201)
        ->withHeader("Content-Type", "application/json")
        ->write(json_encode($data, JSON_UNESCAPED_SLASHES | JSON_PRETTY_PRINT));
});

Google Facebook? Auth2.0?

. ". , /token Facebook Google JWT.

, .

+4

More articles:


All Articles