CODEWITHSUNDEEP
phpjwtslim-3
BugHunterUK
BugHunterUK

Reputation: 8968

Generating tokens with slim-jwt-auth

I'm using slim-jwt-auth to create token based authentication for a JSON API.

The docs are very helpful, but one thing I don't understand is how are the tokens generated? The docs say that the middleware is able to decode the token, but can't see any way to encode.

Some projects I've seen use firebase/jwt, but I'm not sure if this is needed, or compatible with slim-jwt-auth.

Is slim-jwt-auth able to generate tokens?

Upvotes: 6

Views: 10795

Answers (2)

Mika Tuupola
Mika Tuupola

Reputation: 20407

You can but you do not need to install extra libraries to generate the token. The middleware uses firebase/php-jwt internally so you can use the same library to generate the token. Something like the following.

use \Firebase\JWT\JWT;
use \Tuupola\Base62;

$now = new DateTime();
$future = new DateTime("now +2 hours");
$jti = Base62::encode(random_bytes(16));

$secret = "your_secret_key";

$payload = [
    "jti" => $jti,
    "iat" => $now->getTimeStamp(),
    "nbf" => $future->getTimeStamp()
];

$token = JWT::encode($payload, $secret, "HS256");

You might also check the Slim API Skeleton for inspiration.

Upvotes: 10

João Angelo
João Angelo

Reputation: 57718

According to the disclaimer on the slim-jwt-auth landing page the middleware only processes tokens; does not provide any way to generate them.

HEADS UP! Middleware does not implement OAuth 2.0 authorization server nor does it provide ways to generate, issue or store authentication tokens. It only parses and authenticates a token when passed via header or cookie.

(emphasis is mine)

You can indeed use another library to generate JWT tokens which will then be consumed by slim-jwt-auth. As long as both libraries implemented the specification correctly you should have no interoperability problems at least if you only use the mandatory to implement parts of the specification.

You can check jwt.io for a list of PHP libraries for JWT processing, but firebase/jwt would be a good starting point. If instead of generating the tokens yourself you're looking into completely delegate the authentication and issuance of tokens to a third-party, then I would suggest having a look at Auth0.

Disclosure: I work at Auth0.

Upvotes: 0

Related Questions