-
-
Notifications
You must be signed in to change notification settings - Fork 1
User_AccessToken
You may need to import this feature on top of your code.
use \Scarlets\Library\User\AccessToken;
The AccessToken configuration are stored on /config/auth.php
.
When you're using this library, it will automatically add token_table
table and app_table
on the database if not exist.
Column | Description |
---|---|
token_id | AccessToken ID |
app_id | Application ID |
user_id | User ID |
expiration | Expiration timestamp |
permissions | AccessToken permissions |
But before you can get an AccessToken you must define your application in the app_table
for the AccessToken.
Column | Description |
---|---|
app_id | Application ID |
app_secret | Application Secret Key |
When creating access token usually you will have different App in your database, sometime it could be an application created by another developer. So you need to define set $appID
and it's $appSecret
in app_table
database. The token information will be saved in token_table
database.
AccessToken::create($appID, $appSecret, $userData);
# Example
AccessToken::create(1, 'H8^0b D(@.;{', [
'userID'=>1,
'username'=>'hello',
'permissions'=>'|1|3|5|7|' // Wrapped PermissionID
]);
You can define your own PermissionID somewhere on your Application. The $userData
is required, and permissions
can also be |*|
if the user has any permission.
If you already have the user access token you can parse and validate it like below.
AccessToken::parse($accessToken);
But if the AccessToken still in the request query ?access_token=AccessToken
or the request header Authentication: bearer AccessToken
. You can utilize framework's feature.
AccessToken::parseAvailableToken();
It's usual if AccessToken have an expiration time, but instead of creating new AccessToken it's better to extend the expiration time before it's expired.
AccessToken::refresh($expires_in = 2592000);
After the AccessToken was parsed by the framework, you can easily obtain data for the current AccessToken.
AccessToken::$appID = 0;
AccessToken::$tokenID = 0;
AccessToken::$userID = 0;
AccessToken::$expiration = 0;
To check if an user was allowed to do something, you need to use AccessToken::isAllowed
with the permissionID.
AccessToken::isAllowed($permissionID);
# Example
$PermissionID = [0=>'posting', 1=>'deleting', 2=>'modify'];
if(AccessToken::isAllowed(2))
die("User allowed for modify stuff");
Usually the expired AccessToken will need to be removed manually by setting up a cronjob. But if you want to remove AccessToken from the database even it haven't expired, you can use revoke
function.
AccessToken::revoke($tokenID = false);