This is an example of implementation of JWT authentication on the server side, using Slim3. This code can be used in pair with the ionic2 jwt sample a sample code on JWT via an Ionic2 app.
- Clone or download the repository
- You have to create a database named tokens which should contain a single table named tokens with the following structure:
CREATE TABLE `tokens` (
`id` int(11) unsigned NOT NULL AUTO_INCREMENT,
`value` text,
`user_id` int(11) DEFAULT NULL,
`date_created` int(11) DEFAULT NULL,
`date_expiration` int(11) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
- Be sure that your database configuration match the specification under /src/settings.php
- Check that all is ok by entering into the downloaded repository and launching phpunit using the following command
$ ./vendor/bin/phpunit
- You should see
OK (4 tests, 8 assertions)
- You can now launch the server by typing
php -S 0.0.0.0:8080 -t public public/index.php
- You are ready to send requests to the server. Check /tests/Functional/RoutesTest.php to see what you can do.
Two routes were created:
- An authentication route which allows us to get the credentials and the token sent from the client for validation.
$app->post('/authenticate', function (Request $request, Response $response) {
// ...
})
- A route which handle a get request for requiring restricted resource to test out our JWT implementation. This route expected that a token is set on the authorisation header of the request. The token will be validated and if it succeed, we return the requested resource to the client.
$app->get('/restricted', function (Request $request, Response $response) {
// ...
})
We used [firebase/php-jwt] (https://github.com/firebase/php-jwt) for creating and decoding the JSON web token.
For simplicity sake, users credentials are stored in a JSON file named users.json located at the root of the project. A database containing a single table named tokens allows us to store each token related information. Database connexion is configured inside /src/dependencies.php.
We created a middleware under the /src/middleware.php file in order to enable CORS.
MIT