Skip to content

v2.1 - Support for Bearer Tokens (JWT)

Compare
Choose a tag to compare
@daftspunk daftspunk released this 08 May 06:17
· 216 commits to master since this release

The User plugin has been updated to improve support for working with APIs and bearer tokens.

Auth::getBearerToken(): string

Returns a bearer token (JWT) that can be used to authenticate the current user for 1 hour.

public function token()
{
    return Auth::getBearerToken();
}

Auth::checkBearerToken(string $token): bool

Verifies a supplied bearer token, and if valid, sets the authenticated user.

function onStart()
{
    if ($jwtToken = Request::bearerToken()) {
        Auth::checkBearerToken($jwtToken);
    }
}

Session Component

Now includes a token() method for generating a new token for the signed in user.

url = "/api/login"

[account]
[session]
==
{% do response(
    ajaxHandler('onSignin').withVars({
        token: session.token()
    })
) %}

The checkToken property is used to verify the token in the headers (Authorization: Bearer <TOKEN>).

url = "/api/login/renew"

[session]
checkToken = 1
==
{% do response({
    data: {
        token: session.token()
    }
}) %}