baraja-core/structured-api-token-authorizator

There is no license information available for the latest version (v1.3.1) of this package.

A simple token authorizer for authenticating HTTP requests.

v1.3.1 2022-02-01 13:01 UTC

README

Integrity check

A simple token authorizer for authenticating HTTP requests.

This package is the official extension for the Baraja Structured API.

📦 Installation

It's best to use Composer for installation, and you can also find the package on Packagist and GitHub.

To install, simply use the command:

$ composer require baraja-core/structured-api-token-authorizator

You can use the package manually by creating an instance of the internal classes, or register a DIC extension to link the services directly to the Nette Framework.

Simple usage

Install this package using Composer and register the DIC extension (if you use Baraja Package manager, it will be registered automatically).

Extension definition for manual usage:

extensions:
   tokenAuthorizator: Baraja\TokenAuthorizator\TokenAuthorizatorExtension

The package automatically disables the default system method of authenticating requests through Nette User and will require token authentication.

A token is any valid string in the query parameter token, or in BODY (in the case of a POST request). The token evaluates as an endpoint call parameter and can be passed to the target endpoint as a string.

Request verification

If you are not using your own token authentication implementation, the default SimpleStrategy will be used, which you can configure the token via NEON configuration.

If you do not set a token, all requests (even without a token) will be considered valid.

Simple configuration example:

tokenAuthorizator:
   token: abcd

This configuration accepts requests as: /api/v1/user?token=abcd.

Token verification at the endpoint level

Token usage is verified at the endpoint level. By default, all endpoints have access enabled and are governed by the PublicEndpoint attribute defined by the baraja-core/structured-api package.

If you want to require token authentication in your endpoint, set the attribute directly above the endpoint definition.

For example:

#[PublicEndpoint(requireToken: true)]
class ArticleEndpoint extends BaseEndpoint
{
}

Custom authentication

If you need more complex authentication logic, implement a service that implements the VerificationStrategy interface and register it with the DIC. This service will be called automatically when all requests are verified.

📄 License

baraja-core/structured-api-token-authorizator is licensed under the MIT license. See the LICENSE file for more details.