falco442/cakephp-3-token-auth

This package is abandoned and no longer maintained. No replacement package was suggested.

TokenAuth plugin for CakePHP

Maintainers

Details

github.com/falco442/cakephp-3-token-auth-plugin

Source

Issues

Installs: 4

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 2

Forks: 0

Open Issues: 0

Type:cakephp-plugin

dev-master 2016-10-17 15:46 UTC

Requires

Requires (Dev)

MIT 52b4f225cd9a0d06b2334c60a530b0a7b45dd757

This package is not auto-updated.

Last update: 2022-08-13 16:34:38 UTC

README

This is the plugin for make an authentication done with Tokens.

Requirements

  • CakePHP 3.x

Installation

Getting plugin

You can install the plugin by manually download, or by composer

composer require falco442/cakephp-3-token-auth

Preparing tables

Put into the table you use for authentication model ('users') the fields 'token' (varchar(255)) and 'token_created' (datetime).

Loading plugin

Load the plugin by calling

Plugin::loadAll();

or

Plugin::load('TokenAuth');

and put the Authentication object in your AppController.php:

public function initialize(){

	parent::initialize();

	// ...

    $this->loadComponent('Auth',[
        'authenticate'=>[
            'TokenAuth.Token'
        ],
        'unauthorizedRedirect'=>false,
        'storage'=>'Memory'
    ]);

    // ...
}

Keep in mind that you can customize the Authentication object with the same parameters you would have used with FormAuthenticate, like userModel and fields

Use

In Controller

You can set up the login action for your controller; for example, the action login() in UsersController.php:

public function login(){
	$user = $this->Auth->identify($this->request,$this->response);
	$this->set(compact('user'));
	$this->set('_serialize',['user']);
}

Since the token authentication is done mainly for API applications, all you need is to retrieve the $user object that contains the new token that TokenAuth automatically generates. This token will be used to do all the calls to the actions that you don't want to be publicly accessible.

If you want an action to be public, simply use

$this->Auth->allow(['action-name']);

in the initialize() method in respective controller.

The non-public routes that a client will call shall be of the form

GET /uri.json?token=token-received

Reset token

You can reset token by calling the shell

cd cake-root ./bin/cake TokenAuth.token refresh

Note:

  • the reset token task will take '-15 days' as base token life, but you can customize the shell
  • the shell take the model User as base, but you can set any model you like

Type in console

cd cake-root ./bin/cake TokenAuth.token refresh --help

to get some help

Useful info

Since we use (mainly) token authentication for api web applications, it is useful to set REST in CakePHP (see this page).

This is done with simple steps:

  • modify the cake-root/app/Config/routes.php by adding Router::parseExtensions('json','xml'); (or with the extensions you desires)
  • in cake-root/app/Controller/AppController.php add the RequestHandler component; it will parse the extension of the format (json, xml, ...)
  • if you want REST you can map the resources (as this page says) with the method Router::mapResources(), to be put in cake-root/app/Config/routes.php