hungdx/auth-token

The Authentication driver using token for Laravel Framework.

Maintainers

Details

github.com/hugdx/auth-token

Homepage

Source

Issues

Installs: 2 667

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 1

Forks: 0

Open Issues: 0

1.0.3 2021-01-20 09:12 UTC

Requires

Requires (Dev)

MIT 80dbdc34f8c3efd695d27d988c8cc96e57c27f70

  • Xuan Hung <mr.hungdx.woop@gmail.com>

AuthenticationlaravelLaravel AuthAuthentication TokenAuth Token

This package is auto-updated.

Last update: 2024-09-29 05:29:20 UTC

README

Driver for Laravel Auth by using tokens

The story

We need a way to authenticate for web and api. Laravel supports drivers session (SessionGuard), token (TokenGuard), request (RequestGuard) but it is not strong enough.

  • SessionGuard: Unable use for api. On the Web, with the same user and remember is on -> only one device can use this feature.
  • TokenGuard: It is not designed for Web and not supported multiple device login at sametime
  • RequestGuard: Not checked yet

For api, we have got JWT, why not use that?

JWT very easy to create and verify tokens, but it is not strong enough to manage the tokens. When you want to remove a token which was created before, no way to do that until the token expires.

What do the features of this driver?

  • Supported for web, api or any other purposes.
  • Support multiple devices login for a user at sametime.
  • With a good config, we can count number users/devices of user are logged-in (Set refresh lifetime to small enough and count records in the table user_tokens)
  • All tokens stored in the database. To logout a device, just delete the token record of this device.

Required:

"php": "^7.1.3|^8",
"laravel/framework": "^5.8|^6|^7|^8"

Installation

Require this package with composer

composer require hungdx/auth-token

Laravel

Add the AuthTokenProvider to the providers array in config/app.php

HungDX\AuthToken\AuthTokenProvider::class,

Create user_tokens table

php artisan migrate --path="vendor/hungdx/auth-token/migrations"

Lumen

For Lumen, register a different Provider in bootstrap/app.php:

$app->register(HungDX\AuthToken\AuthTokenProvider::class);

To change the configuration, copy the file to your config folder and enable it:

$app->configure('auth-token');

Create user_tokens table

php artisan migrate --path="vendor/hungdx/auth-token/migrations"

Usage

In the bootstrap/auth.php, at guards section, change driver to auth-token. For example:

    'guards' => [
        'web' => [
            'driver'   => 'auth-token',
            'provider' => 'users',
        ],

        'api' => [
            'driver'   => 'auth-token',
            'provider' => 'users',
        ],
    ],

Configuration

If you want to customize the config, run command:

php artisan vendor:publish --provider="HungDX\AuthToken\AuthTokenProvider"

File config/auth-token.php

return [
    'lifetime' => [
        'expired' => 7 * 24 * 3600,  // Lifetime of token before expired. Default 7 days
        'refresh' => 3600,           // The minimum seconds before changing the token. Default 1 hour
    ],

    'token_field' => [
        'header' => 'Authorization', // Set [false/null/empty] to disable send token to response header  
        'cookie' => 'X-Auth-Token',  // Set [false/null/empty] to disable send token to response cookie
    ],

    'autoload_middleware' => true,  // Auto add to middleware HungDX\AuthToken\AuthTokenMiddleware to every request
];

Changes

1.0.3 (2021-01-20)

  • Fix migration in Laravel 5.8

1.0.2 (2020-12-30)

  • Support PHP 7.1.3, Laravel 5.8

1.0.1 (2020-12-25)

  • Support remember flag. When remember is on, The token never expire until logged out
  • Support PHP 7.2
  • Fix phpcs
  • Fix migration

1.0.0 (2020-12-24)

  • Add auth-token driver for Auth of laravel/lumen
  • Auto add middleware to all router groups