mikp / wn-sanctum-tokens-plugin
Laravel Sanctum plugin for Winter CMS
Installs: 23
Dependents: 0
Suggesters: 0
Security: 0
Stars: 5
Watchers: 1
Forks: 4
Open Issues: 0
Type:winter-plugin
Requires
- composer/installers: ~1.0
- laravel/sanctum: ^2.12
- treeware/plant: ^0.1.0
- winter/wn-user-plugin: ^2.0
This package is auto-updated.
Last update: 2024-12-12 10:58:44 UTC
README
Add Laravel Sanctum API Tokens to Winter.Users to allow API Auth via Sanctum tokens for front end users. It is useful if you need API Bearer Token Auth and don't want to go with OAuth2.
depends on
This plugin depends on Laravel Sanctum for tokens
This plugin depends on the Winter.User plugin for users
.htaccess headers
The default wintercms settings do not allow the needed token header. If you are using Apache there is a console command and button in the backend settings to add the necessary modifications to the .htaccess file
# adds the following to the root .htaccess file # ## # ## Authorization header # ## # RewriteCond %{HTTP:Authorization} ^(.*) # RewriteRule .* - [e=HTTP_AUTHORIZATION:%1] php artisan sanctum:authorization --add
usage
There are 3 endpoints that can be used to interact with tokens
- {POST}
api/v1/sanctum/token/create
- {POST}
api/v1/sanctum/token/refresh
- {POST}
api/v1/sanctum/token/revoke/{tokenId}
The 'create' endpoint does not act as a log in, it is guarded with the \Winter\User\Classes\AuthMiddleware which means the user must already be logged in.
The other endpoints are guarded via token so you need to create
a token and provide it as Authorization before you can revoke
or refresh
any.
middleware
There are three middleware classes:
- HasBearerToken => allow if there is a valid token present
- UserFromBearerToken => log the user in using a valid token
- SoftUserFromBearerToken => try to log the user in with a valid token or give up and pass the request on to next middleware
Add the provided middleware to routes for example:
// in your plugin's routes.php file Route::group([ 'prefix' => 'api', 'middleware' => [ 'api', 'mikp\sanctum\Http\Middleware\UserFromBearerToken' ] ], function () { // do a thing Route::post('/thing', 'Author\Plugin\Http\Controllers\API@thing'); });
components
There is an api-token creation component that can be used to allow users to create and revoke their own tokens.
'mikp\sanctum\Components\CreateToken' => 'createtoken'
Licence
This package is Treeware. If you use it in production, then we ask that you buy the world a tree to thank us for our work. By contributing to the Treeware forest you’ll be creating employment for local families and restoring wildlife habitats.