planetadeleste/oc-jwtauth-plugin

JSON Web Token Authentication plugin for OctoberCMS with Lovata.Buddies

Maintainers

Details

github.com/planetadeleste/oc-jwtauth-plugin

Homepage

Source

Installs: 35

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 1

Forks: 27

Type:october-plugin

1.3.5 2021-05-07 11:42 UTC

Requires

GPL-3.0-or-later 0d3a961a88fde0c29f13aa7dbe260b45adb6cc92

apiAuthenticationcmsjwtJSON Web Tokenoctoberoctobercms

This package is auto-updated.

Last update: 2024-04-07 17:56:02 UTC

README

68747470733a2f2f6f63746f626572636d732e636f6d2f73746f726167652f6170702f75706c6f6164732f7075626c69632f3538622f3861362f3062352f353862386136306235303133333733373937383530312e706e67

68747470733a2f2f7472617669732d63692e6f72672f706c616e65746164656c657374652f6f632d6a7774617574682d706c7567696e2e7376673f6272616e63683d6d61696e 68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4f63746f626572434d532d506c7567696e2d2532334545373230332e737667 68747470733a2f2f696d672e736869656c64732e696f2f62616467652f446f6e6174652d50617950616c2d677265656e2e737667 68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6963656e73652f706c616e65746164656c657374652f6f632d6a7774617574682d706c7567696e2e737667 Known Vulnerabilities

Introduction

This plugin is a fork of rluders/oc-jwtauth-plugin, adapted to be used with Lovata.Buddies plugin instead of RainLab.Users

This plugin provides a JSON Web Tokens authentication mechanism for OctoberCMS integrated with Lovata.Buddies. It's essential for your web application built with Angular, Vue.js, React or other modern Javascript frameworks.

Requirements

Theme

Tutorials

Installation

Yes, you can install it from the repository (but I'll not provide a documentation for that - in this case I'll assume that you know what you are doing). I strongly recommend that you install it from product page inside the OctoberCMS Marketplace.

Configuration

You must set a secret token for your application. Do do it, on October's Backend access: Settings > Users > JWTAuth

Usage

Here's the list of available endpoints for this plugin.

If you are using Postman, you can click here to import the collection with all the calls that you need to test it.

Login

POST /api/auth/login

Route name

api.auth.login

Parameters

Name Type Required Description
login string Yes Account login attribute
password string Yes Account password

The field login value can be the account email or username. You can select it on RainLab.User configuration what field should be used for login.

Responses

SUCCESS

Code: 200

{
  token: (string),
  user: (object)
}

ERROR

Code: 401

{
  error: (invalid_credentials|could_not_create_token|user_inactive|user_is_banned)
}

Register

POST /api/auth/register

Route name

api.auth.register

Parameters

Name Type Required Description
username string No Account username
email string Yes Account email
password string Yes Account password
password_confirmation string No Confirm the new password

The field username can be required. It depends of your RainLab.User configuration.

Responses

SUCCESS

Code: 201

[]

ERROR

Code: 401

{
  error: (object|registration_disabled)
}

Supported events

  • rainlab.user.beforeRegister
  • rainlab.user.register

Account Activation

POST /api/auth/account-activation

Route name

api.auth.account-activation

Parameters

Name Type Required Description
activation_code string Yes Account activation code

Responses

SUCCESS

Code: 200

[]

ERROR

Code: 422

{
  error: (invalid_activation_code|invalid_user|user_not_found)
}

Forgot Password

POST /api/auth/forgot-password

Route name

api.auth.forgot-password

Parameters

Name Type Required Description
email string Yes Account email

Responses

SUCCESS

Code: 200

[]

ERROR

Code: 404

{
  error: (user_not_found)
}

Reset Password

POST /api/auth/reset-password

Route name

api.auth.reset-password

Parameters

Name Type Required Description
reset_password_code string Yes Reset password code
password string Yes Account new password
password_confirmation string No Confirm the new password

Responses

SUCCESS

Code: 200

[]

ERROR

Code: 422

{
  error: (invalid_reset_password_code|invalid_user|invalid_reset_password_code)
}

Refresh Token

POST /api/auth/refresh-token

Route name

auth.api.refresh-token

Parameters

Name Type Required Description
token string Yes Valid user JWToken

Responses

SUCCESS

Code: 200

{
  token: (string)
}

ERROR

Code: 403

{
  error: (could_not_refresh_token|given_token_was_blacklisted)
}

Get User

GET /api/auth/me

Middleware

jwt.auth

Route name

api.auth.me

Parameters

Name Type Required Description
token string Yes Valid token

Responses

SUCCESS

Code: 200

{
  user: (object)
}

ERROR

Code: 404

{
  error: (user_not_found)
}

Known issues

Beside the fact that I'm always trying to solve the possible issues, bad things could happen. Here, an list of possible issues and how to fix it.

Note to Apache users

In order to use the authorization Bearer Token you must add the following code to your .httaccess

RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

License

GPLv3