GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → 365Werk → jwtauthroles

365Werk / jwtauthroles

Licence: MIT license
Made to use JWTs from an external identity provider in Laravel. Tested with Fusionauth, but should be quite general purpose.

Programming Languages

PHP
23972 projects - #3 most used programming language

Labels

jwtlaravelrolesjwkjwksfusionauth

Projects that are alternatives of or similar to jwtauthroles

rhonabwy
Javascript Object Signing and Encryption (JOSE) library - JWK, JWKS, JWS, JWE and JWT
Stars: ✭ 33 (+135.71%)
Mutual labels:  jwk, jwks
cognito-jwt-verifier
Verify ID and access JWT tokens from AWS Cognito in your node/Lambda backend with minimal dependencies.
Stars: ✭ 25 (+78.57%)
Mutual labels:  jwks
fusionauth-site
Website and documentation for FusionAuth
Stars: ✭ 24 (+71.43%)
Mutual labels:  fusionauth
firebase-spring-boot-rest-api-authentication
Firebase Spring Boot Rest API Authentication
Stars: ✭ 172 (+1128.57%)
Mutual labels:  roles
laravel-roles-abilities-tutorial
Tutorial demonstrating the implementation of roles and abilities in Laravel
Stars: ✭ 16 (+14.29%)
Mutual labels:  roles
alcoholic jwt
Rust library for validation of RS256 JWTs. Source has moved to https://git.tazj.in/tree/net/alcoholic_jwt
Stars: ✭ 18 (+28.57%)
Mutual labels:  jwks
discord-reaction-role-bot
A Discord bot that allows users to self-assign roles using reactions.
Stars: ✭ 110 (+685.71%)
Mutual labels:  roles
spree admin roles and access
Admin Roles And Access for Spree
Stars: ✭ 45 (+221.43%)
Mutual labels:  roles
django-hats
Role-based permissions system for Django. Everyone wears a different hat, some people wear multiple.
Stars: ✭ 21 (+50%)
Mutual labels:  roles
React-Express-JWT-UserPortal
React.js & Express.js User portal Using Core UI, JWT, JWT Token, Refresh Token, Role & Permission management, User manamgenet, Event Log.
Stars: ✭ 22 (+57.14%)
Mutual labels:  roles
nova-permissions
Add Permissions based authorization for your Nova installation via User-based Roles and Permissions. Roles are defined in the database whereas Permissions are defined in the code base.
Stars: ✭ 115 (+721.43%)
Mutual labels:  roles
view-admin-as
View the WordPress admin as a different role, switch between users, temporarily change your capabilities, set default screen settings for roles, manage your roles and capabilities.
Stars: ✭ 44 (+214.29%)
Mutual labels:  roles
ansible-role-containerd
Ansible Role - containerd.io
Stars: ✭ 45 (+221.43%)
Mutual labels:  roles
terraform-provider-fusionauth
registry.terraform.io/providers/gpsinsight/fusionauth/latest
Stars: ✭ 23 (+64.29%)
Mutual labels:  fusionauth
jwt-core
[READ-ONLY] Core component of the JWT Framework
Stars: ✭ 46 (+228.57%)
Mutual labels:  jwk
ngx-access
Add access control to your components using hierarchical configuration with logical expressions.
Stars: ✭ 21 (+50%)
Mutual labels:  roles
apple-sign-in-php-sdk
PHP library to verify and validate Apple IdentityToken and authenticate a user with Apple ID.
Stars: ✭ 79 (+464.29%)
Mutual labels:  jwk
js-keygen
ssh-keygen in the browser
Stars: ✭ 85 (+507.14%)
Mutual labels:  jwk
reaction-light
Easy to use reaction role Discord bot written in Python.
Stars: ✭ 108 (+671.43%)
Mutual labels:  roles
type-arango
🥑 TypeArango manages ArangoDB collections, documents, relations and routes by taking advantage of TypeScript typings.
Stars: ✭ 55 (+292.86%)
Mutual labels:  roles
View All Similar Projects ➔

JWT Auth and Roles

Latest Version on Packagist Total Downloads MIT Licensed Join the chat at https://gitter.im/werk365/Laravel-JWT-Auth-Roles

StyleCI Scrutinizer Quality Tests

Made to use JWTs from an external identity provider in Laravel. Tested with Fusionauth, but should be quite general purpose.

With this package you can validate the incoming JWT, and create an authenticated user that has to roles specified in the JWT for further (route based) authentication using a role middleware that is included.

.

Take a look at contributing.md to see a to do list.

Installation

Via Composer

$ composer require werk365/jwtauthroles

Publish config and migration

$ php artisan vendor:publish --provider="Werk365\JwtAuthRoles\JwtAuthRolesServiceProvider"

Migrations are only needed if you want to either cache the JWKs or store the user, this can be configured in the config. It's possible to use this package without storing anything related to it in the database at all.

Run migration

$ php artisan migrate

Usage

In your AuthServiceProvider modify boot()

use Illuminate\Support\Facades\Auth;
use Werk365\JwtAuthRoles\JwtAuthRoles;

public function boot()
{
    $this->registerPolicies();

    Auth::viaRequest('jwt', function ($request) {
        return JwtAuthRoles::authUser($request);
    });
}

Then either change one of your guards in config/auth.php to use the jwt driver and jwt_users provider, or add a new guard

use Werk365\JwtAuthRoles\Models\JwtUser;
'guards' => [
    // ...
    'jwt' => [
        'driver' => 'jwt',
        'provider' => 'jwt_users',
        'hash' => false,
    ],
],

// ...

'providers' => [
    // ...
    'jwt_users' => [
        'driver' => 'eloquent',
        'model' => JwtUser::class,
    ],
],

Now you can use the JWT guard in your routes, for example on a group:

Route::group(['middleware' => ['auth:jwt']], function () {
    // Routes can go here
});

You can also use the RolesMiddelware to do role-based authentication on a route like this:

    // single role
    Route::get('/exammple', function(){
        return "example";
    })->middleware('role:example');

    // multiple roles
    Route::get('/exammples', function(){
        return "examples";
    })->middleware('role:example|second|third|etc');

To make the authenticated user actually useful, the JwtUser model extends the User model. This means that you can define any relations in the User model, and then use them for the authenticated user.

For example, add the following relationship in the default User model:

    public function documents()
    {
        return $this->hasMany('App\Models\Document', 'user', 'uuid');
    }

This assumes you have a Documents model where the uuid provided by your identity provider is stored in a 'user' column, this can be anything you want of course, but the local key should always be uuid.

This can then be used as follows to retrieve all documents belonging to this user:

return Auth::user()->documents;

Finally, configure the config to your needs. The default published config will validate the JWT, but not use the database. It looks like this:

<?php

return [
    // If enabled, stores every user in the database
    'useDB' => env('FA_USE_DB', false),

    // Only if useDB = true
    // Column name in the users table where uuid should be stored.'
    'userId' => env('FA_USR_ID', 'uuid'),
    // Only if useDB = true
    'autoCreateUser' => env('FA_CREATE_USR', false),

    'alg' => env('FA_ALG', 'RS256'),

    // Allows you to skip validation, this is potentially dangerous,
    // only use for testing or if the jwt has been validated by something like an api gateway
    'validateJwt' => env('FA_VALIDATE', true),

    // Only if validateJwt = true
    'cache' => [
        'enabled' => env('FA_CACHE_ENABLED', false),
        'type' => env('FA_CACHE_TYPE', 'database'),
    ],

    // Only if validateJwt = true
    'jwkUri' => env('JWKS_URL', 'http://localhost:9011/.well-known/jwks.json'),
    // Only if validateJwt = true
    'pemUri' => env('PEM_URL', 'http://localhost:9011/api/jwt/public-key'),

    // Only if validateJwt = true
    // Configure to use PEM endpoint (default) or JWK
    'useJwk' => env('USE_JWK', false),

];

Laravel version

Currently this package supports Laravel 8. Since we use the default User model, it expects it to be in the app\Models\User namespace. To make this package work with previous versions of Laravel, you'll only have to make a model in this namespace, besides that the package should work with any recent version.

Change log

Please see the changelog for more information on what has changed recently.

Testing

Testing is not yet implemented

Contributing

Please see contributing.md for details and a todolist.

Security

If you discover any security related issues, please email [email protected] instead of using the issue tracker.

Credits

License

license. Please see the license file for more information.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].