Public Member Functions | Public Attributes | Protected Member Functions | Protected Attributes

ApiAuthComponent Class Reference

REST API auth component 'access_token' used for authentication is a JSON Web Token (JWT). More...

Inheritance diagram for ApiAuthComponent:
ApiAuthInterface

List of all members.

Public Member Functions

 initialize (Controller $controller, $settings=array())
 Initialize component callback.
 startup ($controller, $settings=array())
 Startup component callback Set up JWT 'iss' to public_url if it's not set.
 identify ()
 Identify and return an user starting from JWT If user was already identified return it immediately Return false if no token exists or no user found.
 authenticate ($username, $password, array $authGroupName=array())
 Authenticate user starting from username and password.
 generateToken ()
 Generate and return a new JWT If user is not identified in return null.
 renewToken ($refreshToken)
 Renew a JWT using a refresh token If it fails to renew JWT then return false.
 generateRefreshToken ()
 Generate a refresh token to use for renew JWT The refresh token is saved in hash_jobs table If user is not identified then return false.
 revokeRefreshToken ($refreshToken)
 Revoke a refresh token.
 getPayload ()
 Return the payload used to generate JWT.
 getToken ()
 Return the token reading from Authorization header or from query url If token is been already read return it Return false if no token is found.
 expiresIn ()
 Return the updated time to token expiration (in seconds).
 userid ()
 Return the userid It replaces BeAuthComponent::userid() in API context.
 getUserSession ()
 Return the user data it replaces BeAuthComponent::getUserSession() in API context.
 getUser ()
 Get the current identified user It replaces BeAuthComponent::getUser() in API context.

Public Attributes

 $config

Protected Member Functions

 findUser ($token, $type= 'jwt')
 Find the user starting from a token and a token type:

Protected Attributes

 $controller
 $user = false
 $token = null
 $payload = array()

Detailed Description

REST API auth component 'access_token' used for authentication is a JSON Web Token (JWT).

See also:
http://jwt.io
https://tools.ietf.org/html/rfc7519 (for full specs)

Definition at line 39 of file api_auth.php.


Member Function Documentation

ApiAuthComponent::authenticate ( username,
password,
array $  authGroupName = array() 
)

Authenticate user starting from username and password.

Parameters:
string $username the username
string $password the user password
array $authGroupName an array of groups authorized to login
Returns:
bool

Implements ApiAuthInterface.

Definition at line 138 of file api_auth.php.

ApiAuthComponent::expiresIn (  ) 

Return the updated time to token expiration (in seconds).

Returns:
int

Implements ApiAuthInterface.

Definition at line 307 of file api_auth.php.

ApiAuthComponent::findUser ( token,
type = 'jwt' 
) [protected]

Find the user starting from a token and a token type:

  • if $type is 'jwt' try to get user starting from JWT
  • if $type is 'refresh' try to get user starting from refresh token saved in hash_jobs table

If no user was found return false

Parameters:
string $token the token
string $type the token type ('jwt' or 'refresh')
Returns:
array|bool

Definition at line 323 of file api_auth.php.

Referenced by identify(), and renewToken().

ApiAuthComponent::generateRefreshToken (  ) 

Generate a refresh token to use for renew JWT The refresh token is saved in hash_jobs table If user is not identified then return false.

Returns:
string|bool

Implements ApiAuthInterface.

Definition at line 219 of file api_auth.php.

References identify().

ApiAuthComponent::generateToken (  ) 

Generate and return a new JWT If user is not identified in return null.

Returns:
string|null

Implements ApiAuthInterface.

Definition at line 178 of file api_auth.php.

Referenced by renewToken().

ApiAuthComponent::getPayload (  ) 

Return the payload used to generate JWT.

Returns:
array

Definition at line 268 of file api_auth.php.

ApiAuthComponent::getToken (  ) 

Return the token reading from Authorization header or from query url If token is been already read return it Return false if no token is found.

Returns:
string|bool

Implements ApiAuthInterface.

Definition at line 279 of file api_auth.php.

Referenced by identify().

ApiAuthComponent::getUser (  ) 

Get the current identified user It replaces BeAuthComponent::getUser() in API context.

Returns:
array

Implements ApiAuthInterface.

Definition at line 404 of file api_auth.php.

References getUserSession().

ApiAuthComponent::getUserSession (  ) 

Return the user data it replaces BeAuthComponent::getUserSession() in API context.

Returns:
array

Implements ApiAuthInterface.

Definition at line 394 of file api_auth.php.

Referenced by getUser().

ApiAuthComponent::identify (  ) 

Identify and return an user starting from JWT If user was already identified return it immediately Return false if no token exists or no user found.

Returns:
array|bool

Implements ApiAuthInterface.

Definition at line 118 of file api_auth.php.

References findUser(), and getToken().

Referenced by generateRefreshToken(), and revokeRefreshToken().

ApiAuthComponent::initialize ( Controller $  controller,
settings = array() 
)

Initialize component callback.

Parameters:
Controller $controller the controller
array $settings component configuration
Returns:
void

Definition at line 87 of file api_auth.php.

ApiAuthComponent::renewToken ( refreshToken  ) 

Renew a JWT using a refresh token If it fails to renew JWT then return false.

Parameters:
string $refreshToken the refresh token
Returns:
string|bool

Implements ApiAuthInterface.

Definition at line 202 of file api_auth.php.

References findUser(), and generateToken().

ApiAuthComponent::revokeRefreshToken ( refreshToken  ) 

Revoke a refresh token.

Parameters:
string $refreshToken the rfresh token to remove
Returns:
bool

Implements ApiAuthInterface.

Definition at line 245 of file api_auth.php.

References identify().

ApiAuthComponent::startup ( controller,
settings = array() 
)

Startup component callback Set up JWT 'iss' to public_url if it's not set.

Parameters:
Controller $controller the controller
array $settings component configuration
Returns:
void

Definition at line 105 of file api_auth.php.

ApiAuthComponent::userid (  ) 

Return the userid It replaces BeAuthComponent::userid() in API context.

Returns:
string

Implements ApiAuthInterface.

Definition at line 384 of file api_auth.php.


Member Data Documentation

ApiAuthComponent::$config
Initial value:
 array(
        'expiresIn' => 600, 
        'alg' => 'HS256'
    )

Definition at line 75 of file api_auth.php.


The documentation for this class was generated from the following file:
Generated on Fri Dec 11 2015 15:29:45 by Doxygen 1.7.1  BEditaBEdita 3.7 Corylus