Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Zeeshan Ahmed:
JWT authentication for Lumen 5.4
Sep 06, 2017 @ 12:44:23

In a recent post to his site ** shows you how to create a system that uses a handy package to create JWT authentication handling for a Lumen-based application. Lumen is the microframework sibling to the Laravel framework.

Recently I have been tinkering with Angular-4 to get a taste of it and I decided to create a quick project to get my hands dirty. I decided to create a blog with authentication etc. My main focus was on the frontend so I decided to quickly bootstrap an application in Lumen because of its simplicity and almost zero-configuration development. For the authentication, I decided to go with JWT and this post is going to be a quick write-up on how I integrated that and how anyone can integrate JWT authentication in their APIs.

He then walks you through the setup of a new Lumen project and populates the database with some sample (faked) user information from a seeder. Next he helps you get the firebase/php-jwt library installed via Composer and creates the matching controller and middleware to wire it into the application. In his example the user is authenticated via the standard username/password form and, when successful, generates a JWT token that's then passed along with other requests for validation by the middleware.

tagged: lumen laravel tutorial jwt authentication token firebase package

Link: https://zeeshanu.github.io/2017/09/05/jwt-authentication-for-Lumen-5.4/

DotDev.co:
Test Driven API Development using Laravel, Dingo and JWT with Documentation
Jun 20, 2016 @ 10:15:04

On the DotDev.co site a tutorial has been posted showing the full set up of an API using Laravel, Dingo and JWT tokens while following test-driven development principles along the way.

As the complexity of API’s increase, improving the ways we create them becomes a necessity. Let’s take a journey exploring an efficient way of building well-tested API’s that are easy to develop and maintain by wiring up several different open-source packages.

In this tutorial, we will build a very simple API for fruits that lists all the fruits, shows one fruit, creates a fruit, and finally deletes a fruit. The API will allow anyone to list and show fruits but we will use JWT Authentication to protect creating and deleting operations so only the registered users can use them.

The tutorial starts by helping you get the TDD environment set up for the application and the required libraries installed. From there they install and configure Dingo and look at the role that transformers play in the API output. With a basic API in place the JWT tokens are integrated and another package is used to generate simple, clean API documentation. Full links to other packages, screenshots of the expected output and all the code you'll need is included.

tagged: testdriven development tdd laravel api dingo jwt token tutorial

Link: https://dotdev.co/test-driven-api-development-using-laravel-dingo-and-jwt-with-documentation-ae4014260148#.tccatytip

Gonzalo Ayuso:
Sharing authentication between socket.io and a PHP frontend (using JSON Web Tokens)
Jun 06, 2016 @ 11:50:29

In a follow up to his previous post about sharing authentication information between socket.io and PHP, Gonzalo Ayuso has posted an updated method using JSON Web Tokens instead.

I’ve written a previous post about Sharing authentication between socket.io and a PHP frontend but after publish the post a colleague (hi @mariotux) told me that I can use JSON Web Tokens (jwt) to do this. I had never used jwt before so I decided to study a little bit.

JWT are pretty straightforward. You only need to create the token and send it to the client. You don’t need to store this token within a database. Client can decode and validate it on its own.

He updates the code from the previous post, showing how to replace the HTTP basic authentication with the JWT functionality. He makes use of some simple JWT library handling to encode/decode the claims when the token is made a part of the request.

tagged: socketio share authentication frontend jwt jsonwebtokens

Link: https://gonzalo123.com/2016/06/06/sharing-authentication-between-socket-io-and-a-php-frontend-using-json-web-tokens/

Mohamed Said:
Building an API for 3rd party applications
Mar 30, 2016 @ 09:30:31

In this post to his site Mohamed Said shows you how to build an API that allows for easier integration with your content/functionality by 3rd party applications. This example uses the Laravel framework but the ideas could be applied in any framework.

APIs are cool, & laravel can handle all the coolness you may desire. Here we talk about building an API for third party applications and allowing them to communicate with your application on behalf of users.

He starts where any good project should: planning for what features need to be included and the flow of the request/response process. He then walks you through the whole process for setting up the API:

  • Updating the routes for the API request endpoints
  • Creating the new Auth and Home controllers
  • Setting up the migration for the "applications" table
  • Using the firebase/php-jwt library for authentication/authorization handling
  • Registering a token and validating it on the incoming request

He wraps up the post talking about user authentication via a simplified OAuth-ish process flow, making requests using the resulting token and logging the user out (expiring the token).

tagged: api tutorial laravel application integration jwt token authentication authorization

Link: http://themsaid.github.io/laravel-api-3rd-party-20160327/

SitePoint PHP Blog:
How to Build an API-Only JWT-Powered Laravel App
Feb 18, 2016 @ 10:55:25

The SitePoint PHP blog has posted a tutorial from author Francesco Malatesta showing you how to build an API with Laravel that uses only JWT tokens for authorization handling.

In this article, we will learn how to use it to quickly create a fully functional API for an imaginary book wishlist application. As an aside, we will also see how to build a client application with AngularJS that will use our APIs.

They start the tutorial by having you clone a boilerplate project to get some of the basics out of the way first. From there they start in on the functionality: a basic wishlist where users can add books they like. They show the code needed to build out the User controller and matching routes. The tutorial shows the interaction with the functionality using requests from Postman to sign up a new user and get a matching JWT token back. The tutorial then does the same for the book handling, creating the controller, routes and functionality to show a book, store it for a user, remove it from the user's wishlist and delete the book completely.

tagged: api laravel tutorial application jwt token wishlist application

Link: http://www.sitepoint.com/how-to-build-an-api-only-jwt-powered-laravel-app/

Barry vd. Heuvel:
OAuth in Javascript Apps with Angular and Lumen, using Satellizer and Laravel Soci
Jul 22, 2015 @ 09:51:49

Barry vd. Heuvel has a post to his site sharing a step by step guide to setting up OAuth in a Lumen+AngularJS application via Socialite and Satellizer (an AngularJS library for OAuth and token based authentication).

In the last few weeks, Socialite was a popular topic to blog/tweet about. Coincidentally, I also needed Socialite for a project. But in my case, I wanted to use it in an Angular app, distributed using Cordova (Phonegap) as hybrid app on Android/iOS. There were some examples, but I couldn’t find much about it at the time. A few people asked to share my experience about it, so here it is!

He starts by linking to all of the tools you'll need to help get some background on them including a helpful guide to installing Satellizer. He then goes over the flow of the entire process, from the initial call from the AngularJS side to authenticate, through the backend Lumen/Socalite/Satellizer handling and then back out to the Javascript where the token is then stored. With this established, he gets into the implementation details starting with the Lumen code to make the API request to GitHub then working with the JWT tokens and responding back to the AngularJS frontend with the result.

tagged: angularjs lumen framework tutorial socialite satellizer oauth jwt token

Link: http://barryvdh.nl/laravel/lumen/angular/2015/07/19/oauth-in-javascript-apps-with-angular-lumen-using-satellizer-laravel-socialite/

Laravelista.com:
JSON Web Token Authentication for Lumen
Jun 29, 2015 @ 12:07:36

The Laravelista.com site has a new tutorial posted showing you how to integrate JSON Web Tokens (JWT) into a Lumen application. JWTs provide a simple, portable way to share authentication and session information in a more robust way than just a single randomly generated token.

This is my third post on how to build an API with Fractal, but in this post I will be focusing on authentication using JWT (JSON Web Tokens). [...] In Build an API with Lumen and Fractal I have shown you a way of creating an API using Lumen and Fractal. In this post we will continue with the same project called Treeline and implement authentication and protected routes. Also at the very end of the post is a small chapter on when to use Lumen over Laravel.

They make use of the tymon/jwt-auth library to handle the actual JWT functionality including a service provider making it simple to integrate. They talk about "improving Lumen" by adding a configuration directory for the JWT package to put its configuration file. From there they add in the necessary facades and configuring the library itself. Next comes the actual authentication handling that, post login, generates the token and resending it along with each response. Finally, they show you how to set up the protection on routes and verifying the token contents on each request.

tagged: lumen tutorial jsonwebtoken jwt tutorial integration provider authentication

Link: http://laravelista.com/json-web-token-authentication-for-lumen/

SitePoint PHP Blog:
PHP Authorization with JWT (JSON Web Tokens)
Jun 04, 2015 @ 09:51:17

On the SitePoint PHP blog today there's a tutorial posted showing you how to handle authorization with JWTs, JSON Web Tokens. These tokens provide a bit more context around the current session including things like when the token was issued and when it should time out.

If you like computer security topics, you will know that one of the most discussed and controversial topics is user authentication. Within its context, you will find a broad range of study areas, from new mechanisms to usability. It is, thus, to my surprise that JSON Web Tokens is a topic not often talked about, and I think it deserves to be in the spotlight today. We will see how easy it is to integrate it in an API authentication mechanism.

He starts with a comparison of JWTs and sessions, pointing out both similarities and differences between the two. He then gets into the official JWT specification (an approved RFC) that defines the structure and what a resulting JWT string looks like. He then moves on and shows how to integrate them with a current application via the php-jwt library. He helps you get the dependencies installed and sets up both the encoding and decoding methods. He integrates this with a simple frontend Javascript request to fetch content and push it into the page. This request verifies the JWT on receipt and returns 400 HTTP error codes if this fails.

tagged: tutorial jwt jsonwebtoken phpjwt authorization example resource

Link: http://www.sitepoint.com/php-authorization-jwt-json-web-tokens/