This pull request adds pre-configured server support for Northstar-issued JWT tokens:
🛡 Adds a GatewayGuard, which allows Laravel's built-in authentication to work for API requests made with Northstar tokens (via built-in middleware or auth()->id(), etc.)
👤 Adds a GatewayUserProvider, which allows resource servers to request user information from tokens (so auth()->user() would return the authenticated user's profile information).
🍔 Adds RequireUser, RequireRole, and RequireScope middleware which are pre-configured to protect routes using JWT tokens.
🎫 Adds token() helper which can grab details from the JWT on the current request on-demand. For example, this might be used to attach client details as a "source" with token()->client.
How should this be reviewed?
I'm going to add a few little test cases, and there's also a corresponding Rogue pull request demonstrating integration into a real Laravel application!
Changes
This pull request adds pre-configured server support for Northstar-issued JWT tokens:
🛡 Adds a
GatewayGuard, which allows Laravel's built-in authentication to work for API requests made with Northstar tokens (via built-in middleware orauth()->id(), etc.)👤 Adds a
GatewayUserProvider, which allows resource servers to request user information from tokens (soauth()->user()would return the authenticated user's profile information).🍔 Adds
RequireUser,RequireRole, andRequireScopemiddleware which are pre-configured to protect routes using JWT tokens.🎫 Adds
token()helper which can grab details from the JWT on the current request on-demand. For example, this might be used to attach client details as a "source" withtoken()->client.How should this be reviewed?
I'm going to add a few little test cases, and there's also a corresponding Rogue pull request demonstrating integration into a real Laravel application!