search

laminas-api-tools / api-tools

Laminas API Tools module for Laminas
https://api-tools.getlaminas.org/documentation
BSD 3-Clause "New" or "Revised" License
37 stars 19 forks source link

[Question] - How do I implement custom authentication? #27

Open weierophinney opened 4 years ago

weierophinney commented 4 years ago

Hey Guys, Can someone please point me in the right direction for implementing custom authentication? We need Json Web Tokens for our route security.

I've been googling and pouring through the source code for days and can't seem to grasp it. Basically what I need is to create a custom authentication adapter where I can verify JWT signatures and allow or deny access to that end point based on the result. I've got all the JWT stuff handled, just need someone to point me in the right direction for creating a custom adapter.

Thanks guys!

Originally posted by @anakinjay at https://github.com/zfcampus/zf-apigility/issues/163

weierophinney commented 4 years ago

I recommend using api-skeletons/zf-oauth2-doctrine for an OAuth2 adapter which supports JWT. The zfcampus/zf-oauth2 module has a JWT table but does not have a JTI table.

Because https://github.com/bshaffer/oauth2-server-php support JWT you shouldn't need a custom adapter.

Originally posted by @TomHAnderson at https://github.com/zfcampus/zf-apigility/issues/163#issuecomment-215137275

weierophinney commented 4 years ago

Hi Tom! Thanks so much for your help with this. I tried looking over the oauth package you listed but boy it looks heavy. I admittedly am not very good with zend (that's why we wanted to use apigility to create stuff through the gui). Is there an easy way to just create an authentication adapter? Verifying a JWT token is literally 3 lines of code....

If not, I tried implementing your solution and ended up with a "Uncaught exception 'Zend\ServiceManager\Exception\ServiceNotCreatedException". Any chance for a more novice example, or a few key words I should be using in my searches?

Thanks again for the assistance!

Originally posted by @anakinjay at https://github.com/zfcampus/zf-apigility/issues/163#issuecomment-215179322

weierophinney commented 4 years ago

Sorry, anakinjay, I'm really biased for api-skeletons/zf-oauth2-doctrine since I wrote it. I know it's the most complete OAuth2 implementation for Apigility.

I really think if you're using Apigility you should validate using OAuth2 and the JWT supported in OAuth2.

Originally posted by @TomHAnderson at https://github.com/zfcampus/zf-apigility/issues/163#issuecomment-215192086

weierophinney commented 4 years ago

haha that's totally fair :) I'd love to implement your framework, there just doesn't seem to be any newbie friendly instructions on how to do it.

Originally posted by @anakinjay at https://github.com/zfcampus/zf-apigility/issues/163#issuecomment-215192858