Closed esallum closed 3 years ago
Hello
1) Yes, I don't see a problem with this approach. Invoke a service that handles that logic for the multiple tables (repositories) 2) No, you only need the JwtAuthMiddleware, because it just validates all your JWT signatures. 3) When you create a new token, you can pass more than just one claim. Example:
// Create a fresh token
$token = $this->jwtAuth->createJwt(
[
'uid' => $username,
// add more...
'user_type' => 1234,
]
);
4) Yes, you could add the Tuupola\Middleware\HttpBasicAuthentication
to your routing groups on top of the JWT middleware.
Thanks @odan !
Hi @odan, how are you?
I implemented JWT with OAuth2 as your ebook taught (page 264). However, in my API there will be 3 types of users: 1 - Customers 2 - Members 3 - Administrators
And everyone will be able to access every route I designate. Routes 1 and 2 can be different, but 3 can access all routes. The username and password of each is in 3 different tables. My question is:
1 - Using best practices, can I use the same route (with the same Action and Domain), but passing the type_user variable to authenticate and validate according to the user?
$app->post('/tokens/{type_user:[0-9]+}', \App\Action\Auth\TokenCreateAction::class)
;2 - Should I create 3 different JwtAuthMiddleware for each type of user? Or is there any way to add a Middleware to the route by passing a parameter to the Middleware?
3 - I know that JWT is an authentication protocol, not an authorization protocol. Is it feasible to encrypt the user type in the JWT token? Or should I use some feature that I still don't know about Auth 2?
4 - Can I require that all my routes also require basic HTTP authentication to make sure the requests are coming from my Android application?
Thanks in advance!