Closed itsmeJithin closed 3 years ago
@tuupola Please update the solution
https://github.com/tuupola/slim-jwt-auth/search?q=%24options%5B%22ignore%22%5D
You did not mention which framework you are using, but for example Slim 4 has changed how it handles apps installed in subfolder. This is not an issue with the middleware. Instead it is considered a framework feature.
To work around this you could try setting ignore
as the following:
"ignore" => ['/common/api/v1/user/refresh-token'],
@tuupola I'm using Slim 3. this is my app.php
<?php
ob_clean();
require '../vendor/autoload.php';
// Constant refers to the base source folder
define('SOURCE_DIR', getcwd() . '/../src/com/package/common/api');
$app = new \Slim\App([
'settings' => [
// set env variable DEBUG as true in nucleus conf for debug mode
'debug' => getenv('DEBUG') === "true", // change to false in production
'addContentLengthHeader' => false,
]
]); // change to false for production
$container = $app->getContainer();
require_once __DIR__ . '/middlewares.php';
require_once __DIR__ . '/controllers.php';
require_once __DIR__ . '/routes.php';
"ignore" => ['/common/api/v1/user/refresh-token'],
this is not working. This application is installed in subfolder
i have tried
$app->add(new \Slim\Middleware\JwtAuthentication([
"secure" => false,
"attribute" => "jwt",
"secret" => $GLOBALS['JWT_SECRET'],
"algorithm" => ['HS512'],
"path" => ["/common"],
"ignore" => ['/common/api/v1/user/refresh-token'],
"error" => function ($request, $response, $arguments) {
$data["status"] = "error";
$data["message"] = $arguments["message"];
return $response
->withHeader("Content-Type", "application/json")
->withHeader('Access-Control-Allow-Origin', '*')
->withJson($data);
}
]));
and
$app->add(new \Slim\Middleware\JwtAuthentication([ "secure" => false, "attribute" => "jwt", "secret" => $GLOBALS['JWT_SECRET'], "algorithm" => ['HS512'], "path" => ["/"], "ignore" => ['/common/api/v1/user/refresh-token'], "error" => function ($request, $response, $arguments) { $data["status"] = "error"; $data["message"] = $arguments["message"]; return $response ->withHeader("Content-Type", "application/json") ->withHeader('Access-Control-Allow-Origin', '*') ->withJson($data); } ]));
but all these not working.
NB: $request->getUri()->getPath()
returns /api/v1/user/refresh-token
With Slim 3 you should not need to use /common
prefix with the ignore option. What is the output of:
$ curl --include http://myproject.test/common/api/v1/user/refresh-token
?
I'm using prefix /api
.
The output is
HTTP/1.1 401 Unauthorized
Date: Tue, 29 Sep 2020 08:32:29 GMT
Server: Apache/2.4.41 (Unix) PHP/7.2.33
X-Powered-By: PHP/7.2.33
Access-Control-Allow-Origin: *
Transfer-Encoding: chunked
Content-Type: application/json
{"status":"error","message":"Token not found"}%
Have you tried with latest version? Looking at the example code you seem to be using the old 2.x branch. There was a related bug which was fixed couple of years ago.
No feedback.
I have added this middleware to my REST API project. But I'm ignored refresh token URL from the token authentication mechanism. But it's not working. This project hosted with the base URL
http://myproject.test/common/
This is my middleware codeAfter debugging the
JwtAuthentication
class I couldn't find the usage of the$options['ignore]
option. is it still available? or did you change the working principles? Or any mistakes in my code?