itsmeJithin
commented
4 years ago @tuupola Please update the solution
Closed itsmeJithin closed 3 years ago
itsmeJithin
commented
4 years ago @tuupola Please update the solution
tuupola
commented
4 years ago https://github.com/tuupola/slim-jwt-auth/search?q=%24options%5B%22ignore%22%5D
You did not mention which framework you are using, but for example Slim 4 has changed how it handles apps installed in subfolder. This is not an issue with the middleware. Instead it is considered a framework feature.
To work around this you could try setting ignore as the following:
"ignore" => ['/common/api/v1/user/refresh-token'],@tuupola I'm using Slim 3. this is my app.php
<?php
ob_clean();
require '../vendor/autoload.php';
// Constant refers to the base source folder
define('SOURCE_DIR', getcwd() . '/../src/com/package/common/api');
$app = new \Slim\App([
'settings' => [
// set env variable DEBUG as true in nucleus conf for debug mode
'debug' => getenv('DEBUG') === "true", // change to false in production
'addContentLengthHeader' => false,
]
]); // change to false for production
$container = $app->getContainer();
require_once __DIR__ . '/middlewares.php';
require_once __DIR__ . '/controllers.php';
require_once __DIR__ . '/routes.php';
"ignore" => ['/common/api/v1/user/refresh-token'], this is not working. This application is installed in subfolder
i have tried
$app->add(new \Slim\Middleware\JwtAuthentication([
"secure" => false,
"attribute" => "jwt",
"secret" => $GLOBALS['JWT_SECRET'],
"algorithm" => ['HS512'],
"path" => ["/common"],
"ignore" => ['/common/api/v1/user/refresh-token'],
"error" => function ($request, $response, $arguments) {
$data["status"] = "error";
$data["message"] = $arguments["message"];
return $response
->withHeader("Content-Type", "application/json")
->withHeader('Access-Control-Allow-Origin', '*')
->withJson($data);
}
]));and
$app->add(new \Slim\Middleware\JwtAuthentication([ "secure" => false, "attribute" => "jwt", "secret" => $GLOBALS['JWT_SECRET'], "algorithm" => ['HS512'], "path" => ["/"], "ignore" => ['/common/api/v1/user/refresh-token'], "error" => function ($request, $response, $arguments) { $data["status"] = "error"; $data["message"] = $arguments["message"]; return $response ->withHeader("Content-Type", "application/json") ->withHeader('Access-Control-Allow-Origin', '*') ->withJson($data); } ]));
but all these not working.
NB: $request->getUri()->getPath() returns /api/v1/user/refresh-token
tuupola
commented
4 years ago With Slim 3 you should not need to use /common prefix with the ignore option. What is the output of:
$ curl --include http://myproject.test/common/api/v1/user/refresh-token?
itsmeJithin
commented
4 years ago I'm using prefix /api.
The output is
HTTP/1.1 401 Unauthorized
Date: Tue, 29 Sep 2020 08:32:29 GMT
Server: Apache/2.4.41 (Unix) PHP/7.2.33
X-Powered-By: PHP/7.2.33
Access-Control-Allow-Origin: *
Transfer-Encoding: chunked
Content-Type: application/json
{"status":"error","message":"Token not found"}% Have you tried with latest version? Looking at the example code you seem to be using the old 2.x branch. There was a related bug which was fixed couple of years ago.
tuupola
commented
3 years ago No feedback.
I have added this middleware to my REST API project. But I'm ignored refresh token URL from the token authentication mechanism. But it's not working. This project hosted with the base URL
http://myproject.test/common/This is my middleware codeAfter debugging the
JwtAuthenticationclass I couldn't find the usage of the$options['ignore]option. is it still available? or did you change the working principles? Or any mistakes in my code?