Craft JWT Auth
Craft JWT Auth Overview
From the official website:
JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties.
This plugin enables requests to Craft to be securely authenticated in the presence of a JWT that can be successfully verified as matching a secret key generated signature.
Configuring Craft JWT Auth
Once installed, naviate to the settings page of the plugin and enter required settings to activate the plugin:
Setting | Description |
---|---|
Secret key | Mandatory. Secret key used to sign outgoing and verify incoming JWTs. |
Auto create user | Optional. Activate to enable auto-creation of a public user when provided a verifiable JWT. |
Using Craft JWT Auth
The plugin will attempt to verify any incoming requests with a JWT present in the Authentication
header with a Bearer
prefix, or with the simpler X-Access-Token
header value. An example:
# With Authorization: Bearer
curl --header "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.XbPfbIHMI6arZ3Y922BhjWgQzWXcXNrz0ogtVhfEd2o" MYCRAFTSITE.com
# With X-Access-Token
curl --header "X-Access-Token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.XbPfbIHMI6arZ3Y922BhjWgQzWXcXNrz0ogtVhfEd2o" MYCRAFTSITE.com
The plugin will attempt to verify the token using the lcobucci/jwt package for PHP. The package adheres to the IANA specifications for JWTs.
If a provided token can be verified AND can be match to a user account with a username matching the provided sub
key, the user will be authenticated and the request allowed to continue.
If the token is verifiable but a matching user account does NOT exist, but the Auto create user
setting is enabled AND public registration is enabled in the Craft settings, a new user account will be created on-the-fly and the new user then logged in.
To install this plugin, copy the command above to your terminal.
This plugin doesn't have any reviews.