Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

JSON Web Token Authentication for Lumen
Jun 29, 2015 @ 12:07:36

The Laravelista.com site has a new tutorial posted showing you how to integrate JSON Web Tokens (JWT) into a Lumen application. JWTs provide a simple, portable way to share authentication and session information in a more robust way than just a single randomly generated token.

This is my third post on how to build an API with Fractal, but in this post I will be focusing on authentication using JWT (JSON Web Tokens). [...] In Build an API with Lumen and Fractal I have shown you a way of creating an API using Lumen and Fractal. In this post we will continue with the same project called Treeline and implement authentication and protected routes. Also at the very end of the post is a small chapter on when to use Lumen over Laravel.

They make use of the tymon/jwt-auth library to handle the actual JWT functionality including a service provider making it simple to integrate. They talk about "improving Lumen" by adding a configuration directory for the JWT package to put its configuration file. From there they add in the necessary facades and configuring the library itself. Next comes the actual authentication handling that, post login, generates the token and resending it along with each response. Finally, they show you how to set up the protection on routes and verifying the token contents on each request.

tagged: lumen tutorial jsonwebtoken jwt tutorial integration provider authentication

Link: http://laravelista.com/json-web-token-authentication-for-lumen/

SitePoint PHP Blog:
PHP Authorization with JWT (JSON Web Tokens)
Jun 04, 2015 @ 09:51:17

On the SitePoint PHP blog today there's a tutorial posted showing you how to handle authorization with JWTs, JSON Web Tokens. These tokens provide a bit more context around the current session including things like when the token was issued and when it should time out.

If you like computer security topics, you will know that one of the most discussed and controversial topics is user authentication. Within its context, you will find a broad range of study areas, from new mechanisms to usability. It is, thus, to my surprise that JSON Web Tokens is a topic not often talked about, and I think it deserves to be in the spotlight today. We will see how easy it is to integrate it in an API authentication mechanism.

He starts with a comparison of JWTs and sessions, pointing out both similarities and differences between the two. He then gets into the official JWT specification (an approved RFC) that defines the structure and what a resulting JWT string looks like. He then moves on and shows how to integrate them with a current application via the php-jwt library. He helps you get the dependencies installed and sets up both the encoding and decoding methods. He integrates this with a simple frontend Javascript request to fetch content and push it into the page. This request verifies the JWT on receipt and returns 400 HTTP error codes if this fails.

tagged: tutorial jwt jsonwebtoken phpjwt authorization example resource

Link: http://www.sitepoint.com/php-authorization-jwt-json-web-tokens/