v2.1 - Support for Bearer Tokens (JWT)
The User plugin has been updated to improve support for working with APIs and bearer tokens.
Auth::getBearerToken(): string
Returns a bearer token (JWT) that can be used to authenticate the current user for 1 hour.
public function token()
{
return Auth::getBearerToken();
}
Auth::checkBearerToken(string $token): bool
Verifies a supplied bearer token, and if valid, sets the authenticated user.
function onStart()
{
if ($jwtToken = Request::bearerToken()) {
Auth::checkBearerToken($jwtToken);
}
}
Session Component
Now includes a token()
method for generating a new token for the signed in user.
url = "/api/login"
[account]
[session]
==
{% do response(
ajaxHandler('onSignin').withVars({
token: session.token()
})
) %}
The checkToken
property is used to verify the token in the headers (Authorization: Bearer <TOKEN>
).
url = "/api/login/renew"
[session]
checkToken = 1
==
{% do response({
data: {
token: session.token()
}
}) %}