Welcome Guest, Not a member yet? Register   Sign In
Library to generate API tokens without database
#1

Hi

I have a CI 4.3.x application that consists only of API calls to some server.

Later I was requested to add some REST Api endpoints to this web application using ResourceController class etc.
I've added a simple Basic Authorization checking to these endpoints, but I'd like to go a little step further and add Bearer token auth

The problem I see is that Shield (and other libraries) force me to set up a database, and server (where this web app is hosted) does not have any kind of DB

Is there any library or classes that allow me to:
- generate some tokens (manually) and have them stored in a config file or .env file
- implement Bearer token auth in those endpoints
- decode, validate, etc. these tokens ?

Thanks a lot for any suggestion
Reply
#2

You might not have access to a full-fledged database but you could always try using a sqlite backend. Store all of your tokens inside a table in the sqlite file. Use spark command line to manipulate that database for creation/deletion/etc of tokens. When a request comes in, check the for the Bearer token header and compare against your sqlite database, if authorized proceed, if not issue appropriate rejection. If you're referring to something like a JWT the process would be more involved, but for a basic random token you can use any sort of time based uuid or just bin2hex(random_bytes()).
Reply
#3

(04-19-2023, 03:59 PM)grimpirate Wrote: You might not have access to a full-fledged database but you could always try using a sqlite backend. Store all of your tokens inside a table in the sqlite file. Use spark command line to manipulate that database for creation/deletion/etc of tokens. When a request comes in, check the for the Bearer token header and compare against your sqlite database, if authorized proceed, if not issue appropriate rejection. If you're referring to something like a JWT the process would be more involved, but for a basic random token you can use any sort of time based uuid or just bin2hex(random_bytes()).

Great idea! I'll implement a sqlite db in the web app

I've installed (through composer) this library. It allows to generate, validate, etc. JWT
https://github.com/RobDWaller/ReallySimpleJWT

So I'll store those tokens in the sqlite

Thanks again
Reply




Theme © iAndrew 2016 - Forum software by © MyBB