Library to generate API tokens without database |
Hi
I have a CI 4.3.x application that consists only of API calls to some server. Later I was requested to add some REST Api endpoints to this web application using ResourceController class etc. I've added a simple Basic Authorization checking to these endpoints, but I'd like to go a little step further and add Bearer token auth The problem I see is that Shield (and other libraries) force me to set up a database, and server (where this web app is hosted) does not have any kind of DB Is there any library or classes that allow me to: - generate some tokens (manually) and have them stored in a config file or .env file - implement Bearer token auth in those endpoints - decode, validate, etc. these tokens ? Thanks a lot for any suggestion
Enrique
https://beza.com.ar
You might not have access to a full-fledged database but you could always try using a sqlite backend. Store all of your tokens inside a table in the sqlite file. Use spark command line to manipulate that database for creation/deletion/etc of tokens. When a request comes in, check the for the Bearer token header and compare against your sqlite database, if authorized proceed, if not issue appropriate rejection. If you're referring to something like a JWT the process would be more involved, but for a basic random token you can use any sort of time based uuid or just bin2hex(random_bytes()).
(04-19-2023, 03:59 PM)grimpirate Wrote: You might not have access to a full-fledged database but you could always try using a sqlite backend. Store all of your tokens inside a table in the sqlite file. Use spark command line to manipulate that database for creation/deletion/etc of tokens. When a request comes in, check the for the Bearer token header and compare against your sqlite database, if authorized proceed, if not issue appropriate rejection. If you're referring to something like a JWT the process would be more involved, but for a basic random token you can use any sort of time based uuid or just bin2hex(random_bytes()). Great idea! I'll implement a sqlite db in the web app I've installed (through composer) this library. It allows to generate, validate, etc. JWT https://github.com/RobDWaller/ReallySimpleJWT So I'll store those tokens in the sqlite Thanks again
Enrique
https://beza.com.ar |
Welcome Guest, Not a member yet? Register Sign In |