Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Using CodeIgniter General Help Library to generate API tokens without database
Library to generate API tokens without database
  • Offline kabeza
    Arriving from old forum
  • ***
  • Posts: 63
    Threads: 26
    Joined: Apr 2015
    Reputation: 0
#1
04-19-2023, 05:21 AM

Hi

I have a CI 4.3.x application that consists only of API calls to some server.

Later I was requested to add some REST Api endpoints to this web application using ResourceController class etc.
I've added a simple Basic Authorization checking to these endpoints, but I'd like to go a little step further and add Bearer token auth

The problem I see is that Shield (and other libraries) force me to set up a database, and server (where this web app is hosted) does not have any kind of DB

Is there any library or classes that allow me to:
- generate some tokens (manually) and have them stored in a config file or .env file
- implement Bearer token auth in those endpoints
- decode, validate, etc. these tokens ?

Thanks a lot for any suggestion
Enrique
https://beza.com.ar
Reply
  • Offline grimpirate
    Junior Member
  • **
  • Posts: 27
    Threads: 9
    Joined: Nov 2020
    Reputation: 2
#2
04-19-2023, 03:59 PM

You might not have access to a full-fledged database but you could always try using a sqlite backend. Store all of your tokens inside a table in the sqlite file. Use spark command line to manipulate that database for creation/deletion/etc of tokens. When a request comes in, check the for the Bearer token header and compare against your sqlite database, if authorized proceed, if not issue appropriate rejection. If you're referring to something like a JWT the process would be more involved, but for a basic random token you can use any sort of time based uuid or just bin2hex(random_bytes()).
HalberdCodeIgniter 4 PowerShell Setup Script
Reply
  • Offline kabeza
    Arriving from old forum
  • ***
  • Posts: 63
    Threads: 26
    Joined: Apr 2015
    Reputation: 0
#3
04-20-2023, 04:11 AM

(04-19-2023, 03:59 PM)grimpirate Wrote: You might not have access to a full-fledged database but you could always try using a sqlite backend. Store all of your tokens inside a table in the sqlite file. Use spark command line to manipulate that database for creation/deletion/etc of tokens. When a request comes in, check the for the Bearer token header and compare against your sqlite database, if authorized proceed, if not issue appropriate rejection. If you're referring to something like a JWT the process would be more involved, but for a basic random token you can use any sort of time based uuid or just bin2hex(random_bytes()).

Great idea! I'll implement a sqlite db in the web app

I've installed (through composer) this library. It allows to generate, validate, etc. JWT
https://github.com/RobDWaller/ReallySimpleJWT

So I'll store those tokens in the sqlite

Thanks again
Enrique
https://beza.com.ar
Reply




Theme © iAndrew 2016 - Forum software by © MyBB