承接 mittwald-flow/jwt-auth 相关项目开发

从需求分析到上线部署,全程专人跟进,保证项目质量与交付效率

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

mittwald-flow/jwt-auth

Composer 安装命令:

composer require mittwald-flow/jwt-auth

包简介

Authenticate users with JSON web tokens

README 文档

README

Author and Copyright

Martin Helmich
Mittwald CM Service GmbH & Co. KG

This package is MIT-licensed.

Synopsis

This package implements an authentication provider for TYPO3 Flow that authenticates users based on JSON Web Tokens. JWTs can be supplied using a configurable custom HTTP header (X-JWT per default), a cookie or a query parameter.

Installation

You can install this package using Composer:

$ composer require mittwald-flow/jwt-auth

Basic considerations and design choices

  • This package does authentication only. It will not issue new tokens. This package's only purpose is to authenticate users by JSON Web Tokens that are issued by a trusted, third-party identity provider.

  • JWT authentication is stateless. This means that when using JWT authentication, Flow will not start any kind of session, but authenticate you each time anew based on the access token.

  • Accounts authenticated by this package are not persistent. This is done on purpose, since claims for a user might change when the same user authenticates with a different token.

Configuration

There are several settings that you need to configure in your TYPO3 Flow settings.

Verification key

This package needs a key to authenticate tokens. This can either be a random character string for tokens that use a symmetric authentication code (HMAC) or an RSA public key. To configure this key, you can use one of two settings:

  1. Mw.JwtAuth.security.key to directly specify the key:

    Mw:
      JwtAuth:
        security:
          key: |
            -----BEGIN PUBLIC KEY-----
            MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuurXQ9FbDxK9EQL9gw/f
            KJVdo/33j8zDOxemH6fV/KWp/fEMwez77GC3J5ze/A1o/ue4FVz/8fJ8PMGO3ag9
            drIHyWgs4FYBpQZ1BqA78b6nWJeJ8Zbsv71r+Bpb5UUJBBHZ85Sa13sl3ZN0L0E0
            XD/NYD1Sh31qoccZU57l6g4PWScxUZYGWc/OeT07HbUjaFzL/YpQZUKH+KoqoIOD
            UiZkf44ear4dGzNeR0UQ01VIZj7RaJ1uhAZVsNLoqPKGyjmgEZz70DDbMlxEXiMi
            Q/2Thd3bklr0IpZpL7JwHw9MrVS32NkustFgG6uYv/mvw10Zll9CCAUib3QIGlZV
            uQIDAQAB
            -----END PUBLIC KEY-----
  2. Mw.JwtAuth.security.keyUrl to specify a fopen-able URL from which the key can be retrieved:

    Mw:
      JwtAuth:
        security:
          keyUrl: https://identity.service.consul/key

When you specify both settings, the Mw.JwtAuth.security.key setting will take precedence.

Claim-to-account mapping

You can also configure how the claims encoded in the JWT should be mapped to the TYPO3 Flow user account. For instance, when the JWT claims contain a field that describes a user type, you can map this on a TYPO3 Flow role.

Consider a JWT claim like the following:

{
    "sub": "my-username",
    "type": "customer"
}

By default, the sub claim will be used as account identifier for the Flow user. You can change this by setting the Mw.JwtAuth.claimMapping.accountIdentifierField option.

Furthermore, you can configure which claim contains the user role and how to map claim values to known user roles:

Mw:
  JwtAuth:
    claimMapping:
      roleField: type
      roles:
        customer: My.ExamplePackage:Customer
        employee: My.ExamplePackage:Employee

Token sources

You can also configure how the authentication provider should extract the JWT from the HTTP request. A JWT can be contained within a cookie, a custom request header or a query argument. You can configure the token sources using the Mw.JwtAuth.security.tokenSources:

Mw:
  JwtAuth:
    security:
      tokenSources:
        - from: header
          name: X-Your-Custom-Header
        - from: cookie
          name: MyCookieName

This setting can contain a list of multiple token sources. Each of those will be tried in sequence until one of them matches.

mittwald-flow/jwt-auth 适用场景与选型建议

mittwald-flow/jwt-auth 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 38 次下载、GitHub Stars 达 1, 最近一次更新时间为 2015 年 09 月 03 日, 在 PHP 生态内属于活跃度较高的组件。

我们在过去多个企业项目中使用过 mittwald-flow/jwt-auth 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 mittwald-flow/jwt-auth 我们能提供哪些服务?
定制开发 / 二次开发

基于 mittwald-flow/jwt-auth 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 38
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 1
  • 点击次数: 20
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 1
  • Watchers: 5
  • Forks: 1
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2015-09-03