mittwald-flow/jwt-auth
Composer 安装命令:
composer require mittwald-flow/jwt-auth
包简介
Authenticate users with JSON web tokens
README 文档
README
Author and Copyright
Martin Helmich
Mittwald CM Service GmbH & Co. KG
This package is MIT-licensed.
Synopsis
This package implements an authentication provider for TYPO3 Flow that
authenticates users based on JSON Web Tokens. JWTs can be
supplied using a configurable custom HTTP header (X-JWT per default), a
cookie or a query parameter.
Installation
You can install this package using Composer:
$ composer require mittwald-flow/jwt-auth
Basic considerations and design choices
-
This package does authentication only. It will not issue new tokens. This package's only purpose is to authenticate users by JSON Web Tokens that are issued by a trusted, third-party identity provider.
-
JWT authentication is stateless. This means that when using JWT authentication, Flow will not start any kind of session, but authenticate you each time anew based on the access token.
-
Accounts authenticated by this package are not persistent. This is done on purpose, since claims for a user might change when the same user authenticates with a different token.
Configuration
There are several settings that you need to configure in your TYPO3 Flow settings.
Verification key
This package needs a key to authenticate tokens. This can either be a random character string for tokens that use a symmetric authentication code (HMAC) or an RSA public key. To configure this key, you can use one of two settings:
-
Mw.JwtAuth.security.keyto directly specify the key:Mw: JwtAuth: security: key: | -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuurXQ9FbDxK9EQL9gw/f KJVdo/33j8zDOxemH6fV/KWp/fEMwez77GC3J5ze/A1o/ue4FVz/8fJ8PMGO3ag9 drIHyWgs4FYBpQZ1BqA78b6nWJeJ8Zbsv71r+Bpb5UUJBBHZ85Sa13sl3ZN0L0E0 XD/NYD1Sh31qoccZU57l6g4PWScxUZYGWc/OeT07HbUjaFzL/YpQZUKH+KoqoIOD UiZkf44ear4dGzNeR0UQ01VIZj7RaJ1uhAZVsNLoqPKGyjmgEZz70DDbMlxEXiMi Q/2Thd3bklr0IpZpL7JwHw9MrVS32NkustFgG6uYv/mvw10Zll9CCAUib3QIGlZV uQIDAQAB -----END PUBLIC KEY-----
-
Mw.JwtAuth.security.keyUrlto specify afopen-able URL from which the key can be retrieved:Mw: JwtAuth: security: keyUrl: https://identity.service.consul/key
When you specify both settings, the Mw.JwtAuth.security.key setting will
take precedence.
Claim-to-account mapping
You can also configure how the claims encoded in the JWT should be mapped to the TYPO3 Flow user account. For instance, when the JWT claims contain a field that describes a user type, you can map this on a TYPO3 Flow role.
Consider a JWT claim like the following:
{
"sub": "my-username",
"type": "customer"
}
By default, the sub claim will be used as account identifier for the Flow
user. You can change this by setting the Mw.JwtAuth.claimMapping.accountIdentifierField
option.
Furthermore, you can configure which claim contains the user role and how to map claim values to known user roles:
Mw: JwtAuth: claimMapping: roleField: type roles: customer: My.ExamplePackage:Customer employee: My.ExamplePackage:Employee
Token sources
You can also configure how the authentication provider should extract the
JWT from the HTTP request. A JWT can be contained within a cookie, a custom
request header or a query argument. You can configure the token sources
using the Mw.JwtAuth.security.tokenSources:
Mw: JwtAuth: security: tokenSources: - from: header name: X-Your-Custom-Header - from: cookie name: MyCookieName
This setting can contain a list of multiple token sources. Each of those will be tried in sequence until one of them matches.
mittwald-flow/jwt-auth 适用场景与选型建议
mittwald-flow/jwt-auth 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 38 次下载、GitHub Stars 达 1, 最近一次更新时间为 2015 年 09 月 03 日, 在 PHP 生态内属于活跃度较高的组件。
我们在过去多个企业项目中使用过 mittwald-flow/jwt-auth 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 mittwald-flow/jwt-auth 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
统计信息
- 总下载量: 38
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 1
- 点击次数: 20
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2015-09-03