SilverStripe JWT

JWTAuthenticator extends MemberAuthenticator
in package
Uses Injectable, Configurable, MemberTokenGenerator

Table of Contents

Constants

HMAC  = 'HMAC'
Key is HMAC string
JWT_KEY_PASSWORD  = 'JWT_KEY_PASSWORD'
JWT_PUBLIC_KEY  = 'JWT_PUBLIC_KEY'
JWT_SIGNER_KEY  = 'JWT_SIGNER_KEY'
RSA  = 'RSA'
Key is RSA public/private pair
RSA_PASSWORD  = 'RSA_PASSWORD'
Key is RSA public/private pair, with password enabled

Properties

$anonymous_allowed  : bool
Set to true to allow anonymous JWT tokens (no member record / email / password)
$nbf_expiration  : int
Expires after 1 hour
$nbf_refresh_expiration  : int
Token can be refreshed within 7 days
$nbf_time  : int

Methods

authenticate()  : Member|null
generateToken()  : Token
Generate a new JWT token for a given request, and optional (if anonymous_allowed) user
getErrorMessage()  : string
Humanise error message based on status code
supportedServices()  : int
JWT is stateless, therefore, we don't support anything but login
validateToken()  : array<string|int, mixed>|null
canTokenBeRenewed()  : bool
Check if the given token can be renewed
generateResponse()  : array<string|int, mixed>
Generate MemberToken response
getEnv()  : string|null
Get an environment value. If $default is not set and the environment isn't set either this will error.
getKeyType()  : string
Keys are one of: - public / private RSA pair files - public / private RSA pair files, password protected private key - private HMAC string
getPrivateKey()  : Key
Get private key used to generate JWT tokens
getPublicKey()  : Key
Get public key used to validate JWT tokens
getSigner()  : Signer
parseToken()  : Token|null
Parse a string into a token
resolvePath()  : string|null
Return an absolute path from a relative one If the path doesn't exist, returns null
validateParsedToken()  : bool
Determine if the given token is current, given the context of the current request
makeKey()  : Key
Construct a new key from the named config variable

Constants

RSA_PASSWORD

Key is RSA public/private pair, with password enabled

public mixed RSA_PASSWORD = 'RSA_PASSWORD'

Properties

$anonymous_allowed

Set to true to allow anonymous JWT tokens (no member record / email / password)

private static bool $anonymous_allowed = false
Tags
config

$nbf_expiration

Expires after 1 hour

private static int $nbf_expiration = 3600
Tags
config

$nbf_refresh_expiration

Token can be refreshed within 7 days

private static int $nbf_refresh_expiration = 604800
Tags
config

Methods

authenticate()

public authenticate(array<string|int, mixed> $data, HTTPRequest $request[, ValidationResult|null &$result = null ]) : Member|null
Parameters
$data : array<string|int, mixed>
$request : HTTPRequest
$result : ValidationResult|null = null
Tags
throws
OutOfBoundsException
throws
BadMethodCallException
throws
Exception
Return values
Member|null

generateToken()

Generate a new JWT token for a given request, and optional (if anonymous_allowed) user

public generateToken(HTTPRequest $request, Member|MemberExtension $member) : Token
Parameters
$request : HTTPRequest
$member : Member|MemberExtension
Tags
throws
ValidationException
Return values
Token

getErrorMessage()

Humanise error message based on status code

public getErrorMessage(string $status) : string
Parameters
$status : string
Tags
throws
InvalidArgumentException
Return values
string

supportedServices()

JWT is stateless, therefore, we don't support anything but login

public supportedServices() : int
Return values
int

validateToken()

public validateToken(string $token, HTTPRequest $request) : array<string|int, mixed>|null
Parameters
$token : string
$request : HTTPRequest
Tags
throws
BadMethodCallException|Exception
Return values
array<string|int, mixed>|null

Array with JWTRecord and int status (STATUS_*)

canTokenBeRenewed()

Check if the given token can be renewed

protected canTokenBeRenewed(Token $parsedToken) : bool
Parameters
$parsedToken : Token
Return values
bool

generateResponse()

Generate MemberToken response

protected generateResponse(string $status[, Member $member = null ][, string $token = null ]) : array<string|int, mixed>
Parameters
$status : string

Status code

$member : Member = null
$token : string = null
Return values
array<string|int, mixed>

Response in format required by MemberToken

getEnv()

Get an environment value. If $default is not set and the environment isn't set either this will error.

protected getEnv(string $key[, string|null $default = null ]) : string|null
Parameters
$key : string
$default : string|null = null
Tags
throws
LogicException

Error if environment variable is required, but not configured

Return values
string|null

getKeyType()

Keys are one of: - public / private RSA pair files - public / private RSA pair files, password protected private key - private HMAC string

protected getKeyType() : string
Return values
string

getPrivateKey()

Get private key used to generate JWT tokens

protected getPrivateKey() : Key
Return values
Key

getPublicKey()

Get public key used to validate JWT tokens

protected getPublicKey() : Key
Tags
throws
LogicException
Return values
Key

parseToken()

Parse a string into a token

protected parseToken(string|null $token) : Token|null
Parameters
$token : string|null
Return values
Token|null

resolvePath()

Return an absolute path from a relative one If the path doesn't exist, returns null

protected resolvePath(string $path[, string $base = BASE_PATH ]) : string|null
Parameters
$path : string
$base : string = BASE_PATH
Return values
string|null

validateParsedToken()

Determine if the given token is current, given the context of the current request

protected validateParsedToken(Token $parsedToken, HTTPRequest $request, JWTRecord $record) : bool
Parameters
$parsedToken : Token
$request : HTTPRequest
$record : JWTRecord
Return values
bool

makeKey()

Construct a new key from the named config variable

private makeKey(string $name[, string|null $password = null ]) : Key
Parameters
$name : string

Key name

$password : string|null = null

Optional password

Return values
Key 

        

        
    




    

    

                                

                

                                
    

        On this page

        
    


                

                            

            

    

        

            
Search results