Skip to content

Instantly share code, notes, and snippets.

@odan
Last active August 16, 2022 18:49
  • Star 5 You must be signed in to star a gist
  • Fork 3 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save odan/2885ccd0d2f3a3df41bf5c3d6e9b4999 to your computer and use it in GitHub Desktop.
@rtpHarry
Copy link

@odan, thank you, that is the tutorial I used to get CORS up and running for my system, it was great! My comment was something that came out of starting to merge your tutorials together. It doesn't mention, I don't think, that if the route is protected you shouldn't also protect the OPTIONS preflight check. It's basically the only piece of information I've had to research for myself with this project :)

@mkraha
Copy link

mkraha commented Apr 17, 2020

@odan Do you have idea to create new tutorial with tuupola/slim-basic-auth and tuupola/slim-jwt-auth ?

@odan
Copy link
Author

odan commented Apr 17, 2020

@mkraha I think the documentation of tuupola/slim-basic-auth and tuupola/slim-jwt-auth is good enough.

@Webudvikler-TechCollege
Copy link

Webudvikler-TechCollege commented May 18, 2020

Hi @odan

I followed your tutorial and I can generate tokens but I get the following error when trying to validate tokens on routes:

Message: Entry "App\Middleware\JwtMiddleware" cannot be resolved: Entry "Psr\Http\Message\ResponseFactoryInterface" cannot be resolved: the class is not instantiable Full definition: Object ( class = #NOT INSTANTIABLE# Psr\Http\Message\ResponseFactoryInterface lazy = false ) Full definition: Object ( class = App\Middleware\JwtMiddleware lazy = false __construct( $jwtAuth = get(App\Auth\JwtAuth) $responseFactory = get(Psr\Http\Message\ResponseFactoryInterface) ) )

My route looks like this:

$commentRoute->post('', \App\Action\BakeOnline\CommentCreateAction::class)->add(\App\Middleware\JwtMiddleware::class);

Do you have any suggestions on how to solve this problem?

Thank you in advance.

@odan
Copy link
Author

odan commented May 18, 2020

Hi @Webudvikler-TechCollege

It looks like the container definition for ResponseFactoryInterface::class is missing. You can find all the details in the article.

use Psr\Http\Message\ResponseFactoryInterface;
// ...

ResponseFactoryInterface::class => function (ContainerInterface $container) {
    return $container->get(App::class)->getResponseFactory();
},

@Webudvikler-TechCollege

@odan, thank you so much. It worked for me. And thank you for the article! It has been a really great help!

@samuelgfeller
Copy link

samuelgfeller commented Nov 18, 2020

Hello @odan

Thank you so much for this article. I have 2 questions the first isn't so important. I already decided that I will implement the way it's in your doc.

What are the pros / cons of using a library like tuupola/slim-jwt-auth versus an approach like in this article and what do you recommend in the end?

Do you know any projects where these JWT-Functions are being tested? Or do you have examples?

@odan
Copy link
Author

odan commented Nov 18, 2020

Hi @samuelgfeller My approach is more Middleware and Routing based while the tuupola/slim-jwt-auth approach uses an array to configure the different routes. For me the array based protection is not so good to maintain in the long run, for example when you add or change route paths you may miss some routes and suddenly it's unprotected. I prefer to explicitly add the JwtAuthMiddleware to specific routes or route groups in routes.php. You can open the routes.php file see what is protected. My approach also makes it easier to fetch users from the database (see TokenCreateAction) instead of loading it from a fixed array. I think you have to decide what's better for your specific use case.

@samuelgfeller
Copy link

@odan that's very pertinent! I think easily worth mentioning in the article. Below where you link to tuupola/slim-jwt-auth or somewhere near.

@odan
Copy link
Author

odan commented Nov 18, 2020

@samuelgfeller Yes, thanks. I will add it to the article.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment