The JWT middleware for Lithe is responsible for user authentication, providing secure token generation, validation, and revocation.
To use the JWT middleware in Lithe, install via Composer:
composer require lithemod/jwtYou can use the middleware directly in your routes. Here's how:
use Lithe\Auth\JWT;
// Route configuration with JWT
$app->get('/protected', new JWT('your-secret-key', 'HS256', 3600), function ($req, $res) {
return $res->send('Access granted!');
});Generate a JWT token for an authenticated user. The token will contain relevant information such as user ID and role.
$app->post('/login', function ($req, $res) {
$user = ['id' => 1, 'role' => 'admin', 'email' => 'user@example.com']; // Example user
$token = (new JWT())->generateToken($user);
return $res->send(['token' => $token]);
});Use the JWT middleware to protect routes. The middleware will check the token validity on each request.
$app->get('/protected-route', new JWT(), function ($req, $res) {
return $res->send('Access to protected route.');
});Revoke a token when a user logs out. This ensures the token can no longer be used.
$app->post('/logout', function ($req, $res) {
$token = $req->header('Authorization');
(new JWT())->revokeToken($token);
return $res->send('Token revoked.');
});Implement an endpoint for token refresh, allowing users to obtain a new token without needing to log in again.
$app->post('/refresh', function ($req, $res) {
$token = $req->header('Authorization');
$newToken = (new JWT())->refreshToken($token);
return $res->send(['token' => $newToken]);
});Extract user information from the JWT for use in protected routes.
$app->get('/user', new JWT(), function ($req, $res) {
return $res->send($req->user);
});Validate a token without fully decoding it. This can be useful for quickly checking the authenticity of a token.
$app->post('/validate', function ($req, $res) {
$token = $req->header('Authorization');
$isValid = (new JWT())->validateToken($token);
return $res->send(['valid' => $isValid]);
});Description: Initializes the JWT class with a secret key, algorithm, and expiration time.
Parameters:
$secretKey: Secret key for encoding/decoding.$algorithm: Algorithm for signing the token.$expirationTime: Token expiration time in seconds.
Description: Middleware to check the JWT in a request.
Parameters:
$req: The HTTP request.$res: The HTTP response.$next: Next middleware function to call.
Description: Generates a new JWT token for a user.
Parameters:
$user: User data to encode in the token.
Description: Revokes a JWT token by adding it to the revoked list.
Parameters:
$token: The token to revoke.
Description: Checks if a token has been revoked.
Parameters:
$token: The token to check.
Description: Updates an expired JWT token by generating a new one.
Parameters:
$token: The token to refresh.
Description: Retrieves user data from a JWT token.
Parameters:
$token: The token from which to get user data.
Description: Validates a JWT token without decoding it.
Parameters:
$token: The token to validate.
- Token Revocation: The middleware supports token revocation.
- Error Handling: Validation errors and token expiration are automatically handled, returning appropriate messages to the client.