Lia Infraservices – the technical development expert from the leading Mobile App Development Company in Chennai brings you details about “How to authenticate application users using the JWT Authentication mechanism?” in simple steps.
An authentication procedure is meant to confirm that the persons claiming to be the users are really the users they claim to be. This step is vital to any security process.
JWT Authentication mechanism:
⦁ JSON Web Token
⦁ A method for securely transmitting information between parties using a JSON object.
⦁ Information Exchange: JWTs are a good way to secure information transfer between parties because they can be signed, which makes it easier to verify that they came from the right person. Furthermore, their structure allows you to verify that the content has not been modified.
⦁ A JWT could theoretically be more secure, but at the same time, it would be less secure than a session-based authentication. For example, a JWT is more vulnerable to hijacking, so it should be designed to protect against hijacking.
To Add JWT authentication in your API’s using php codeigniter;
⦁ Add BD_Controller.php in Your proj->Application->core
⦁ Add Auth.php(signup and login functions alone) and Key.php in Your proj->Application->Controller
⦁ Add JWT.php,REST_Controller.php, BeforeValidException.php, ExpiredException.php, SignatureInvalidException.php in Your proj->Application->libraries
⦁ Add $config[‘thekey’]=’ValarMorghulis!’; in config.php
⦁ Change $config[‘subclass_prefix’] = ‘MY_’; to $config[‘subclass_prefix’] = ‘BD_’;
⦁ change Controller with
<?php
defined(‘BASEPATH’) OR exit(‘No direct script access allowed’);
use \Firebase\JWT\JWT;
class Admin extends BD_Controller {
function __construct()
{
// Construct the parent class
parent::__construct();
}
}
And the BD_controller file contains
methods[‘users_get’][‘limit’] = 500;
$this->methods[‘users_post’][‘limit’] = 100;
$this->methods[‘users_delete’][‘limit’] = 50;
//JWT Auth middleware
$headers = $this->input->get_request_header(‘Authorization’);
$kunci = $this->config->item(‘thekey’); //secret key for encode and decode
$token= “token”;
if (!empty($headers)) {
if (preg_match(‘/Bearer\s(\S+)/’, $headers , $matches)) {
$token = $matches[1];
try {
$decoded = JWT::decode($token, $kunci, array(‘HS256’));
$this->user_data = $decoded;
} catch (Exception $e) {
$invalid = [‘status’ => $e->getMessage()]; //Response if credential invalid
$this->response($invalid, 401);
}
}
}
}
}
⦁ HS256 (HMAC with SHA-256) is a symmetric algorithm, with only one (secret) key that is shared between the two parties. Since the same key is used both for generating the signature and to verify it, the key cannot be compromised.
Conclusion:
To know “how to authenticate application users using the JWT Authentication mechanism?” contact LIA Infraservices the leading Mobile App Development Company in Chennai, Web Development, DevOps, Digital Marketing, Graphics & UI/UX Design, Cloud Migration Services.
If you like this blog on “How to authenticate application users using the JWT Authentication mechanism?” please comment below or Contact Lia Infraservices
Blog Contributed by: Bhuvaneshwari Y – Senior Technical Developer, Lia Infraservices.
Click Here to Check out her LinkedIn Profile.
Yorumlar