-
Notifications
You must be signed in to change notification settings - Fork 1
JWT
Matthew Walther edited this page Aug 9, 2022
·
1 revision
This document covers the OpenTHC's JWT wrapper using the Firebase PHP-JWT library.
A authenticated user session may mint a JWT in an Application Environment (APP) for authorized HTTP requests against an external service environment (EXT) when:
etc/config.php
// @bug found uses of 'application' and 'app'
'application' => [
'id' => 'EXAMPLE_ID',
'secret' => 'example.openthc.com-secret',
]etc/config.php
'openthc' => [
'app' => [
'id' => 'EXAMPLE_ID',
'hostname' => 'app.openthc.dev',
'secret' => 'app.openthc.dev-secret',
],
]use OpenTHC\JWT;
$claims = JWT::base_claims();
$payload = array_merge($claims, [
'Company' => [
'id' => '01EXMSAJAF1M2KKJWWP3P3SZDP'
],
'Contact' => [
'id' => '01EXMSAJARWA6GH70BYFDMC06Q'
],
]);
$jwt = JWT::encode('b2b', $payload);
$b2b = _b2b_api(); // Uses GuzzleHTTP
$res = $b2b->get('/api/b2b', [
'headers' => [
'authorization' => sprintf('Bearer %s', $jwt),
]
]);We do not need to do extra validation the JWT tokens because the payloads are signed and ecrypted with our secret keys.
Non-standard contextual data will come from "private claims" in the payload.
App authorizes requests on behalf of the user to make requests against B2B, and find out of the user has any new orders.
- App captures the user's company and contact session information
- And gets the B2B service configuration
- Then it uses the JWT library to mint the JWT token
- And the JWT token is issued in the
Authorizationheader in the request to B2B/api/b2b