Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

token based authentication in codeigniter rest server library

I am try to build restful API in codeigniter using Phil Sturgeon's rest server

Problem is I can't figure out how to do token based authentication. I am building that API for mobile app and it is over HTTPS. At first user will authentication by logging in and then he will be able to use app functionalities. I want to implement in the way explained here: How token-based authentication works

Questions:

If I send token to server in request where should I check validity?
Does rest server library support token based authentication?
If it does which configurations do I need to do? or I need to implement my authentication methods?

or there is better/simpler way for authentication instead of token based?

like image 886
Nuryagdy Mustapayev Avatar asked Apr 14 '17 06:04

Nuryagdy Mustapayev


1 Answers

It does not support token auth. Here's the modifications I made to add it. REST_Controller.php search for "switch ($rest_auth) {" add add this case to it:

        case 'token':
            $this->_check_token();
            break;

Then add this function:

/** Check to see if the user is logged in with a token
 * @access protected
 */
protected function _check_token () {
    if (!empty($this->_args[$this->config->item('rest_token_name')])
            && $row = $this->rest->db->where('token', $this->_args[$this->config->item('rest_token_name')])->get($this->config->item('rest_tokens_table'))->row()) {
        $this->api_token = $row;
    } else {
        $this->response([
                $this->config->item('rest_status_field_name') => FALSE,
                $this->config->item('rest_message_field_name') => $this->lang->line('text_rest_unauthorized')
                ], self::HTTP_UNAUTHORIZED);
    }
}   

config/rest.php

    // *** Tokens ***
/* Default table schema:
 * CREATE TABLE `api_tokens` (
    `api_token_id` INT(10) UNSIGNED NOT NULL AUTO_INCREMENT,
    `token` VARCHAR(50) NOT NULL,
    `created` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
    PRIMARY KEY (`api_token_id`)
)
COLLATE='latin1_swedish_ci'
ENGINE=InnoDB
 */
$config['rest_token_name'] = 'X-Auth-Token';
$config['rest_tokens_table'] = 'api_tokens';
like image 82
Chris - On the Grid Webdesign Avatar answered Sep 18 '22 13:09

Chris - On the Grid Webdesign