搜索benbjurstrom / cognito-jwt-guard
Amazon AWS Cognito发布的JSON Web Tokens (JWT)的Laravel认证保护器
Requires
- php: >=5.5.0
- ext-json: *
- firebase/php-jwt: ^5.0
- guzzlehttp/guzzle: ^6.2.1
- illuminate/auth: ^5.1|^6
- illuminate/contracts: ^5.1|^6
- illuminate/http: ^5.1|^6
- illuminate/support: ^5.1|^6
- phpseclib/phpseclib: ^2.0
Requires (Dev)
- orchestra/testbench: ^4.0
- php-coveralls/php-coveralls: ^2.2
- phpunit/phpunit: ^8.0
This package is auto-updated.
Last update: 2024-08-30 01:45:12 UTC
README
Laravel授权保护器,用于验证由Amazon AWS Cognito发布的JSON Web Tokens (JWT)
概览
此包提供了一个Laravel认证保护器,用于验证由配置的AWS Cognito用户池发布的JSON Web Tokens (JWT)。保护器接受通过Authorization头或设置为CognitoIdentityServiceProvider cookie传递的令牌。
一旦令牌经过池的公钥验证,保护器将寻找一个具有cognito_uuid值等于令牌中username属性值的Laravel用户。
如果找到一个本地Laravel用户,保护器将在请求期间验证他们的身份。如果没有找到并且启用了单点登录,此包将创建一个新的Laravel用户。
请注意,此包不提供用于将用户名和密码交换为令牌的方法。因此,它打算与Laravel API驱动应用程序一起使用,其中客户端直接从Cognito或通过负责认证的专用应用程序获取令牌。
安装
您可以使用composer安装此包
composer require benbjurstrom/cognito-jwt-guard
然后发布迁移和config/cognito.php配置文件
php artisan vendor:publish --provider="BenBjurstrom\CognitoGuard\CognitoServiceProvider"
然后运行您的迁移。这将添加所需cognito_uuid属性到您的用户表
php artisan migrate
将您的AWS Cognito用户池标识符和区域添加到.env文件
AWS_COGNITO_REGION= AWS_COGNITO_USER_POOL_ID=
您还需要更改config/auth.php文件中的认证驱动程序
// config/auth.php 'guards' => [ 'web' => [ 'driver' => 'session', 'provider' => 'users', ], 'api' => [ 'driver' => 'cognito', // This line is important 'provider' => 'users', ], ],
最后,根据您配置的Cognito用户池所需属性,您可能还需要调整在发布的config/cognito.php文件中的单点登录设置
// config/cognito.php /* |-------------------------------------------------------------------------- | Single Sign-On Settings |-------------------------------------------------------------------------- | If sso is true the cognito guard will automatically create a new user | record anytime the username attribute contained in a validated JWT | does not already exist in the users table. | | The new user will be created with the user attributes listed here | using the values stored in the given cognito user pool. Each attribute | listed here must be set as a required attribute in your cognito user | pool. | | When sso_repository_class is set this package will pass a new instance | of the the auth provider's user model to the given class's | createCognitoUser method. The users model will be hydrated with the given | sso_user_attributes before it is passed. */ 'sso' => env('SSO', false), 'sso_repository_class' => null, 'sso_user_attributes' => [ 'name', 'email', ]
配置sso_repository_class是可选的,但这样做允许您在保存新用户记录之前修改它或分发事件。一个示例sso_repository_class可能如下所示
<?php namespace App\Repositories; use App\Models\User; use App\Events\UserWasRegistered; class UserRepository { public function createCognitoUser(User $user): User { $user->save(); event(new UserWasRegistered($user)); return $user; } }
安全
如果您发现任何与安全相关的问题,请通过电子邮件ben@jelled.com而不是使用问题跟踪器。
许可
MIT许可(MIT)。有关更多信息,请参阅许可文件。