I am working on a slim REST API and I want to secure it with JWT Token. I try a lot of tutorials and I am anable to make things work.
I use :
slim 4.*
slim/psr7 0.6.0
tuupola/slim-jwt-auth ^3.4
tuupola/cors-middleware ^1.1
Ubuntu 19.10 and Xampp
I have have 2 routes (POST /login and GET /api/test)
I want to be able to use the /login route without token and the other one with a token.
So I wrote :
$app->add(new Tuupola\Middleware\JwtAuthentication([
"path" => "/api",
"secret" => getenv ("SPROUTCH_TOKEN"),
"error" => function ($request, $response, $arguments) {
$data["status"] = "error";
$data["message"] = $arguments["message"];
return $response
->withHeader("Content-Type", "application/json")
->write(json_encode($data, JSON_UNESCAPED_SLASHES | JSON_PRETTY_PRINT));
},
]));
In that case nothing is secure so I tried this :
$app->add(new Tuupola\Middleware\JwtAuthentication([
"secret" => getenv ("SPROUTCH_TOKEN"),
"error" => function ($request, $response, $arguments) {
$data["status"] = "error";
$data["message"] = $arguments["message"];
return $response
->withHeader("Content-Type", "application/json")
->write(json_encode($data, JSON_UNESCAPED_SLASHES | JSON_PRETTY_PRINT));
},
]));
And of course I can't access anything.
The proble was just that the "path" key takes only absolute path