Difference between #2 and #4 of
JWT authentication tutorial

Changes

Title unchanged

JWT authentication tutorial

Category unchanged

Tutorials

Yii version unchanged

2.0

Tags unchanged

authentication,auth,jwt

Content changed

[...]
- Add the authenticator behavior to your controllers
- For `AuthController.php` we must exclude actions that do not require being authenticated, like `login`, `refresh-token`, `options` (when browser sends the cross-site OPTIONS request).

```php
public function behaviors() {
     $behaviors = parent::behaviors();
 
 
 $behaviors['authenticator'] = [
'class' => \sizeg\jwt\JwtHttpBearerAuth::class,
'except' => [
[...]
'urf_created' => gmdate('Y-m-d H:i:s'),
]);
if (!$userRefreshToken->save();) {
 
throw new \yii\web\ServerErrorHttpException('Failed to save the refresh token: '. $userRefreshToken->getErrorSummary(true));
 
}

// Send the refresh-token to the user in a HttpOnly cookie that Javascript can never read and that's limited by path
Yii::$app->response->cookies->add(new \yii\web\Cookie([
'name' => 'refresh-token',
'value' => $refreshToken,
[...]
13 0
8 followers
Viewed: 163 828 times
Version: 2.0
Category: Tutorials
Tags: auth, authentication, jwt
Written by: Allan Jensen
Last updated by: Allan Jensen
Created on: Jun 7, 2021
Last updated: 3 years ago
Update Article
Revert to #2 | Revert to #4

Revisions

View all history