Add support for Bearer token auhentication

rrd108 · Mar 4, 2024 · a70d13b · a70d13b
1 parent 25ff37b
commit a70d13b
Show file tree

Hide file tree

Showing 4 changed files with 43 additions and 7 deletions.
diff --git a/README.md b/README.md
@@ -31,6 +31,20 @@ return [
 ];
 ```
 
+#### Authorization with Bearer token
+
+If you want to use the `Authorization` header with `Bearer` token, you should set the `header` key to `Authorization` and the `prefix` key to `Bearer` in your `config/apiTokenAuthenticator.php` file.
+
+```php
+<?php
+return [
+  'ApiTokenAuthenticator' => [
+    'header' => 'Authorization',
+    'prefix' => 'Bearer',
+  ]
+];
+```
+
 ## Authentication
 
 The plugin authentication workflow is the following.
@@ -39,19 +53,19 @@ At your client appliacation you should send a POST request to `/users/login.json
 
 ```json
 {
-  "email": "[email protected]",
-  "password": "rrd"
+    "email": "[email protected]",
+    "password": "rrd"
 }
 ```
 
 If the login was successful than you will get a response like this.
 
 ```json
 {
-  "user": {
-    "id": 1,
-    "token": "yourSecretTokenComingFromTheDatabase"
-  }
+    "user": {
+        "id": 1,
+        "token": "yourSecretTokenComingFromTheDatabase"
+    }
 }
 ```
 

diff --git a/composer.json b/composer.json
@@ -1,7 +1,7 @@
 {
     "name": "rrd108/api-token-authenticator",
     "description": "A Simple Token Authentication Plugin for CakePHP 5 REST API-s",
-    "version": "1.0.4",
+    "version": "1.1.0",
     "type": "cakephp-plugin",
     "license": "MIT",
     "autoload": {

diff --git a/config/apiTokenAuthenticator.php b/config/apiTokenAuthenticator.php
@@ -7,8 +7,13 @@
             'username' => 'email',
             'password' => 'password'
         ],
+
         // name of the header for the token
         'header' => 'Token',
+        // for Bearer Athorization use this instead of the default
+        //'header' => 'Authorization
+        //'tokenPrefix' => 'Bearer',
+
         // login controller and action
         'login' => [
             'controller' => 'Users',

diff --git a/tests/TestCase/Authentication/Authenticator/ProvisoryTokenAuthenticatorTest.php b/tests/TestCase/Authentication/Authenticator/ProvisoryTokenAuthenticatorTest.php
@@ -75,4 +75,21 @@ public function testAuthenticateWithExpiredToken()
         $result = $tokenAuth->authenticate($requestWithHeader);
         $this->assertSame('TOKEN_EXPIRED', $result->getStatus());
     }
+
+    public function testAuthenticateWithBearerToken()
+    {
+        $options = Configure::read('ApiTokenAuthenticator');
+        $extraOptions = ['header' => 'Authorization', 'tokenPrefix' => 'Bearer'];
+        Configure::write('ApiTokenAuthenticator', $extraOptions + $options);
+        $tokenAuth = new ProvisoryTokenAuthenticator($this->identifiers, $extraOptions + $options);
+
+        $request = ServerRequestFactory::fromGlobals(
+            ['REQUEST_URI' => '/testpath'],
+            [],
+            ['username' => 'rrd', 'password' => 'webmania']
+        );
+        $requestWithHeader = $request->withAddedHeader('Authorization', 'Bearer token-1');
+        $result = $tokenAuth->authenticate($requestWithHeader);
+        $this->assertSame(Result::SUCCESS, $result->getStatus());
+    }
 }