How to manually validate an auth token?

[PadreMontoya]

Hi Terry,

Thanks for your great work on this! I have it installed correctly and everything is working fine. I'm trying to make a tweak, however - when a user authenicates, I want to give them an "auth_token" cookie, and likewise, check that cookie during routing.

I'm able to give a cookie with this code:

Route::filter('give_auth_cookie', function($route, $request, $response)
{
    $data = $response->getData(true);
    $response->withCookie(Cookie::forever('auth_token', $data['token']));
});

Route::post('auth', array('uses' => 'Tappleby\AuthToken\AuthTokenController@store', 'after' => 'give_auth_cookie'));

Now my problem is trying to validate it. All my attempts to get access to a working AuthTokenDriver object have failed. My closest guess is:

$token = Cookie::get('auth_token');
$manager = new Tappleby\AuthToken\AuthTokenManager();
$driver = $manager->driver();
$success = $driver->validate($token);

This doesn't work because AuthTokenManager expects a working $app.

Can you suggest how to check if an auth token string is valid?

Thanks for any help you can give.

[tappleby]

If you setup the optional aliases, you can use the facade: AuthToken::validate($token)

[tappleby]

@PadreMontoya any luck with using the facade? let me know if your still running into issues.

[PadreMontoya]

Hi Terry,

Thanks for the reply! I actually think the alias suggestion will work, but I've hit a new problem.

We've recently switched our platform from Postgres to Neo4j, using https://github.com/Vinelab/NeoEloquent.

I haven't had a chance to see how your project works under Neo4j, but I'm a little nervous about compatibility since your code uses $this->db->table('ta_auth_token'). I'm not sure whether this will throw an exception, or whether Neo4j will know to treat that as a 'ta_auth_token' node.

I'll let you know what I find. I've already got laravel-auth-token installed, I just disabled it while we converted to Neo4j.

[PadreMontoya]

BTW, if you have any tips, I'm all ears. I'd love to keep using laravel-auth-token. Can I perhaps swap out the database component with my own implementation? (I'm a bit new to interfaces and facades)

[tappleby]

Yeah im not sure what the compatibility would be like, its possible it could just work (I dont know enough about Neo4J).

You could supply your own Neo4J provider based on the DatabaseAuthTokenProvider. using the following:

AuthToken::extend('neo4j', function ($app) {
    return new Neo4jAuthTokenProvider;
});

Note: I havent tested this lib with another provider, for the above to work it would require a code modification to read the driver from config.