I'm trying to build a simple API for studying with Slim Framework and JWTAuthentication. In the case my path / auth returns a JSON containing the JWT token that will be used to access the other paths. But when trying to access the / auth JWTAuthentication returns a STATUS code 401, even though I'm setting the passthrough to the / auth resource.
Now if I put "ignore" instead of "passthrough" it works fine.
.htaccess file
RewriteEngine On
RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [QSA,L]
My index.php
<?php
require "vendor/autoload.php";
use Firebase\JWT\JWT;
$container['secret'] = "secretloko";
$app = new \Slim\App($container);
$app->add(new \Tuupola\Middleware\HttpBasicAuthentication([
//Lista de usuários
"users" => [
"root" => "toor"
],
"paths" => ["/auth"]
]));
$app->add(new \Tuupola\Middleware\JWTAuthentication([
"path" => "/",
"passthrough" => ["/auth"],
"secret" => $container['secret'],
"error" => function ($options) use ($app) {
print_r($options);
}
]));
$app->get("/auth", function ($request, $response, $args) use ($app){
$key = $this->get('secret');
$payload = array(
"iss" => "root",
"adm" => "true"
);
$jwt = JWT::encode($payload, $key);
return $response->withJson(["token" => $jwt], 200)->withHeader("Content-type", "application/json");
});
$app->run();
?>
Result when trying to link
Slim\Http\Response Object
(
[status:protected] => 401
[reasonPhrase:protected] =>
[protocolVersion:protected] => 1.1
[headers:protected] => Slim\Http\Headers Object
(
[data:protected] => Array
(
)
)
[body:protected] => Slim\Http\Body Object
(
[stream:protected] => Resource id #72
[meta:protected] =>
[readable:protected] =>
[writable:protected] =>
[seekable:protected] =>
[size:protected] =>
[isPipe:protected] =>
)
)