Log message #4019244

# At Username Text
# Apr 21st 2017, 14:08 Neon1024 You’re welcome, good luck with it. It’ll be awesome
# Apr 21st 2017, 14:07 birdy247 Thanks for the tips guys :slightly_smiling_face:
# Apr 21st 2017, 14:07 Neon1024 .o>
# Apr 21st 2017, 14:07 birdy247 meeting :(
# Apr 21st 2017, 14:07 birdy247 im excited
# Apr 21st 2017, 14:07 birdy247 awesome
# Apr 21st 2017, 14:07 Neon1024 https://book.cakephp.org/3.0/en/controllers/components/authentication.html#creating-custom-authorize-objects
# Apr 21st 2017, 14:06 Neon1024 Writing an auth adapter is actually really easy
# Apr 21st 2017, 14:06 birdy247 cool
# Apr 21st 2017, 14:06 Neon1024 I think Xety has a token auth plugin, and ADmad has JWT Auth, which do similar things
# Apr 21st 2017, 14:06 Neon1024 As we have extra fields in there which I’d rather not expose
# Apr 21st 2017, 14:06 birdy247 no probs
# Apr 21st 2017, 14:05 Neon1024 No, I can’t sorry
# Apr 21st 2017, 14:05 birdy247 care to share :)
# Apr 21st 2017, 14:05 Neon1024 Probably from ADmad :p
# Apr 21st 2017, 14:05 Neon1024 I have a TokenAuth class I stole from somewhere
# Apr 21st 2017, 14:05 birdy247 a custom authenticator?
# Apr 21st 2017, 14:05 birdy247 it*
# Apr 21st 2017, 14:04 birdy247 Where do you check is?
# Apr 21st 2017, 14:04 Neon1024 If you wanted to salt your token I guess
# Apr 21st 2017, 14:04 Neon1024 You could use Security::hash()
# Apr 21st 2017, 14:04 Neon1024 No, I used php’s sha256() method :p
# Apr 21st 2017, 14:03 Neon1024 Or you could generate one as ADmad suggested using JWT, if you wanted some stuff in the token
# Apr 21st 2017, 14:03 birdy247 Did you make the logic for this yourself
# Apr 21st 2017, 14:03 birdy247 and then it just checks this
# Apr 21st 2017, 14:03 Neon1024 Yep
# Apr 21st 2017, 14:03 birdy247 So the token is stored in my Apps DB?
# Apr 21st 2017, 14:03 Neon1024 We require a few other fields too with each request
# Apr 21st 2017, 14:03 Neon1024 Just pass a token in the header then :)
# Apr 21st 2017, 14:02 birdy247 neither
# Apr 21st 2017, 14:02 birdy247 Im just after something simple
# Apr 21st 2017, 14:02 Neon1024 Depends really, my stuff doesn’t need to be super duper secure
# Apr 21st 2017, 14:02 Neon1024 I just wanted to be able to expire a token after a few months, so if someone gave it away it could be changed without impacting the consuming client
# Apr 21st 2017, 14:01 Neon1024 But there is stuff like OAuth too, such as Facebook and Twitter etc
# Apr 21st 2017, 14:01 Neon1024 birdy247, Usually a header and token is pretty standard
# Apr 21st 2017, 14:00 Neon1024 I’d need to implement it in a branch really and see how I feel about it
# Apr 21st 2017, 14:00 Neon1024 To give them a token to use, which you can sign and expire
# Apr 21st 2017, 14:00 Neon1024 Yeah, but I thought that the token workflow meant you need an OAuth style auth process
# Apr 21st 2017, 14:00 birdy247 but what is generally considered a nice way of requiring authentication to use the API
# Apr 21st 2017, 13:59 admad jwt is just a fancier token :P
# Apr 21st 2017, 13:59 birdy247 I need to do a bit of research