}); // Routes $app->post('/login', function(Request $request) use($users, $privateKey) { $name = $request->get('name'); $user = $users->findOne(['name' => $name]); $password = $request->get('password'); if (null === $user || $password !== $user['password']) { throw new HttpException(Response::HTTP_FORBIDDEN, 'Invalid username or password.'); } // Generate new JSON Web Token. $builder = new JWT\Builder(); $builder ->setNotBefore(time()) ->setIssuer($request->getSchemeAndHttpHost()) ->setId($user['_id']->{'$id'}) ; foreach (['name', 'email', 'given_name', 'family_name', 'email_verified', 'gender'] as $field) { $builder->set($field, $user[$field]); } $builder->sign(new JWT\Signer\Rsa\Sha256(), $privateKey); $token = $builder->getToken(); return new Response($token, 200, ['Access-Control-Allow-Origin' => '*', 'Content-Type' => 'application/jwt']); }); $app->get('/images', function(Request $request) use($app, $images) {
/** * Generates a user token * @return string */ public function getToken($data = null) { $time = time(); $signer = new Sha256(); $token = new Builder(); $token->setIssuer(Router::url('/', true)); $token->setAudience($this->request->clientIp()); $token->setIssuedAt($time); $token->setNotBefore($time); $token->setExpiration($time + Configure::read('Security.timeout')); $token->set('data', json_encode($data)); return (string) $token->sign($signer, Configure::read('Security.salt'))->getToken(); }