PHP Firebase help - Set up JWT

后端 未结 2 2025
再見小時候
再見小時候 2021-02-08 17:26

On my server I am running a few PHP files that read my Firebase Realtime Database. According to Firebase\'s documents I need to set up custom token to get my Firebase PHP Client

相关标签:
2条回答
  • 2021-02-08 17:51

    firebase/php-jwt

    Source Link with Angular App

    <?php
    
     // Allow from any origin
        if (isset($_SERVER['HTTP_ORIGIN'])) {
            header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
            header('Access-Control-Allow-Credentials: true');
            header('Access-Control-Max-Age: 86400');    // cache for 1 day
        }
    
        // Access-Control headers are received during OPTIONS requests
        if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
    
            if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
                header("Access-Control-Allow-Methods: GET, POST, OPTIONS");         
    
            if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
                header("Access-Control-Allow-Headers:        {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");
    
            exit(0);
        }
    
    
    require_once('vendor/autoload.php');
    use \Firebase\JWT\JWT; 
    define('SECRET_KEY','Super-Secret-Key');  // secret key can be a random string and keep in secret from anyone
    define('ALGORITHM','HS256');   // Algorithm used to sign the token
    
    
    
    $postdata = file_get_contents("php://input");
    $request = json_decode($postdata);
    
    
    $action = $request->action;
    
    
    // Login section
    if ($action == 'login') {
    
        $email = $request->email;
        $password = $request->password; 
    
            //A dummy credential match.. you should have some SQl queries to match from databases
            if($email == "freaky@jolly.com" && $password == "12345678")
            {
                $iat = time(); // time of token issued at
                $nbf = $iat + 10; //not before in seconds
                $exp = $iat + 60; // expire time of token in seconds
    
                $token = array(
                    "iss" => "http://example.org",
                    "aud" => "http://example.com",
                    "iat" => $iat,
                    "nbf" => $nbf,
                    "exp" => $exp,
                    "data" => array(
                            "id" => 11,
                            "email" => $email
                    )
                );
    
                http_response_code(200);
    
                $jwt = JWT::encode($token, SECRET_KEY);
    
    
                $data_insert=array(
                    'access_token' => $jwt,                                 
                    'id'   => '007',
                    'name' => 'Jolly',
                    'time' => time(),
                    'username' => 'FreakyJolly', 
                    'email' => 'contact@freakyjolly.com', 
                    'status' => "success",
                    'message' => "Successfully Logged In"
                );
    
    
            }else{
                $data_insert=array(
                    "data" => "0",
                    "status" => "invalid",
                    "message" => "Invalid Request"
                );  
            }   
    
    }
    // Get Dashboard stuff
    else if($action == 'stuff'){
    
        $authHeader = $_SERVER['HTTP_AUTHORIZATION'];
        $temp_header = explode(" ", $authHeader);
        $jwt = $temp_header[1];
    
        try {
            JWT::$leeway = 10;
            $decoded = JWT::decode($jwt, SECRET_KEY, array(ALGORITHM));
    
            // Access is granted. Add code of the operation here 
    
            $data_from_server = '{"Coords":[{"Accuracy":"65","Latitude":"53.277720488429026","Longitude":"-9.012038778269686","Timestamp":"Fri Jul 05 2013 11:59:34 GMT+0100 (IST)"},{"Accuracy":"65","Latitude":"53.277720488429026","Longitude":"-9.012038778269686","Timestamp":"Fri Jul 05 2013 11:59:34 GMT+0100 (IST)"},{"Accuracy":"65","Latitude":"53.27770755361785","Longitude":"-9.011979642121824","Timestamp":"Fri Jul 05 2013 12:02:09 GMT+0100 (IST)"},{"Accuracy":"65","Latitude":"53.27769091555766","Longitude":"-9.012051410095722","Timestamp":"Fri Jul 05 2013 12:02:17 GMT+0100 (IST)"},{"Accuracy":"65","Latitude":"53.27769091555766","Longitude":"-9.012051410095722","Timestamp":"Fri Jul 05 2013 12:02:17 GMT+0100 (IST)"}]}';
    
    
            $data_insert=array(
                "data" => json_decode($data_from_server),
                "status" => "success",
                "message" => "Request authorized"
            );  
    
        }catch (Exception $e){
    
            http_response_code(401);
    
            $data_insert=array(
                //"data" => $data_from_server,
                "jwt" => $jwt,
                "status" => "error",
                "message" => $e->getMessage()
            );
    
        }   
    }
    
    echo json_encode($data_insert);
    ?>
    
    0 讨论(0)
  • 2021-02-08 17:52

    firebase/php-jwt library uses Composer. Composer is a dependency manager for PHP similar to Maven in Java if you come from Android development background. You would need to know how to import classes in PHP using require/include functions of PHP. You would need some experience with php to use composer.

    In order to use firebase/php-jwt library without composer you could use the following sample code: (I downloaded the library inside jwt folder)

    require_once 'jwt/src/BeforeValidException.php';
    require_once 'jwt/src/ExpiredException.php';
    require_once 'jwt/src/SignatureInvalidException.php';
    require_once 'jwt/src/JWT.php';
    
    
    use \Firebase\JWT\JWT;
    
    $key = "example_key";
    $token = array(
       "iss" => "http://example.org",
       "aud" => "http://example.com",
       "iat" => 1356999524,
       "nbf" => 1357000000
    );
    
    /**
     * IMPORTANT:
     * You must specify supported algorithms for your application. See
     * https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40
     * for a list of spec-compliant algorithms.
    */
    $jwt = JWT::encode($token, $key);
    $decoded = JWT::decode($jwt, $key, array('HS256'));
    
    print_r($decoded);
    
    /*
     NOTE: This will now be an object instead of an associative array. To get
     an associative array, you will need to cast it as such:
    */
    
    $decoded_array = (array) $decoded;
    
    /**
    * You can add a leeway to account for when there is a clock skew times   between
    * the signing and verifying servers. It is recommended that this leeway should
    * not be bigger than a few minutes.
    *
    * Source: http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html#nbfDef
    */
       JWT::$leeway = 60; // $leeway in seconds
       $decoded = JWT::decode($jwt, $key, array('HS256'));
    
    0 讨论(0)
提交回复
热议问题