Security and Custom Auth Helper

Tina4 uses JWT to encrypt tokens for validation. These tokens are not always practical when doing integrations and one might want to do other versions of verification. To this end we can extend the \Tina4\Auth class and overwrite the core methods.

Declaring the custom authentication class

A custom authentication has the following layout:

ExampleAuth.php

<?php

class ExampleAuth extends \Tina4\Auth
{

    final public function validToken(string $token, string $publicKey = "", string $encryption = \Nowakowskir\JWT\JWT::ALGORITHM_RS256): bool
    {
        //Some custom auth validation, maybe checking the token from the database, the token passed through is either formToken or Authorization header
        $token = str_replace("Bearer", "",  $token);
        if (trim($token) === "ABC") 
        {
            return true; //token is valid
        }

        return parent::validToken($token, $publicKey, $encryption);
    }
}

Instantiating or activating the custom authentication class

The auth helper needs to be instantiated in index.php

index.php

<?php

require_once "./vendor/autoload.php";

$config = new \Tina4\Config(static function (\Tina4\Config $config){
    //Your own config initializations

});

//Instantiate the custom auth helper
$config->setAuthentication((new ExampleAuth()));

echo new \Tina4\Tina4Php($config);

Hot Tips

  • You can also check the token payload if you use a JWT token
  • If want a quick authentication mechanism use the API_KEY global in .env to create a quick bearer auth mechanism.