I am using the CakePHP plugin (https://github.com/t73biz/cakephp2-jwt-auth). My CakePHP app is version 2.6.2. I have added this to my Auth Component in the AppController.
'JwtAuth.JwtToken' => array(
'fields' => array(
'username' => 'email',
'password' => 'password',
'token' => '_token'
),
'parameter' => '_token',
'contain' => array(
'Organization'
),
'scope' => array(
'User.status' => 'A',
//'User.frozen' => 0,
'User.locked_out' => 0,
'Organization.status' => 'A',
//'User.failed_sign_ins < 4'
),
'header' => 'X_JSON_WEB_TOKEN',
'pepper' => 'pepper' // Says pepper because I do not want to show the pepper key I used for my code
),
I know that the plugin runs because I add a die statement in the getUser function in the plugin and it shows up when I do the API request.
public function getUser(CakeRequest $request) {
$token = $this->_getToken($request);
if ($token) {
return $this->_findUser($token);
}
return false;
}
This is the function that is part of the JwtTokenAuthenticate.php in the Component directory in the Controller directory of the plugin. When I debug $request, I do not get the header as part of the request. I am using Postman for testing the API and Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjp7ImlkIjoiMTIiLCJzdWIiOiIxMiJ9LCJpYXQiOjE0ODcyNTUxMjYsImV4cCI6MTQ4NzI1ODcyNn0.5hoyXltPmEXIA3eVtJnnn3Dor2lhviej31eZNbaMbow
If I understand you correctly you're trying to pass auth token via
Authorizationheader? But according to the plugin docs you should be doing it either viaX_JSON_WEB_TOKENheader or_tokenquery param.