I'm transitioning my API from slim-3 to slim-4 and I'm struggling to figure out how to add JWT to the middleware

Question

I'm using composer to install the slim-skeleton. Those built in routes work as expected. I understand how to add in my previous routes and database connections, but I've been struggling on how to add in any JWT library. I've searched and searched but I'm not finding much documentation for Slim-4 and what I've tried always seems to fail one way or another.

So for example I use composer to install tuupola/slim-jwt-auth and it says to add the following code:

$app = new Slim\App;

$app->add(new Tuupola\Middleware\JwtAuthentication([
    "secret" => "supersecretkeyyoushouldnotcommittogithub"
]));

but where or how exactly do I add it to the middleware? Does it need to be added to app/middleware.php? All the documentation I read has a completely different file structure with other directories and whatnot. Once this is placed in the correct spot it looks like when a request is made without a token I should get a 401 Unauthorized response.

After that part is working I know I need to create a route to get my access token, but I'm not seeing anything about that in this library so I would assume I need another library to encode my token and return it from my request.

Once I actually get a token response and pass it in the headers for my actual request route I would assume I do something like the following

$app->get("/protected-route-name", function ($request, $response, $arguments) {
    $token = $request->getAttribute("token");
    // Not sure what to put next to verify the token and allow the response or display a error if there is no token or the token in invalid.

});

I'm open to firebase or any JWT library if someone has one they like and that works well, I just need some direction as I feel all the documentation is lacking.

Answer 1

      use \Firebase\JWT\JWT;

get token

       $headers = apache_request_headers();
         if(isset($headers['Authorization'])){
    $decoded = JWT::decode($headers['Authorization'], $publicKey, array("RS256"));
    .... verify token.
    }

    $jwt = JWT::encode($payload, $privateKey, "RS256");

boom done.

you don't even really need to use middle ware to do this. slim made itself way overly complex with that. But the truth is between slim3 and slim 4, on a very basic setup, the only thing that has changed is the getBody() on the json writing.

honestly, not really sure how useful this is anymore to be honest. everything is cloudbased now. Only reason I found this is trying to figure out how to use Google Identity Platform with Slim.