Merge pull request #422 from codeigniter4/mobile-token-guides

kenjis · web-flow · commit 6a8a7dc7c3d1 · 2022-09-14T09:47:20.000+09:00
docs: mobile token guides
diff --git a/docs/guides/mobile_apps.md b/docs/guides/mobile_apps.md
@@ -0,0 +1,60 @@
+# Mobile Authentication with Access Tokens
+
+Access Tokens can be used to authenticate mobile applications that are consuming your API. This is similar to how you would work with [third-party users](api_tokens.md) of your API, but with small differences in how you would issue the tokens.
+
+## Issuing the Tokens
+
+Typically, a mobile application would issue a request from their login screen, passing in the credentials to authenticate with. Once authenticated you would return the `raw token` within the response and that would be saved on the device to use in following API calls.
+
+Start by creating a route that would handle the request from the login screen on the mobile device. The device name can be any arbitrary string, but is typically used to identify the device the request is being made from, like "Johns iPhone 13".
+
+```php
+
+// Routes.php
+$route->post('auth/token', 'App\Controllers\Auth\LoginController::mobileLogin');
+
+// LoginController.php
+namespace App\Controllers\Auth;
+
+use CodeIgniter\Controllers\BaseController;
+
+class LoginController extends BaseController
+{
+    public function mobileLogin()
+    {
+        // Validate credentials
+        $rules = setting('Validation.login') ?? [
+            'email' => [
+                'label' => 'Auth.email',
+                'rules' => config('AuthSession')->emailValidationRules,
+            ],
+            'password' => [
+                'label' => 'Auth.password',
+                'rules' => 'required',
+            ],
+        ];
+
+        if (! $this->validate($rules)) {
+            return $this->response
+                ->setJSON(['errors' => $this->validator->getErrors()])
+                ->setStatusCode(422)
+        }
+
+        // Attempt to login
+        $result = auth()->attempt($this->request->getPost(setting('Auth.validFields')));
+        if (! $result->isOK()) {
+            return $this->response
+                ->setJSON(['error' => $result->reason])
+                ->setStatusCode(401);
+        }
+
+        // Generate token and return to client
+        $token = auth()->user()->generateAccessToken(service('request')->getVar('device_name'));
+
+        return $this->response
+            ->setJSON(['token' => $token->raw_token]);
+    }
+}
+```
+
+When making all future requests to the API, the mobile client should return the raw token in the `Authorization` header as a `Bearer` token.
diff --git a/docs/index.md b/docs/index.md
@@ -12,3 +12,4 @@
 
 Guides:
 * [Protecting an API with Access Tokens](guides/api_tokens.md)
+* [Mobile Authentication with Access Tokens](guides/mobile_apps.md)

Original file line number	Diff line number	Diff line change
`@@ -12,3 +12,4 @@`
`12`	`12`
`13`	`13`	`Guides:`
`14`	`14`	`* [Protecting an API with Access Tokens](guides/api_tokens.md)`
	`15`	`+* [Mobile Authentication with Access Tokens](guides/mobile_apps.md)`