cakephp 3.8.13 add admad/cakephp-jwt-auth

Question

This question is asked many times in the stack overflow but I tried every accepted solution.

I'm new to cake PHP and I was assigned to add JWT in our application. Previously the team used the default cake sessions. In order to integrate, I used admad/cakephp-jwt-auth. So In the AppController

public function initialize()
    {
        parent::initialize();
        $this->loadComponent('RequestHandler');
        $this->loadComponent('Flash');
        $this->loadComponent('Recurring');
        $this->loadComponent('Auth', [
                'storage' => 'Memory',
                'authenticate' => [
                    'Form' => [
                        'fields' => [
                            'username' => 'user_name',
                            'password' => 'password',
                        ],
                        'contain' => ['Roles']
                    ],
                    'ADmad/JwtAuth.Jwt' => [
                        'parameter' => 'token',
                        'userModel' => 'CbEmployees',
                        'fields' => [
                            'username' => 'id'
                        ],
                        'queryDatasource' => true
                    ]
                ],
                'unauthorizedRedirect' => false,
                'checkAuthIn' => 'Controller.initialize'
            ]);
}

I have to use CbEmployees which is our user model.

Then in my custom controller, I add my login function

public function login()
    {
        $user = $this->Auth->identify();
        if (!$user) {
            $data = "Invalid login details";
        } else {
            $tokenId  = base64_encode(32);
            $issuedAt = time();
            $key = Security::salt();
            $data = JWT::encode(
                [
                    'alg' => 'HS256',
                    'id' => $user['id'],
                    'sub' => $user['id'],
                    'iat' => time(),
                    'exp' =>  time() + 86400,
                ],
                $key
            );
        }
        $this->ApiResponse([
            "data" => $data
        ]);
    }

Then I call this function using postman with body

{
    "username": "developer",
    "password": "dev2020"
}

I always get the response as Invalid login details. So the suggested solution is to check the password data type and length. The password is varchar(255). Another solution is to check the password in the entity. In the entity I have

protected function _setPassword($password)
    {
        if (strlen($password) > 0) {
            return Security::hash($password, 'sha1', true);
            // return (new DefaultPasswordHasher)->hash($password);
        }
    }

I specifically asked why the team is using Security::hash($password, 'sha1', true); due to migration from cake 2 to cake 3 they have to use the same.

Why I'm getting always Invalid login details? What I'm doing wrong here? I can log in the using the same credentials when I'm using the application.

Answer 1

$user = $this->Auth->identify(); 

This line will work when you call AppController. Here, define about this, so you should move the login method to the other controller and extend AppCOntroller and then use Firebase/JWT to encode the data.