Access attributes in ignored paths

[simensol]

Let's say I have a route \publicinfo that is accessible to both guests and registered users ('ignore' => ['/publicinfo']). How can I access the jwt attributes using $request->getAttribute("jwt") for registered users when they access \publicinfo? Since \publicinfo is added to ignore, the jwt attributes are never added to the $request object. However, if I remove \publicinfo from ignore, guests are not able to reach the route.

[tuupola]

You could remove /publicinfo from ignore and use northwoods/conditional-middleware to execute tuupola/slim-jwt-auth middleware only if request has a token.

[Frzk]

I did it another way:

Let your /publicinfo path in path so that the user has to have a valid JWT.

When a guest user tries to access it, the middleware will return a 401, which is expected.
The trick is to use the error option of the middleware to catch this situation and do whatever you want.

$app->add(new Tuupola\Middleware\JwtAuthentication([
    "path" => ["/publicinfo"],
    "error" => function($response, $arguments) use ($container) {
        if ($response->getStatusCode() === 401) {
            // The user is NOT authenticated, maybe display the login form:
            $response = $container->get('renderer')->render($response, 'publicinfo.html');
        } else {
            // Another error happened. Display an error message.
            $response = $container->get('renderer')->render($response, 'error.html');
        }

        return $response;
    },
]));