using shield's tokens wrong usage of $user->tokenCan() ?? #686
-
Hi, Generating tokens is straightforward. I see them being created in the DB. In the API controller however, I think I may be doing something wrong. Maybe someoane can help me. $user = auth()->user();
$tokens = $user->accessTokens();
foreach($tokens as $token) {
var_dump($token);
}
if ($user->tokenCan('my-permission')) {
echo "yes";
die();
}
echo "no"; I can see all the tokens through the var_dump. Also I see that "my-permission" is set correctly. Am I doing something wrong? Thank you |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments 3 replies
-
You can use filter |
Beta Was this translation helpful? Give feedback.
-
Oh, thank you. At least, in the sense that CI can differentiate between a valid token, and a not valid token. Not important in my use case, but I would like to know why. If the token is created with: shouldn't $user->tokenCan('my-permission') return true? thank you for your patience with me |
Beta Was this translation helpful? Give feedback.
-
oh, thank you. Stupid me. Thanks for the help |
Beta Was this translation helpful? Give feedback.
You can use filter
tokens
to protect the routes(api or any...):https://github.com/codeigniter4/shield/blob/develop/docs/guides/api_tokens.md#protecting-routes