Getting Started

Minimal Setup

Installation

composer require nghufron/aolauth

Ensure naailulghufron/aolauth is added to providers in config/app.php:

Naailulghufron\Aolauth\AolauthServiceProvider::class,

Publish Config

php artisan vendor:publish --provider="Naailulghufron\Aolauth\AolauthServiceProvider"

Configure .env with required keys (e.g., AOL_AUTH_KEY, AOL_AUTH_SECRET).

First Use Case Generate a token in a controller:

use Naailulghufron\Aolauth\Facades\Aolauth;

public function generateToken()
{
    $token = Aolauth::generateToken();
    return response()->json(['token' => $token]);
}

Implementation Patterns

Core Workflows

Token Generation
- Use the facade for simplicity:
```
$token = Aolauth::generateToken(['user_id' => 123, 'expires' => 3600]);
```
- Pass an array of claims (e.g., user_id, expires, custom_data).

Validation

Verify tokens in middleware:

use Naailulghufron\Aolauth\Middleware\VerifyToken;

protected $middleware = [
    VerifyToken::class,
];

Customize validation logic by extending the middleware.

Integration with Laravel Auth

Decode tokens to fetch user data:

$payload = Aolauth::decodeToken($token);
$user = User::find($payload['user_id']);

Advanced Patterns

Custom Claims Extend the Naailulghufron\Aolauth\TokenBuilder class to add custom logic:

class CustomTokenBuilder extends TokenBuilder {
    public function addCustomClaim($claim) {
        $this->claims['custom'] = $claim;
    }
}

Rate Limiting Combine with Laravel’s throttle middleware to limit token generation:

Route::middleware(['throttle:5,1'])->group(function () {
    Route::post('/generate-token', [TokenController::class, 'generateToken']);
});

Gotchas and Tips

Pitfalls

Missing Config
- Forgetting to publish the config or set .env keys will throw RuntimeException.
- Fix: Run php artisan vendor:publish and verify .env values.
Token Expiry
- Default expiry is null (no expiry). Always explicitly set expires in claims to avoid infinite tokens:
```
$token = Aolauth::generateToken(['expires' => time() + 3600]);
```
Secret Key Management
- Hardcoding secrets in config is insecure. Use Laravel’s env() or a secrets manager.

Debugging

Invalid Tokens Check the payload structure with:

try {
    $payload = Aolauth::decodeToken($token);
} catch (\Exception $e) {
    Log::error("Token decode failed: " . $e->getMessage());
}

Logging Enable debug mode in config:
```
'debug' => env('AOL_AUTH_DEBUG', false),
```
Logs will appear in storage/logs/laravel.log.

Extension Points

Custom Algorithms Override the default HMAC-SHA256 by extending Naailulghufron\Aolauth\TokenGenerator:

class CustomTokenGenerator extends TokenGenerator {
    protected function sign($payload, $secret) {
        return hash('sha512', $payload . $secret);
    }
}

Token Storage Store tokens in a database for revocation:

// After generation
Token::create([
    'token' => $token,
    'user_id' => $payload['user_id'],
    'expires_at' => $payload['expires'],
]);

Testing Mock the facade in tests:

$this->mock(Naailulghufron\Aolauth\Facades\Aolauth::class)
     ->shouldReceive('generateToken')
     ->andReturn('mocked_token_123');

Aolauth Laravel Package