How might you go about writing your own token privoder in your CMS?
Here's a simple example in PHP using JWT tokens - you'd only need to implement getLoggedInCmsUser()
<?php
use ReallySimpleJWT\Token; // composer require rbdwllr/reallysimplejwt
require 'vendor/autoload.php';
$secret = 'sec!ReT123&'; // CHANGE THIS ^^
function getLoggedInCmsUser() {
return 'example'; // TODO implement (this bit will depend on your CMS)
}
if (isset($_GET['validate'])) { // validate an incoming request from the backend
$valid = Token::validate($_GET['validate'], $secret);
http_response_code($valid ? 200 : 403);
echo $valid ? 'valid' : 'invalid'; // for humans
} else { // generate a new access token based on the CMS logged in user
$user = getLoggedInCmsUser();
if ($user) {
$expiration = time() + 3600;
$token = Token::create($user, $secret, $expiration, 'cms');
header('Content-Type: text/plain');
echo $token;
} else {
http_response_code(401);
}
}This example works with the anuraStatusCodeTokenVerifier