Step 9 — Authentication

Only Northwind members should create tasks. Add login and protect writes.

What you will learn

  • Scaffold auth with make:auth
  • Issue a JWT from member.login
  • Call $this->mustAuthenticate() in createAction
Before you start

Generate auth backend

php pionia make:auth jwt

Follow prompts to register JwtAuthentication in environment/settings.ini under [app_authentications].

MemberService login

php pionia make:service member

Implement a minimal loginAction that validates email/password and returns a token via security() helpers — see Security guide for a full DeskFlow example with team_members table.

Register 'member' => MemberService::class on MainSwitch.

Protect createAction

At the top of createAction:

$this->mustAuthenticate();

Login curl

curl -s -X POST http://127.0.0.1:8000/api/v1/ \
  -H "Content-Type: application/json" \
  -d '{"service":"member","action":"login","email":"alex@northwind.studio","password":"secret"}'

Create with token:

curl -s -X POST http://127.0.0.1:8000/api/v1/ \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -d '{"service":"task","action":"create","title":"Client kickoff"}'

Common mistakes

  • 401 on list — protect only mutating actions unless product requires auth everywhere.
  • Token in JSON body — send Authorization: Bearer header.