Trongate Website Homepage

How to Attach Tokens in Trongate MX

The mx-token attribute in Trongate MX allows you to attach Trongate Tokens to outgoing HTTP requests. This feature enables seamless integration of Trongate's authentication and authorization system with your AJAX requests.

Syntax

<element mx-token="YOUR_TRONGATE_TOKEN">

The mx-token attribute should contain a valid Trongate Token, which is a random string used for authentication and authorization purposes.

Usage

  1. Add the attribute to an element that triggers an AJAX request (e.g., a button with mx-get or mx-post).
  2. Set the value to your Trongate Token.

Example

The code sample below is provided for the purposes of clarity only. Never hard code a Trongate Token value into an HTML template or view file!

<button mx-get="http://localhost/api/protected_resource" 
        mx-token="hnBxP56rZ6rMtUbxqS2gCEE6beKjUd7X">
    Fetch Protected Resource
</button>

In this example:

Obtaining Trongate Tokens in PHP

Trongate Tokens can be obtained within any working controller file, within the 'modules' directory. The particular PHP code that is used to fetch a Trongate Token value may differ, depending on the use case. However, the following code snippet demonstrates one possible technique that could be used to fetch a Trongate Token value.

$this->module('trongate_tokens');
$trongate_token = $this->trongate_tokens->_attempt_get_valid_token();

Another example of a mechanism by which a Trongate Token could be fetched is by calling the 'Trongate Security' module. For example:

$this->module('trongate_security');
$trongate_token = $this->trongate_security->_make_sure_allowed();

In both of the examples offered, the Trongate Token would be assigned with a variable of false (boolean) if the user was not able to be authorized/authenticated.

Passing Tokens Into View Files

Once the token is obtained, it can be passed to a view file:

$data['trongate_token'] = $trongate_token;
$this->view('manage', $data);

In the view file, you can then inject the token into the JavaScript:

<script>
const trongateToken = '<?= $trongate_token ?>';
</script>

How It Works

When an element with the mx-token attribute triggers an AJAX request:

  1. Trongate MX retrieves the token value from the attribute.
  2. The token is added to the request headers with the key 'trongateToken'.
  3. The server can then use this token for authentication and authorization purposes.
  1. Security: Always use HTTPS when sending Trongate Tokens to ensure the tokens are encrypted during transmission.
  2. Token Management: Implement proper token management on the client-side, including secure storage and refreshing of tokens when necessary.
  3. Scope: Use tokens with appropriate scopes and permissions for the specific API endpoints being accessed.

Additional Information:

  • Trongate Tokens are random strings, typically 32 characters long.
  • The mx-token attribute can be used in conjunction with other Trongate MX attributes like mx-get, mx-post, etc.
  • Server-side validation of Trongate Tokens is handled by the Trongate framework's authentication system.

Warning: Be cautious when exposing Trongate Tokens in your HTML. Ensure that your application's security measures prevent unauthorized access to these tokens.

Additional Notes

By utilizing the mx-token attribute, you can easily integrate Trongate's authentication system into your AJAX requests, providing a secure and seamless way to access protected resources in your Trongate applications.