Shield is a comprehensive security solution for Lucky framework. It features robust authentication and authorization, including user registrations, logins and logouts, password resets and more.
Get started using Meth
Meth is a Lucky application scaffold that gets you up and running with Shield.
Version 0.4.0 enables authentication via access tokens, per RFC 6750. Any registered user may create bearer logins, and delegate some or all of their rights to them in the form of
In Shield, every action represents a single scope, which, if included in a bearer login’s assigned
scopes, would allow a client possessing that bearer login’s token to access that action.
Further, all authentication actions that can be performed in the browser have their API equivalents. So you may do logins, password resets, email confirmations, user registrations etc., via API. You may even create bearer logins via API.
Shield does not use session for authentication in APIs, even if you log in with an email and password. It relies solely on bearer tokens, and auto generates one for you when required.
We’ve made browser tests for password and email confirmations easier. In development, Shield autoclicks password reset and email confirmation links for you, so you do not have to set up an actual MTA (mail transport agent).
This version improves on features introduced in earlier versions, and fixes a few bugs.
Find source and documentation on GitHub: