How to work with JWT and laminas api tools?

I am new to Laminas API tools.
I am working on a project where I am trying to achieve similar to google.

So basically I will have a separate database for my users which later can be used for different projects. And my API project will be calling a separate database.

While I can send JWT authentication from angular to API, I am not sure how should I be handling the JWT token?

What I want:

  1. Send authentication (JWT) from angular to laminas API
  2. Laminas API checks the authentication and authenticate
  3. Laminas also checks if the user has permission to access the resources

I am mainly puzzled in number 3, how do I handle the permission in API? I can send a list of claims in JWT, but how would I validate that in API?

Any suggestions?

>

I am mainly puzzled in number 3, how do I handle the permission in API? I can send a list of claims in JWT, but how would I validate that in API?

You can:

  1. extract the token claims in a middleware, put them into the ServerRequest attributes
  2. use the claim from the ServerRequest in a post-routing middleware, match them against routes and decide whether that matches your authorization model