Summary

Securely inject user- or session-specific tokens into your component using Joomla’s native token methods — ideal for protecting forms, AJAX calls, or custom endpoints against CSRF and unauthorized access.

What It Does

JCB enables seamless integration of Joomla’s built-in token mechanisms into your generated component. This includes:

• Session token injection via Joomla\CMS\Session\Session::getFormToken()
• Frontend & backend token validation during form submissions
• Token appending to URLs and AJAX requests
• Optional token output via placeholders in templates or snippets

Use Cases

• Secure frontend form submissions to prevent CSRF
• Protect AJAX routes by requiring a valid token
• Add hidden token fields to Custom Admin Views or Site Views
• Validate incoming requests in controllers and custom logic blocks

How to Use It in JCB

1. Use the {{token}} placeholder in Layouts or Templates to inject the form token dynamically.
2. Enable “Token Protection” when defining custom form actions.
3. Use JCB’s built-in Controller Hooks or Custom Code entities to check token validity:

   if (!JSession::checkToken()) {
       throw new \Exception('Invalid Token', 403);
   }

Integration Points

• Site View & Admin View Forms
• Custom AJAX controllers
• Inline templates for login, submissions, or public actions
• API endpoints where validation is required

Benefits

• No manual implementation needed — JCB automates token setup
• Works across all Joomla versions (J3, J4, J5)
• Keeps your component secure with minimal effort
• Prevents forgery or session spoofing during sensitive actions

Conclusion

Token Integration is a small but essential security feature that JCB fully automates. Whether protecting your admin tools or frontend interactions, it ensures your component follows Joomla’s security standards while remaining fully customizable. Just add the placeholder or toggle a setting — and you’re secure.