Color Mode


    Language

Using JWT in Laravel

January 8, 2021

Json web token JWT, it is a JSON-based open standard that is implemented to transfer statements between web application environment(RFC 7519).The token is designed to be compact and safe, JWT statements are generally used to pass authenticated user identity information between identity providers and service providers, In order to obtain resources from the resource server, you can also add some additional declaration information necessary for other business logic.The token can also be used directly for authentication or encrypted.

Laravel-JWT Installation and basic configuration

  • Install using composer
composer require tymon/jwt-auth 1.*@rc
  • Publish configuration file
# This command will add a jwt.php configuration file under config
php artisan vendor:publish --provider="Tymon\JWTAuth\Providers\LaravelServiceProvider"
  • Generate encryption key
# This command will generate an encryption key in the .env file, such as:JWT_SECRET=jwt
php artisan jwt:secret
  • Update your model

If you use the default User table to generate tokens, you need to add a piece of code under the model

<?php

namespace App;

use Tymon\JWTAuth\Contracts\JWTSubject;
use Illuminate\Notifications\Notifiable;
use Illuminate\Foundation\Auth\User as Authenticatable;

class User extends Authenticatable implements JWTSubject
{
    use Notifiable;

    // Rest omitted for brevity

    /**
     * Get the identifier that will be stored in the subject claim of the JWT.
     *
     * @return mixed
     */
    public function getJWTIdentifier()
    {
        return $this->getKey();
    }

    /**
     * Return a key value array, containing any custom claims to be added to the JWT.
     *
     * @return array
     */
    public function getJWTCustomClaims()
    {
        return [];
    }
}

  • Register two Facade

config/app.php

These two facades are not necessary, but using them will bring a little convenience to your code writing.

'aliases' => [
        ...
        // Add the following two lines
        'JWTAuth' => 'Tymon\JWTAuth\Facades\JWTAuth',
        'JWTFactory' => 'Tymon\JWTAuth\Facades\JWTFactory',
],

If you don’t use these two Facades, you can use the helper function auth()

auth() is an auxiliary function that returns a guard, which can be regarded as an Auth Facade for the time being.

// If you don’t use Facade, you can write like this
auth('api')->refresh();
// Use JWTAuth Facade
JWTAuth::parseToken()->refresh();
  • Modify auth.php

config/auth.php

These two facades are not necessary, but using them will bring a little convenience to your code writing.

'guards' => [
    'web' => [
        'driver' => 'session',
        'provider' => 'users',
    ],

    'api' => [
        'driver' => 'jwt',        // change token to jwt
        'provider' => 'users',
    ],
],
  • Register some routes

These two facades are not necessary, but using them will bring a little convenience to your code writing.

Route::group([

    'prefix' => 'auth'

], function ($router) {

    Route::post('login', 'AuthController@login');
    Route::post('logout', 'AuthController@logout');
    Route::post('refresh', 'AuthController@refresh');
    Route::post('me', 'AuthController@me');

});
  • Create token controller
php artisan make:controller AuthController

AuthController

<?php

namespace App\Http\Controllers;

use Illuminate\Support\Facades\Auth;
use App\Http\Controllers\Controller;

class AuthController extends Controller
{
    /**
     * Create a new AuthController instance.
     * Email and password are required (data source users table)
     *
     * @return void
     */
    public function __construct()
    {
        $this->middleware('auth:api', ['except' => ['login']]);
    }

    /**
     * Get a JWT via given credentials.
     *
     * @return \Illuminate\Http\JsonResponse
     */
    public function login()
    {
        $credentials = request(['email', 'password']);

        if (! $token = auth('api')->attempt($credentials)) {
            return response()->json(['error' => 'Unauthorized'], 401);
        }

        return $this->respondWithToken($token);
    }

    /**
     * Get the authenticated User.
     *
     * @return \Illuminate\Http\JsonResponse
     */
    public function me()
    {
        return response()->json(auth('api')->user());
    }

    /**
     * Log the user out (Invalidate the token).
     *
     * @return \Illuminate\Http\JsonResponse
     */
    public function logout()
    {
        auth('api')->logout();

        return response()->json(['message' => 'Successfully logged out']);
    }

    /**
     * Refresh a token.
     * @return \Illuminate\Http\JsonResponse
     */
    public function refresh()
    {
        return $this->respondWithToken(auth('api')->refresh());
    }

    /**
     * Get the token array structure.
     *
     * @param  string $token
     *
     * @return \Illuminate\Http\JsonResponse
     */
    protected function respondWithToken($token)
    {
        return response()->json([
            'access_token' => $token,
            'token_type' => 'bearer',
            'expires_in' => auth('api')->factory()->getTTL() * 60
        ]);
    }
}

Article Photo by Dillon Shook

phplaraveljwt

Author

Tianxiang Yang

Tianxiang Yang

PHP Developer

code & game

You may also like

March 1, 2023

How to set up Firebase dSYM upload for an iOS project with multiple environments (Xcode 14)

If you ever used Firebase Crashlytics for an iOS app's crash reports, chances are you also encountered the “missing dSYM files” warning in the Firebase console. The crash reports are basically useless without these files. The Firebase Crashlytics document...

Jiri Bucek

Jiri Bucek

iOS

February 14, 2023

How to create a simple app with Flutter on the Web

Recently, Monstarlab has been receiving an increasing number of app development projects using Flutter. In this article, we will have a look at how you can easily create a simple web app using Flutter on the web. How to create a simple sample app For this...

Seiya Shimizu

Seiya Shimizu

FlutterFrontend

ServicesCasesAbout Us
CareersThought LeadershipContact
© 2022 Monstarlab
Information Security PolicyPrivacy PolicyTerms of Service