Make Laravel JWT Authentication easy.

v1.0 2021-11-25 20:37 UTC

This package is auto-updated.

Last update: 2022-01-25 21:10:13 UTC


README

Larajwt

Larajwt

Make Laravel JWT Authentication easy

Tests PSR-12 Standard

Introduction

Laravel comes with different packages suitable to manage Stateless and Stateful Authentication inside projects, but JWT is missing. This package lets you to easily add and manage JWT into your Laravel applications.

Getting Started

  • Install Vendor:
composer require andreapollastri/larajwt
  • Export the package migration:
php artisan vendor:publish --provider="Andr3a\Larajwt\LarajwtServiceProvider" --tag="larajwt-migrations"
  • Run migrations:
php artisan migrate
  • Add the middleware "jwt" to each authenticable route:
->middleware(['jwt'])
JWT_ACCESS_TOKEN_SECRET_KEY=<SET-A-SECRET>
JWT_REFRESH_TOKEN_SECRET_KEY=<SET-ANOTHER-SECRET>



Custom Configuration

Larajwt has default configurations about JWT Secrets and Tokens Validation Time.
To customize them export and edit the config/larajwt.php file:

php artisan vendor:publish --provider="Andr3a\Larajwt\LarajwtServiceProvider" --tag="larajwt-config"



API Documentation


Login Endpoint

Get JWT Tokens to login the User.

POST /api/auth

Request Header

Parameter Type Description
Content-Type string Required. application/json
Accept string Required. application/json

Request Body Payload

Parameter Type Description
username string Required. User username
password string Required. User password

Response

Parameter Type Description
access_token string The JWT Access Token for the User.
refresh_token string The JWT Refresh Token for the User.
expires_in integer The number of seconds the access token is valid.
token_type string Will always be bearer.

"ME" Endpoint

Get Authentication Status and User Data Information.

GET /api/auth

Request Header

Parameter Type Description
Authorization string Required. Bearer Access Token
Content-Type string Required. application/json
Accept string Required. application/json

Response

Parameter Type Description
user object User data information

Refresh Endpoint

Refresh JWT Tokens.

PATCH /api/auth

Request Header

Parameter Type Description
Content-Type string Required. application/json
Accept string Required. application/json

Request Body Payload

Parameter Type Description
refresh_token string Required. JWT Refresh Token

Response

Parameter Type Description
access_token string The JWT Access Token for the User.
refresh_token string The JWT Refresh Token for the User.
expires_in integer The number of seconds the access token is valid.
token_type string Will always be bearer.

Logout Endpoint

Revoke User Session to logout the User.

DELETE /api/auth

Request Header

Parameter Type Description
Authorization string Required. Bearer Access Token
Content-Type string Required. application/json
Accept string Required. application/json



API Response Status Codes

Revoke User Session to logout the User.

Request Header

Status Type Description
200 OK Successful Action
401 Error Invalid or Expired Token (Unauthorized)
422 Error Invalid or Missed Payload (Bad Request)



Security Vulnerabilities and Bugs

If you discover any security vulnerability or any bug within larajwt, please open an issue.

Contributing

Thank you for considering contributing to this project!

Licence

Larajwt is open-source software licensed under the MIT license.

Enjoy larajwt ;)