blob / laravel-jwt-auth
A simple Laravel interface for authenticating by JWT.
Requires
- php: >=5.5.9
- lcobucci/jwt: ~3.2.0
- nesbot/carbon: ~1.21
This package is not auto-updated.
Last update: 2024-11-16 00:07:35 UTC
README
NOTE: This package is no longer in active development. Feel free to fork and extend it as needed.
A simple Laravel interface for interacting with the JWT auth API.
Installation
To install the package, simply add the following to your Laravel installation's composer.json file:
"require": { "laravel/framework": "5.*", "blob/laravel-jwt-auth": "dev-master" },
Run composer update to pull in the files.
Then, add the following Service Provider to your providers array in your config/app.php file:
'providers' => [ ... JWTAuth\Providers\JWTAuthServiceProvider::class, JWTAuth\Providers\JWTEventServiceProvider::class, ];
Then, add the following Facade to your aliases array in your config/app.php file:
'aliases' => [ ... 'JWTAuth' => JWTAuth\Facades\JWTAuth::class, ];
Then, add the following Middleware to your routeMiddleware array in your app/Http/Kernel.php file:
protected $routeMiddleware = [ ... 'jwt.auth' => \JWTAuth\Http\Middleware\JWTAuth::class, 'jwt.auth.acl' => \JWTAuth\Http\Middleware\JWTAuthAcl::class, ];
From the command-line run:
php artisan vendor:publish --provider="JWTAuth\Providers\JWTAuthServiceProvider"
Configuration
Open config/jwt.php and configure the api endpoint and credentials:
return [ 'username' => 'email', 'secret' => 'secret_change_me',//32 length 'token_header' => 'Authorization', //post, get, ... 'token_name' => 'token', //ex: example.com 'iss' => 'iss_change_me', //ex: my_app_name 'aud' => 'aud_change_me', //token expiration 'expiration' => 3600,//sec 'store' => 'file', //count of attempt fails by credentials 'attempts' => 5, //block user on *min, if count of attempts not remain 'attempts_exp' => 60, //min ];
Usage
Authenticate by credentials
try { $credentials = $request->only(['email', 'password']); if (!JWTAuth::attempt($credentials)) { return response()->json(['reason' => 'user_not_found', 'message' => 'User with provided credentials not found.'], 404); } } catch (AttemptException $e) { return response()->json(['reason' => 'attempt_locked', 'message' => $e->getMessage()], $e->getStatusCode()); } catch (TokenUnavailableException $e) { return response()->json(['reason' => 'token_unavailable', 'message' => $e->getMessage()], $e->getStatusCode()); } catch (TokenExpiredException $e) { return response()->json(['reason' => 'token_expired', 'message' => $e->getMessage()], $e->getStatusCode()); } catch (TokenInvalidException $e) { return response()->json(['reason' => 'token_invalid', 'message' => $e->getMessage()], $e->getStatusCode()); } catch (JWTException $e) { return response()->json(['reason' => 'token_not_provided', 'message' => $e->getMessage()], $e->getStatusCode()); }
Authenticate by token
try { JWTAuth::validateToken(JWTAuth::getToken()); if (!JWTAuth::attempt()) { return response()->json(['reason' => 'user_not_found', 'message' => 'User with provided credentials not found.'], 404); } } catch (AttemptException $e) { return response()->json(['reason' => 'attempt_locked', 'message' => $e->getMessage()], $e->getStatusCode()); } catch (TokenUnavailableException $e) { return response()->json(['reason' => 'token_unavailable', 'message' => $e->getMessage()], $e->getStatusCode()); } catch (TokenExpiredException $e) { return response()->json(['reason' => 'token_expired', 'message' => $e->getMessage()], $e->getStatusCode()); } catch (TokenInvalidException $e) { return response()->json(['reason' => 'token_invalid', 'message' => $e->getMessage()], $e->getStatusCode()); } catch (JWTException $e) { return response()->json(['reason' => 'token_not_provided', 'message' => $e->getMessage()], $e->getStatusCode()); }
Get user will be return \App\User object after calling attempt() method.
$user = JWTAuth::user();
Create and get new token. Where $user is instance of \App\User.
$tokenObject = JWTAuth::createToken($user);
Get token object from string.
$tokenObject = JWTAuth::parseToken($token);
Method getToken() will search token in headers or request data.
Get token as string
$tokenString = (string)JWTAuth::getToken();
Get token as object (\Lcobucci\JWT\Token)
$tokenObject = JWTAuth::getToken();
Mark token as unavailable. Where $token is instance of \Lcobucci\JWT\Token.
JWTAuth::forgetToken($token);
Validate token. Where $token is instance of \Lcobucci\JWT\Token
try { JWTAuth::validateToken($token) } catch( /** * @throws \JWTAuth\Exceptions\TokenExpiredException * @throws \JWTAuth\Exceptions\TokenInvalidException * @throws \JWTAuth\Exceptions\TokenUnavailableException */ ) { }
Set username field name instead config default email
JWTAuth::setUsername('login');
Get current username field name
$username = JWTAuth::username();
Get user (\App\User) by credentials
$user = JWTAuth::retrieveByCredentials($credentials);
Get user (\App\User) by token (\Lcobucci\JWT\Token)
$user = JWTAuth::retrieveByJWT($token);
Login user. Where $user is instance of \App\User
login($user);