iqbalatma / laravel-jwt-authentication
Requires
- ext-openssl: *
- archtechx/enums: ^1.0.0
- firebase/php-jwt: ^6.9
This package is auto-updated.
Last update: 2024-05-01 00:10:59 UTC
README
This is authentication for Laravel with JWT Based. Inspired by tymondesigns/jwt-auth and PHP-Open-Source-Saver/jwt-auth. This site was built using package from firebase/php-jwt for encode and decode JWT.
Next Feature
This is the lists of next feature
- Using certificates on encode and decode JWT
- Create command console for generate certificates
- Set user on guard login
- Reset user on guard logout
- Add information on config jwt_iqbal
- Rename config from jwt_iqbal into jwt
- Rename guard from jwt-iqbal into jwt
How To Install
This package using syntax and feature that only available on php version at least 8.0
composer require iqbalatma/laravel-jwt-authentication
Publishing Asset
You can publish asset for customization using this command
php artisan vendor:publish --provider='Iqbalatma\LaravelJwtAuthentication\LaravelJWTAuthenticationProvider'
Configuration config/auth.php
'defaults' => [ 'guard' => 'jwt-iqbal', 'passwords' => 'users', ], 'guards' => [ ... "jwt" => [ "driver" => "jwt", "provider" => "users" ] ],
Configuration config/jwt_iqbal.php
Jwt signin using public and private key is first priority, so if you define private and public key, jwt will be signing using this key pairs. But if you do not define private and public key, jwt will use secret key for signing. If two type key does not exists, it will throw an error.
Note
Here is available algorithm if you using secret key
- HS512
- HS256
- HS384
- HS224
Note
Here is available algorithm if you using pairs of public and private key
- RS512
- RS256
- RS384
- ES384
- ES256
- ES256K
<?php #token ttl is token lifetime on (seconds) #so the token will life and valid until ttl finish return [ 'algo' => env('JWT_ALGO', 'HS256'), "jwt_private_key" => env("JWT_PRIVATE_KEY", null), "jwt_public_key" => env("JWT_PUBLIC_KEY", null), "jwt_passphrase" => env("JWT_PASSPHRASE", null), 'secret' => env('JWT_SECRET', null), 'access_token_ttl' => env('JWT_TTL', 60 * 60), 'refresh_token_ttl' => env('JWT_REFRESH_TTL', 60 * 60 * 24 * 7), ];
Generate JWT Credentials
This credential is used for sign jwt token and make sure the token is valid
php artisan jwt:secret
or using pairs of public and secret key
php artisan jwt:generate-certs
How to use ?
Here is some available method for authentication
Authenticate User
This feature used for validate credentials from user request and return back access_token and refresh_token
use Illuminate\Support\Facades\Auth; $credentials = [ "email" => "admin@mail.com", "password" => "admin" ]; #this attempt method will return boolean when user validation success Auth::attempt($credentials); #passing true on second parameter to get return array of access_token and refresh_token Auth::attempt($credentials, true);
Logout User
This feature used for invalidate and blacklist current authorization token
use Illuminate\Support\Facades\Auth; Auth::logout();
Refresh Token
This feature used for invalidate access_token and refresh_token and invoke new access_token and refresh_token
use Illuminate\Support\Facades\Auth; Auth::refreshToken(Auth::user());
Login By System
This method use for login existing user via authenticable instance
use Illuminate\Support\Facades\Auth; use App\Models\User; $user = User::find(1); Auth::login($user);
Get Token
After login or attempt method triggered and successfully, you can get token access and refresh via guard instance
use Illuminate\Support\Facades\Auth; use App\Models\User; $credentials = [ "email" => "admin@mail.com", "password" => "admin" ]; Auth::attempt($credentials); Auth::getAccessToken(); Auth::getRefreshToken();
Issued Token Service
This is a service related to issued token, access or refresh token. You can get list of issued token with their user-agent or revoke the token
use Iqbalatma\LaravelJwtAuthentication\Services\IssuedTokenService; #use to get all issued token IssuedTokenService::getAllToken(); #use to get all issued refresh token IssuedTokenService::getAllTokenRefresh() #use to get all issued access token IssuedTokenService::getAllTokenAccess(); #use to revoke refresh token by user agent string name IssuedTokenService::revokeTokenRefreshByUserAgent('user-agent-name'); #use to revoke access token by user agent string name IssuedTokenService::revokeTokenAccessByUserAgent('user-agent-name'); #use to revoke both access and refresh token by user agent string name IssuedTokenService::revokeTokenByUserAgent('user-agent-name'); #use to revoke all token IssuedTokenService::revokeAllToken(); #use to revoke all token but current token IssuedTokenService::revokeAllTokenOnOtherUserAgent();