mathieu-bour/guardian

Highly configurable JSON Web Token implementation for Laravel and Lumen.

0.1.0 2020-05-16 22:41 UTC

This package is auto-updated.

Last update: 2020-05-16 22:50:53 UTC


README

GitHub license Packagist Version Packagist GitHub issues GitHub pull requests Codecov Scrutinizer code quality

Highly configurable JSON Web Token implementation for Laravel and Lumen.

Guardian exposes an additional authentication guardian driver, which can be used like the standard session or token drivers.

Guardian follows the Semantic Versioning specification.

The master branch should not be considered stable prior to the 1.0.0 release.

Motivations

Our company based its back-end on the Lumen Framework and we needed a stateless identification and authentication method. We chose to use the JSON Web Tokens which combines security and ease. While some libraries exist like tymondesigns/jwt-auth or laravel/passport, they did not meet our requirements. Indeed, we wanted to have control over the cryptographic algorithms of the keys as well as to be able to use several of them.

After careful consideration, we decided to develop our own JWT library for Lumen which was later ported to Laravel and shared open-source.

Acknowledgements

Prerequisites

  • PHP >= 7.2
  • Laravel/Lumen 6 or 7

Installation

Simply add Guardian to your project dependencies.

composer require mathieu-bour/guardian

Depending on the algorithm you want to use, install the corresponding cryptographic library:

Algorithm Library Required PHP extensions
ECDSA web-token/jwt-signature-algorithm-ecdsa openssl
EdDSA web-token/jwt-signature-algorithm-eddsa sodium
HMAC web-token/jwt-signature-algorithm-hmac n/a
RSA web-token/jwt-signature-algorithm-rsa openssl, gmp

If you do not know which algorithm to choose, we recommend ECDSA with the ES512 algorithm and the P-521 curve.

Laravel

Publish the default Guardian configuration:

php artisan vendor:publish --provider="Windy\Guardian\GuardianServiceProvider"

Lumen

Copy the default Guardian configuration from vendor/mathieu-bour/guardian/config/guardian.php to config/guardian.php. Then, add the provider to your bootstrap/app.php and load the configuration with:

$app->configure('guardian');

$app->register(Windy\Guardian\GuardianServiceProvider::class);

If you want to use the Guardian Facade, ensure that the application is loaded with Facades in your bootstrap/app.php.

$app->withFacades();

Next steps

Alternatives

Here, we humbly refer to the alternatives to Guardian that we found interesting.

laravel/passport

Passport is the official Laravel library which supports JWT authentication.

Laravel makes API authentication a breeze using Laravel Passport, which provides a full OAuth2 server implementation for your Laravel application in a matter of minutes.

tymondesigns/jwt-auth

jwt-auth is a worthwhile alternative to Guardian which provides a higher-level API, such as authenticating users directly from the request credentials via a Facade. jwt-auth also provides a way to blacklist the generated tokens whereas Guardian leaves the implementation to the developer. If you are looking for a simpler way to use JWT, we highly recommend that you take a look to this library!