Laravel JWT Auth – JSON Web Token authentication

Laravel JWT Auth is a package that provides a simple way to implement JSON Web Token (JWT) authentication in Laravel applications. JWT is a widely used standard for secure token-based authentication, making it suitable for APIs and single-page applications (SPAs).

 

Key Features of Laravel JWT Auth:

1. Token-Based Authentication: Uses JWTs to authenticate users without the need for session storage.
2. Stateless Authentication: Since JWTs are self-contained, they do not require server-side storage, making the application more scalable.
3. Easy Integration: Simple installation and setup process to integrate with Laravel applications.
4. Token Expiration and Refresh: Supports token expiration and allows for token refreshing.
5. User Payload Customization: Customize the payload that is included in the JWT.

Installation

To get started with Laravel JWT Auth, follow these steps:

1. Require the Package: Install the package via Composer:
   
   composer require tymon/jwt-auth

   1	composer require tymon/jwt-auth

2. Publish Configuration: Publish the configuration file using:
   
   php artisan vendor:publish --provider="Tymon\JWTAuth\Providers\LaravelServiceProvider"

   1	php artisan vendor:publish --provider="Tymon\JWTAuth\Providers\LaravelServiceProvider"

3. Generate JWT Secret Key: Run the following command to generate a secret key for JWT:
   
   php artisan jwt:secret

   1	php artisan jwt:secret

    

Setting Up Authentication

1. Updating the User Model: Ensure that your User model implements the JWTSubject interface. For example, in app/Models/User.php:
   
   namespace App\Models; use Illuminate\Foundation\Auth\User as Authenticatable; use Tymon\JWTAuth\Contracts\JWTSubject; class User extends Authenticatable implements JWTSubject { // Other model properties and methods... public function getJWTIdentifier() { return $this->getKey(); } public function getJWTCustomClaims() { return []; } }

   1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19

   namespace App\Models;   use Illuminate\Foundation\Auth\User as Authenticatable; use Tymon\JWTAuth\Contracts\JWTSubject;   class User extends Authenticatable implements JWTSubject {     // Other model properties and methods...       public function getJWTIdentifier()     {         return $this->getKey();     }       public function getJWTCustomClaims()     {         return [];     } }

2. Creating Authentication Routes: Define routes for user authentication in routes/api.php. Here’s an example:
   
   use App\Http\Controllers\AuthController; Route::post('login', [AuthController::class, 'login']); Route::post('logout', [AuthController::class, 'logout']); Route::post('refresh', [AuthController::class, 'refresh']); Route::get('user', [AuthController::class, 'getUser'])->middleware('auth:api');

   1 2 3 4 5 6

   use App\Http\Controllers\AuthController;   Route::post('login', [AuthController::class, 'login']); Route::post('logout', [AuthController::class, 'logout']); Route::post('refresh', [AuthController::class, 'refresh']); Route::get('user', [AuthController::class, 'getUser'])->middleware('auth:api');

3. Creating an Authentication Controller: Create an AuthController to handle authentication logic:
   
   php artisan make:controller AuthController

   1	php artisan make:controller AuthController

   In AuthController.php, implement the authentication logic:
   
   namespace App\Http\Controllers; use Illuminate\Http\Request; use Illuminate\Support\Facades\Auth; use App\Models\User; use Tymon\JWTAuth\Facades\JWTAuth; use Tymon\JWTAuth\Exceptions\JWTException; class AuthController extends Controller { public function login(Request $request) { $credentials = $request->only('email', 'password'); try { if (!$token = JWTAuth::attempt($credentials)) { return response()->json(['error' => 'invalid_credentials'], 401); } } catch (JWTException $e) { return response()->json(['error' => 'could_not_create_token'], 500); } return response()->json(compact('token')); } public function logout() { Auth::logout(); return response()->json(['message' => 'Successfully logged out']); } public function refresh() { $token = JWTAuth::refresh(JWTAuth::getToken()); return response()->json(compact('token')); } public function getUser() { return response()->json(Auth::user()); } }

   1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42

   namespace App\Http\Controllers;   use Illuminate\Http\Request; use Illuminate\Support\Facades\Auth; use App\Models\User; use Tymon\JWTAuth\Facades\JWTAuth; use Tymon\JWTAuth\Exceptions\JWTException;   class AuthController extends Controller {     public function login(Request $request)     {         $credentials = $request->only('email', 'password');           try {             if (!$token = JWTAuth::attempt($credentials)) {                 return response()->json(['error' => 'invalid_credentials'], 401);             }         } catch (JWTException $e) {             return response()->json(['error' => 'could_not_create_token'], 500);         }           return response()->json(compact('token'));     }       public function logout()     {         Auth::logout();         return response()->json(['message' => 'Successfully logged out']);     }       public function refresh()     {         $token = JWTAuth::refresh(JWTAuth::getToken());         return response()->json(compact('token'));     }       public function getUser()     {         return response()->json(Auth::user());     } }

    

Using JWT Authentication

1. Logging In: To log in, send a POST request to the /login endpoint with the user’s email and password. On successful login, the server responds with a JWT token.Example Request:
   
   POST /api/login Content-Type: application/json { "email": "user@example.com", "password": "password123" }

   1 2 3 4 5 6 7

   POST /api/login Content-Type: application/json   {     "email": "user@example.com",     "password": "password123" }

   Example Response:
   
   { "token": "your.jwt.token.here" }

   1 2 3

   {     "token": "your.jwt.token.here" }

2. Accessing Protected Routes: To access routes that require authentication, include the JWT token in the Authorization header:Example Request:
   
   GET /api/user Authorization: Bearer your.jwt.token.here

   1 2	GET /api/user Authorization: Bearer your.jwt.token.here

   Example Response:
   
   { "id": 1, "name": "John Doe", "email": "user@example.com" }

   1 2 3 4 5

   {     "id": 1,     "name": "John Doe",     "email": "user@example.com" }

3. Refreshing Tokens: To refresh a token, send a POST request to the /refresh endpoint:Example Request:
   
   POST /api/refresh Authorization: Bearer your.jwt.token.here

   1 2	POST /api/refresh Authorization: Bearer your.jwt.token.here

   Example Response:
   
   { "token": "new.jwt.token.here" }

   1 2 3

   {     "token": "new.jwt.token.here" }

    

Conclusion

Laravel JWT Auth is a powerful and flexible package for implementing JSON Web Token authentication in Laravel applications. By providing token-based authentication, it enhances the security and scalability of applications, particularly for APIs and SPAs.

 

1. Laravel Breeze – Simple authentication starter kit
2. Laravel Jetstream – Scaffolding for Laravel apps
3. Laravel Passport – API authentication via OAuth2
4. Laravel Sanctum – Simple API authentication
5. Spatie Laravel Permission – Role and permission management
6. Laravel Cashier – Subscription billing with Stripe
7. Laravel Scout – Full-text search using Algolia
8. Laravel Socialite – OAuth authentication (Google, Facebook, etc.)
9. Laravel Excel – Excel import and export for Laravel
10. Laravel Horizon – Redis queues monitoring
11. Laravel Nova – Admin panel for Laravel
12. Laravel Fortify – Backend authentication for Laravel
13. Laravel Vapor – Serverless deployment on AWS
14. Laravel Telescope – Debugging assistant for Laravel
15. Laravel Dusk – Browser testing
16. Laravel Mix – API for compiling assets
17. Spatie Laravel Backup – Backup management
18. Laravel Livewire – Building dynamic UIs
19. Spatie Laravel Media Library – Manage media uploads
20. Laravel Excel – Excel spreadsheet handling
21. Laravel Debugbar – Debug tool for Laravel
22. Laravel WebSockets – Real-time communication
23. Spatie Laravel Sitemap – Generate sitemaps
24. Laravel Spark – SaaS scaffolding
25. Laravel Envoy – Task runner for deployment
26. Spatie Laravel Translatable – Multilingual model support
27. Laravel Backpack – Admin panel
28. Laravel AdminLTE – Admin interface template
29. Laravel Collective Forms & HTML – Simplified form and HTML generation
30. Spatie Laravel Analytics – Google Analytics integration
31. Laravel Eloquent Sluggable – Automatically create slugs
32. Laravel Charts – Chart integration
33. Laravel Auditing – Track changes in models
34. Laravel JWT Auth – JSON Web Token authentication
35. Laravel Queue Monitor – Monitor job queues
36. Spatie Laravel Query Builder – Filter, sort, and include relationships in Eloquent queries
37. Laravel Datatables – jQuery Datatables API
38. Laravel Localization – Multilingual support for views and routes
39. Laravel Acl Manager – Access control list manager
40. Laravel Activity Log – Record activity in your app
41. Laravel Roles – Role-based access control
42. Spatie Laravel Tags – Tagging models
43. Laravel Installer – CLI installer for Laravel
44. Laravel Breadcrumbs – Generate breadcrumbs in Laravel
45. Laravel Mailgun – Mailgun integration for Laravel
46. Laravel Trustup Model History – Store model change history
47. Laravel Deployer – Deployment automation tool
48. Laravel Auth – Custom authentication guards
49. Laravel CORS – Cross-Origin Resource Sharing (CORS) support
50. Laravel Notifications – Send notifications through multiple channels
51. Spatie Laravel Http Logger – Log HTTP requests
52. Laravel Permission Manager – Manage permissions easily
53. Laravel Stubs – Customize default stubs in Laravel
54. Laravel Fast Excel – Speed up Excel exports
55. Laravel Image – Image processing
56. Spatie Laravel Backup Server – Centralize backups for Laravel apps
57. Laravel Forge API – Manage servers through the Forge API
58. Laravel Blade SVG – Use SVGs in Blade templates
59. Laravel Ban – Ban/unban users from your application
60. Laravel API Response – Standardize API responses
61. Laravel SEO – Manage SEO meta tags
62. Laravel Settings – Store and retrieve settings
63. Laravel DOMPDF – Generate PDFs
64. Laravel Turbo – Full-stack framework for building modern web apps
65. Spatie Laravel Event Sourcing – Event sourcing implementation
66. Laravel Jetstream Inertia – Jetstream’s Inertia.js integration
67. Laravel Envoy Tasks – Task automation
68. Laravel Likeable – Like/dislike functionality
69. Laravel GeoIP – Determine visitor’s geographic location
70. Laravel Country State City – Dropdowns for country, state, and city
71. Laravel Hashids – Generate short unique hashes
72. Laravel Repository – Repository pattern for Laravel
73. Laravel UUID – UUID generation for models
74. Spatie Laravel Medialibrary Pro – Enhanced media management
75. Laravel Queue Monitor – Monitor Laravel job queues
76. Laravel User Activity – Monitor user activity
77. Laravel DB Snapshots – Create database snapshots
78. Laravel Twilio – Twilio integration
79. Laravel Roles – Role-based permission handling
80. Laravel Translatable – Add translations to Eloquent models
81. Laravel Teamwork – Manage teams in multi-tenant apps
82. Laravel Full Text Search – Add full-text search to Laravel models
83. Laravel File Manager – File and media management
84. Laravel User Timezones – Automatically detect user time zones
85. Laravel ChartsJS – Render charts with ChartsJS
86. Laravel Stripe – Stripe API integration
87. Laravel PDF Generator – PDF generation
88. Laravel Elasticsearch – Elasticsearch integration
89. Laravel Simple Qrcode – Generate QR codes
90. Laravel Timezone – Manage timezones and conversions
91. Laravel Collective API – API management for Laravel
92. Laravel Rest API Boilerplate – REST API starter kit
93. Laravel Multi Auth – Multi-authentication functionality
94. Laravel Voyager – Admin panel for Laravel
95. Laravel Voyager Database – Database manager for Voyager
96. Laravel Categories – Handle categories for models
97. Laravel Multitenancy – Multi-tenancy implementation
98. Laravel Access Control – Advanced access control for users
99. Laravel Menus – Menu management
100. Laravel Translatable Routes – Multilingual route handling