Laravel JWT Auth – JSON Web Token authentication

Laravel JWT Auth is a package that provides a simple way to implement JSON Web Token (JWT) authentication in Laravel applications. JWT is a widely used standard for secure token-based authentication, making it suitable for APIs and single-page applications (SPAs).

 

Key Features of Laravel JWT Auth:

1. Token-Based Authentication: Uses JWTs to authenticate users without the need for session storage.
2. Stateless Authentication: Since JWTs are self-contained, they do not require server-side storage, making the application more scalable.
3. Easy Integration: Simple installation and setup process to integrate with Laravel applications.
4. Token Expiration and Refresh: Supports token expiration and allows for token refreshing.
5. User Payload Customization: Customize the payload that is included in the JWT.

Installation

To get started with Laravel JWT Auth, follow these steps:

1. Require the Package: Install the package via Composer:
   
   composer require tymon/jwt-auth

   1	composer require tymon/jwt-auth

2. Publish Configuration: Publish the configuration file using:
   
   php artisan vendor:publish --provider="Tymon\JWTAuth\Providers\LaravelServiceProvider"

   1	php artisan vendor:publish --provider="Tymon\JWTAuth\Providers\LaravelServiceProvider"

3. Generate JWT Secret Key: Run the following command to generate a secret key for JWT:
   
   php artisan jwt:secret

   1	php artisan jwt:secret

    

Setting Up Authentication

1. Updating the User Model: Ensure that your User model implements the JWTSubject interface. For example, in app/Models/User.php:
   
   namespace App\Models; use Illuminate\Foundation\Auth\User as Authenticatable; use Tymon\JWTAuth\Contracts\JWTSubject; class User extends Authenticatable implements JWTSubject { // Other model properties and methods... public function getJWTIdentifier() { return $this->getKey(); } public function getJWTCustomClaims() { return []; } }

   1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19

   namespace App\Models;   use Illuminate\Foundation\Auth\User as Authenticatable; use Tymon\JWTAuth\Contracts\JWTSubject;   class User extends Authenticatable implements JWTSubject {     // Other model properties and methods...       public function getJWTIdentifier()     {         return $this->getKey();     }       public function getJWTCustomClaims()     {         return [];     } }

2. Creating Authentication Routes: Define routes for user authentication in routes/api.php. Here’s an example:
   
   use App\Http\Controllers\AuthController; Route::post('login', [AuthController::class, 'login']); Route::post('logout', [AuthController::class, 'logout']); Route::post('refresh', [AuthController::class, 'refresh']); Route::get('user', [AuthController::class, 'getUser'])->middleware('auth:api');

   1 2 3 4 5 6

   use App\Http\Controllers\AuthController;   Route::post('login', [AuthController::class, 'login']); Route::post('logout', [AuthController::class, 'logout']); Route::post('refresh', [AuthController::class, 'refresh']); Route::get('user', [AuthController::class, 'getUser'])->middleware('auth:api');

3. Creating an Authentication Controller: Create an AuthController to handle authentication logic:
   
   php artisan make:controller AuthController

   1	php artisan make:controller AuthController

   In AuthController.php, implement the authentication logic:
   
   namespace App\Http\Controllers; use Illuminate\Http\Request; use Illuminate\Support\Facades\Auth; use App\Models\User; use Tymon\JWTAuth\Facades\JWTAuth; use Tymon\JWTAuth\Exceptions\JWTException; class AuthController extends Controller { public function login(Request $request) { $credentials = $request->only('email', 'password'); try { if (!$token = JWTAuth::attempt($credentials)) { return response()->json(['error' => 'invalid_credentials'], 401); } } catch (JWTException $e) { return response()->json(['error' => 'could_not_create_token'], 500); } return response()->json(compact('token')); } public function logout() { Auth::logout(); return response()->json(['message' => 'Successfully logged out']); } public function refresh() { $token = JWTAuth::refresh(JWTAuth::getToken()); return response()->json(compact('token')); } public function getUser() { return response()->json(Auth::user()); } }

   1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42

   namespace App\Http\Controllers;   use Illuminate\Http\Request; use Illuminate\Support\Facades\Auth; use App\Models\User; use Tymon\JWTAuth\Facades\JWTAuth; use Tymon\JWTAuth\Exceptions\JWTException;   class AuthController extends Controller {     public function login(Request $request)     {         $credentials = $request->only('email', 'password');           try {             if (!$token = JWTAuth::attempt($credentials)) {                 return response()->json(['error' => 'invalid_credentials'], 401);             }         } catch (JWTException $e) {             return response()->json(['error' => 'could_not_create_token'], 500);         }           return response()->json(compact('token'));     }       public function logout()     {         Auth::logout();         return response()->json(['message' => 'Successfully logged out']);     }       public function refresh()     {         $token = JWTAuth::refresh(JWTAuth::getToken());         return response()->json(compact('token'));     }       public function getUser()     {         return response()->json(Auth::user());     } }

    

Using JWT Authentication

1. Logging In: To log in, send a POST request to the /login endpoint with the user’s email and password. On successful login, the server responds with a JWT token.

   Example Request:

   POST /api/login Content-Type: application/json { "email": "user@example.com", "password": "password123" }

   1 2 3 4 5 6 7

   POST /api/login Content-Type: application/json   {     "email": "user@example.com",     "password": "password123" }

   Example Response:

   { "token": "your.jwt.token.here" }

   1 2 3

   {     "token": "your.jwt.token.here" }

2. Accessing Protected Routes: To access routes that require authentication, include the JWT token in the Authorization header:

   Example Request:

   GET /api/user Authorization: Bearer your.jwt.token.here

   1 2	GET /api/user Authorization: Bearer your.jwt.token.here

   Example Response:

   { "id": 1, "name": "John Doe", "email": "user@example.com" }

   1 2 3 4 5

   {     "id": 1,     "name": "John Doe",     "email": "user@example.com" }

3. Refreshing Tokens: To refresh a token, send a POST request to the /refresh endpoint:

   Example Request:

   POST /api/refresh Authorization: Bearer your.jwt.token.here

   1 2	POST /api/refresh Authorization: Bearer your.jwt.token.here

   Example Response:

   { "token": "new.jwt.token.here" }

   1 2 3

   {     "token": "new.jwt.token.here" }

    

Conclusion

Laravel JWT Auth is a powerful and flexible package for implementing JSON Web Token authentication in Laravel applications. By providing token-based authentication, it enhances the security and scalability of applications, particularly for APIs and SPAs.

 

Additional Considerations

• Documentation: For more detailed information, advanced features, and configuration options, refer to the official Laravel JWT Auth documentation.
• Security Practices: Always follow security best practices when implementing authentication, such as using HTTPS and securing sensitive data.