Laravel JWT Auth is a package that provides a simple way to implement JSON Web Token (JWT) authentication in Laravel applications. JWT is a widely used standard for secure token-based authentication, making it suitable for APIs and single-page applications (SPAs).
Key Features of Laravel JWT Auth:
- Token-Based Authentication: Uses JWTs to authenticate users without the need for session storage.
- Stateless Authentication: Since JWTs are self-contained, they do not require server-side storage, making the application more scalable.
- Easy Integration: Simple installation and setup process to integrate with Laravel applications.
- Token Expiration and Refresh: Supports token expiration and allows for token refreshing.
- User Payload Customization: Customize the payload that is included in the JWT.
Advertisement
Installation
To get started with Laravel JWT Auth, follow these steps:
- Require the Package: Install the package via Composer:
1composer require tymon/jwt-auth - Publish Configuration: Publish the configuration file using:
1php artisan vendor:publish --provider="Tymon\JWTAuth\Providers\LaravelServiceProvider" - Generate JWT Secret Key: Run the following command to generate a secret key for JWT:
1php artisan jwt:secret
Setting Up Authentication
- Updating the User Model: Ensure that your
User
model implements theJWTSubject
interface. For example, inapp/Models/User.php
:
12345678910111213141516171819namespace App\Models;use Illuminate\Foundation\Auth\User as Authenticatable;use Tymon\JWTAuth\Contracts\JWTSubject;class User extends Authenticatable implements JWTSubject{// Other model properties and methods...public function getJWTIdentifier(){return $this->getKey();}public function getJWTCustomClaims(){return [];}} - Creating Authentication Routes: Define routes for user authentication in
routes/api.php
. Here’s an example:
123456use App\Http\Controllers\AuthController;Route::post('login', [AuthController::class, 'login']);Route::post('logout', [AuthController::class, 'logout']);Route::post('refresh', [AuthController::class, 'refresh']);Route::get('user', [AuthController::class, 'getUser'])->middleware('auth:api'); - Creating an Authentication Controller: Create an
AuthController
to handle authentication logic:
1php artisan make:controller AuthController
InAuthController.php
, implement the authentication logic:
123456789101112131415161718192021222324252627282930313233343536373839404142namespace App\Http\Controllers;use Illuminate\Http\Request;use Illuminate\Support\Facades\Auth;use App\Models\User;use Tymon\JWTAuth\Facades\JWTAuth;use Tymon\JWTAuth\Exceptions\JWTException;class AuthController extends Controller{public function login(Request $request){$credentials = $request->only('email', 'password');try {if (!$token = JWTAuth::attempt($credentials)) {return response()->json(['error' => 'invalid_credentials'], 401);}} catch (JWTException $e) {return response()->json(['error' => 'could_not_create_token'], 500);}return response()->json(compact('token'));}public function logout(){Auth::logout();return response()->json(['message' => 'Successfully logged out']);}public function refresh(){$token = JWTAuth::refresh(JWTAuth::getToken());return response()->json(compact('token'));}public function getUser(){return response()->json(Auth::user());}}
Using JWT Authentication
- Logging In: To log in, send a POST request to the
/login
endpoint with the user’s email and password. On successful login, the server responds with a JWT token.Example RequestAdvertisement
1234567POST /api/loginContent-Type: application/json{"email": "user@example.com","password": "password123"}
Example Response:
123{"token": "your.jwt.token.here"} - Accessing Protected Routes: To access routes that require authentication, include the JWT token in the Authorization header:Example Request:
12GET /api/userAuthorization: Bearer your.jwt.token.here
Example Response:
12345{"id": 1,"name": "John Doe","email": "user@example.com"} - Refreshing Tokens: To refresh a token, send a POST request to the
/refresh
endpoint:Example Request:
12POST /api/refreshAuthorization: Bearer your.jwt.token.here
Example Response:
123{"token": "new.jwt.token.here"}
Conclusion
Laravel JWT Auth is a powerful and flexible package for implementing JSON Web Token authentication in Laravel applications. By providing token-based authentication, it enhances the security and scalability of applications, particularly for APIs and SPAs.
- Laravel Breeze – Simple authentication starter kit
- Laravel Jetstream – Scaffolding for Laravel apps
- Laravel Passport – API authentication via OAuth2
- Laravel Sanctum – Simple API authentication
- Spatie Laravel Permission – Role and permission management
- Laravel Cashier – Subscription billing with Stripe
- Laravel Scout – Full-text search using Algolia
- Laravel Socialite – OAuth authentication (Google, Facebook, etc.)
- Laravel Excel – Excel import and export for Laravel
- Laravel Horizon – Redis queues monitoring
- Laravel Nova – Admin panel for Laravel
- Laravel Fortify – Backend authentication for Laravel
- Laravel Vapor – Serverless deployment on AWS
- Laravel Telescope – Debugging assistant for Laravel
- Laravel Dusk – Browser testing
- Laravel Mix – API for compiling assets
- Spatie Laravel Backup – Backup management
- Laravel Livewire – Building dynamic UIs
- Spatie Laravel Media Library – Manage media uploads
- Laravel Excel – Excel spreadsheet handling
- Laravel Debugbar – Debug tool for Laravel
- Laravel WebSockets – Real-time communication
- Spatie Laravel Sitemap – Generate sitemaps
- Laravel Spark – SaaS scaffolding
- Laravel Envoy – Task runner for deployment
- Spatie Laravel Translatable – Multilingual model support
- Laravel Backpack – Admin panel
- Laravel AdminLTE – Admin interface template
- Laravel Collective Forms & HTML – Simplified form and HTML generation
- Spatie Laravel Analytics – Google Analytics integration
- Laravel Eloquent Sluggable – Automatically create slugs
- Laravel Charts – Chart integration
- Laravel Auditing – Track changes in models
- Laravel JWT Auth – JSON Web Token authentication
- Laravel Queue Monitor – Monitor job queues
- Spatie Laravel Query Builder – Filter, sort, and include relationships in Eloquent queries
- Laravel Datatables – jQuery Datatables API
- Laravel Localization – Multilingual support for views and routes
- Laravel Acl Manager – Access control list manager
- Laravel Activity Log – Record activity in your app
- Laravel Roles – Role-based access control
- Spatie Laravel Tags – Tagging models
- Laravel Installer – CLI installer for Laravel
- Laravel Breadcrumbs – Generate breadcrumbs in Laravel
- Laravel Mailgun – Mailgun integration for Laravel
- Laravel Trustup Model History – Store model change history
- Laravel Deployer – Deployment automation tool
- Laravel Auth – Custom authentication guards
- Laravel CORS – Cross-Origin Resource Sharing (CORS) support
- Laravel Notifications – Send notifications through multiple channels
- Spatie Laravel Http Logger – Log HTTP requests
- Laravel Permission Manager – Manage permissions easily
- Laravel Stubs – Customize default stubs in Laravel
- Laravel Fast Excel Advertisement
- Laravel Image – Image processing
- Spatie Laravel Backup Server – Centralize backups for Laravel apps
- Laravel Forge API – Manage servers through the Forge API
- Laravel Blade SVG – Use SVGs in Blade templates
- Laravel Ban – Ban/unban users from your application
- Laravel API Response – Standardize API responses
- Laravel SEO – Manage SEO meta tags
- Laravel Settings – Store and retrieve settings
- Laravel DOMPDF – Generate PDFs
- Laravel Turbo – Full-stack framework for building modern web apps
- Spatie Laravel Event Sourcing – Event sourcing implementation
- Laravel Jetstream Inertia – Jetstream’s Inertia.js integration
- Laravel Envoy Tasks – Task automation
- Laravel Likeable – Like/dislike functionality
- Laravel GeoIP – Determine visitor’s geographic location
- Laravel Country State City – Dropdowns for country, state, and city
- Laravel Hashids – Generate short unique hashes
- Laravel Repository – Repository pattern for Laravel
- Laravel UUID – UUID generation for models
- Spatie Laravel Medialibrary Pro – Enhanced media management
- Laravel Queue Monitor – Monitor Laravel job queues
- Laravel User Activity – Monitor user activity
- Laravel DB Snapshots – Create database snapshots
- Laravel Twilio – Twilio integration
- Laravel Roles – Role-based permission handling
- Laravel Translatable – Add translations to Eloquent models
- Laravel Teamwork – Manage teams in multi-tenant apps
- Laravel Full Text Search – Add full-text search to Laravel models
- Laravel File Manager – File and media management
- Laravel User Timezones – Automatically detect user time zones
- Laravel ChartsJS – Render charts with ChartsJS
- Laravel Stripe – Stripe API integration
- Laravel PDF Generator – PDF generation
- Laravel Elasticsearch – Elasticsearch integration
- Laravel Simple Qrcode – Generate QR codes
- Laravel Timezone – Manage timezones and conversions
- Laravel Collective API – API management for Laravel
- Laravel Rest API Boilerplate – REST API starter kit
- Laravel Multi Auth – Multi-authentication functionality
- Laravel Voyager – Admin panel for Laravel
- Laravel Voyager Database – Database manager for Voyager
- Laravel Categories – Handle categories for models
- Laravel Multitenancy – Multi-tenancy implementation
- Laravel Access Control – Advanced access control for users
- Laravel Menus – Menu management
- Laravel Translatable Routes – Multilingual route handling