How to implement JWT Authentication.
Effortlessly Implementing it in Fast, Simple Steps.
After you have finished reading my post see my repo:jwt-auth-in-laravel
Table Of Contents
Install
- Install package php-open-source-saver/jwt-auth
composer require php-open-source-saver/jwt-auth- Run the following command to publish the package config file:
php artisan vendor:publish --provider="PHPOpenSourceSaver\JWTAuth\Providers\LaravelServiceProvider"- I have included a helper command to generate a key for you:
php artisan jwt:secretThis will update your .env file with something like JWT_SECRET=foobar
It is the key that will be used to sign your tokens. How that happens exactly will depend on the algorithm that you choose to use.
Implementation
The implementationdepends if you want to use algorithms ofsymmetric orasymmetric encryption
⚠️ If you want to implement the JWT authentication with a symmetric algorithm please scroll tocode implementation ⚠️
Generate a certificate for asymmetric encryption
For generating certificates the command
php artisan jwt:generate-certscan be used. The .env file will be updated, to use the newly created certificates.
The command accepts the following parameters.
| name | description |
|---|---|
| force | override existing certificates |
| algo | Either rsa or ec |
| bits | Key length for rsa |
| curve | Curve to be used for ec |
| sha | Hashing algorithm |
| passphrase | Passphrase for the cert |
| dir | Folder to place the certificates |
Examples
Generating a 4096-bit rsa certificate with sha 512
php artisan jwt:generate-certs --force --algo=rsa --bits=4096 --sha=512Generating an ec certificate with prime256v1-curve and sha 512
php artisan jwt:generate-certs --force --algo=ec --curve=prime256v1 --sha=512After you have chosen the encryption algorithms with PUBLIC AND PRIVATE KEY.
Your .env file has to look like this:
JWT_PRIVATE_KEY=file://../storage/certs/jwt-ec-4096-private.pem
JWT_PUBLIC_KEY=file://../storage/certs/jwt-ec-4096-public.pem
code implementation
- First You must add in config/auth.php the guard of JWT
'guards'=>['web'=>['driver'=>'session','provider'=>'users',],'api'=>['driver'=>'jwt','provider'=>'users',],],- Your User model has to look like this:
namespaceApp\Models;useIlluminate\Database\Eloquent\Factories\HasFactory;useIlluminate\Foundation\Auth\UserasAuthenticatable;useIlluminate\Notifications\Notifiable;useLaravel\Sanctum\HasApiTokens;usePHPOpenSourceSaver\JWTAuth\Contracts\JWTSubject;classUserextendsAuthenticatableimplementsJWTSubject{useHasApiTokens,HasFactory,Notifiable;protected$fillable=['name','email','password',];protected$hidden=['password','remember_token',];protected$casts=['email_verified_at'=>'datetime',];publicfunctiongetJWTCustomClaims(){return[];}publicfunctiongetJWTIdentifier(){return$this->getKey();}}- You have to create the routes for the AuthJwtController in your routes/api.php file
useApp\Http\Controllers\ApiController;useIlluminate\Http\Request;useIlluminate\Support\Facades\Route;useApp\Http\Controllers\AuthJwtController;Route::controller(AuthJwtController::class)->group(function(){Route::post('login','login');Route::post('refresh','refresh');Route::post('blacklist','blacklist');Route::post('logout','logout');Route::get('get-token/{user_id}','getTokenByUser');});- You have to add yours private endpoints in the middleware auth:jwt, like this:
Route::controller(ApiController::class)->middleware('auth:api')->group(function(){Route::get('private-endpoint','privateEndopint');});- You can configure the time of expiration of the tokens by adding this to the .env file
JWT_TTL=60You can see more configurations in config/jwt.php file
- Finally, you have to create the AuthJwtController
useIlluminate\Http\JsonResponse;useIlluminate\Http\Request;useIlluminate\Support\Facades\Validator;useIlluminate\Support\Facades\Auth;classAuthJwtControllerextendsController{publicfunction__construct(){$this->middleware('auth:api',['except'=>['login']]);}publicfunctionlogin(Request$request):JsonResponse{$validate=Validator::make($request->all(),['email'=>'required|string|email','password'=>'required|string',]);if($validate->fails()){returnresponse()->json(['status'=>false,'error_message'=>$validate->errors(),],400);}$credentials=$request->only('email','password');$token=Auth::guard('api')->attempt($credentials);if(!$token){returnresponse()->json(['status'=>false,'message'=>'Unauthorized',],401);}returnresponse()->json(['status'=>true,'authorisation'=>['token'=>$token,'type'=>'bearer',],]);}//if you want use this methods for yourself, add role in your user model and you validate in this methodspublicfunctionrefresh():JsonResponse{returnresponse()->json(['status'=>true,'authorisation'=>['token'=>Auth::refresh(true),'type'=>'bearer',],]);}publicfunctionblackList():JsonResponse{//if you want add to blacklist forever, pass true as parameterAuth::invalidate();returnresponse()->json(['status'=>true,'message'=>'token added to blacklist successfully'],200);}publicfunctionlogout():JsonResponse{Auth::logout();returnresponse()->json(['status'=>true,'message'=>'logout successfully'],200);}publicfunctiongetTokenByUser(Request$request):JsonResponse{$validate=Validator::make(['user_id'=>$request->user_id],['user_id'=>'required',]);if($validate->fails()){returnresponse()->json(['status'=>false,'error_message'=>$validate->errors(),],400);}if(!Auth::tokenById($request->user_id)){returnresponse()->json(['status'=>false,'error_message'=>"There aren't Token with this user id",],400);}returnresponse()->json(['status'=>true,'token'=>Auth::tokenById($request->user_id)]);}}After you have completed the steps, You can use your JWT authentication in your Laravel app.
let's start to test the JWT authentication.
POSTMAN
When we are testing our private endpoints that have a middleware with JWT we should hit the /login endpoint with the credentials copy the token and then embed it in the baren token of our private endpoint that has the JWT middleware.
Don't worry about that, follow the following steps to automate a pre-request that sets the JWT token in the bearer token to our private endpoint.
- First you must import the collection into your Postman app
- Import the environment in your Postman app
- You have to select the environment imported
- You have to create an endpoint inside of the collection imported and put the authorization Bearer Token like this:
Do you not know how to import environments and collections on Postman?
Don't worry, learn about that in the following links:
Top comments(0)
For further actions, you may consider blocking this person and/orreporting abuse
