Installation and verification of JWT Auth in laravel (example)

Installation and verification of JWT Auth in laravel

 

1. Use composer to install jwt, cmd to the project folder;

Composer require tymon / JWT auth 1.0. * (here the version number is written according to your own needs)

Install jwt, refer to official documentation https://jwt-auth.readthedocs.io/en/docs/laravel-installation/

2. If the laravel version is lower than 5.4

Open config in the root directory/ app.php

Add tymon \ jwtauth \ providers \ laraveserviceprovider:: class to the 'providers' array,

'providers' => [ ... Tymon\JWTAuth\Providers\LaravelServiceProvider::class,]

3. Add one under config jwt.php Profile for

php artisan vendor:publish --provider="Tymon\JWTAuth\Providers\LaravelServiceProvider"

4. Generate an encryption key under the. env file, such as JWT_SECRET=foobar

php artisan jwt:secret

5. Write the following code in the user model

<?php
namespace App\Model;
use Tymon\JWTAuth\Contracts\JWTSubject;
use Illuminate\Notifications\Notifiable;
use Illuminate\Foundation\Auth\User as Authenticatable;
class User extends Authenticatable implements JWTSubject
{
 // Rest omitted for brevity
 protected $table="user";
 public $timestamps = false;
 public function getJWTIdentifier()
 {
 return $this->getKey();
 }
 public function getJWTCustomClaims()
 {
 return [];
 }
}

  

6. Sign up for two facades

config/app.php

'aliases' => [
 ...
 // Add the following two lines
 'JWTAuth' => 'Tymon\JWTAuth\Facades\JWTAuth',
 'JWTFactory' => 'Tymon\JWTAuth\Facades\JWTFactory',
],

  

7. Modification auth.php

config/auth.php

'guards' => [
 'web' => [
 'driver' => 'session',
 'provider' => 'users',
 ],
 'api' => [
 'driver' => 'jwt',      // Original token changed to jwt
 'provider' => 'users',
 ],
],

  

8. Register route

Route::group([
 'prefix' => 'auth'
], function ($router) {
 $router->post('login', 'AuthController@login');
 $router->post('logout', 'AuthController@logout');
});

  

9. Create token controller

php artisan make:controller AuthController

The code is as follows:

<?php
namespace App\Http\Controllers;
use App\Model\User;
use Illuminate\Http\Request;
use Tymon\JWTAuth\Facades\JWTAuth;
class AuthController extends Controller
{
 /**
 * Create a new AuthController instance.
 *
 * @return void
 */
 public function __construct()
 {
 $this->middleware('auth:api', ['except' => ['login']]);
 }
 /**
 * Get a JWT via given credentials.
 *
 * @return \Illuminate\Http\JsonResponse
 */
 public function login()
 {
 $credentials = request(['email', 'password']);
 if (! $token = auth('api')->attempt($credentials)) {
 return response()->json(['error' => 'Unauthorized'], 401);
 }
 return $this->respondWithToken($token);
 }
 /**
 * Get the authenticated User.
 *
 * @return \Illuminate\Http\JsonResponse
 */
 public function me()
 {
 return response()->json(JWTAuth::parseToken()->touser());
 }
 /**
 * Log the user out (Invalidate the token).
 *
 * @return \Illuminate\Http\JsonResponse
 */
 public function logout()
 {
 JWTAuth::parseToken()->invalidate();
 return response()->json(['message' => 'Successfully logged out']);
 }
 /**
 * Refresh a token.
 *
 * @return \Illuminate\Http\JsonResponse
 */
 public function refresh()
 {
 return $this->respondWithToken(JWTAuth::parseToken()->refresh());
 }
 /**
 * Get the token array structure.
 *
 * @param  string $token
 *
 * @return \Illuminate\Http\JsonResponse
 */
 protected function respondWithToken($token)
 {
 return response()->json([
 'access_token' => $token,
 'token_type' => 'bearer',
 'expires_in' => JWTAuth::factory()->getTTL() * 60
 ]);
 }
}

  

Note: attempt always returns false because the password is encrypted. Use bcrypt or password_ After hash encryption, it's OK

10. Verify token to get user information

There are two ways to use it:

Add to url:? Token = your token

Added to the header, this is recommended because it is more secure under https: auth orization:Bearer Your token

11. First of all, use the artisan command to generate a middleware, which I will name here as RefreshToken.php After the creation is successful, you need to inherit the BaseMiddleware of JWT

The code is as follows:

<?php
namespace App\Http\Middleware;
use Auth;
use Closure;
use Tymon\JWTAuth\Exceptions\JWTException;
use Tymon\JWTAuth\Http\Middleware\BaseMiddleware;
use Tymon\JWTAuth\Exceptions\TokenExpiredException;
use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
// Note that we are going to inherit jwt's BaseMiddleware
class RefreshToken extends BaseMiddleware
{
 /**
 * Handle an incoming request.
 *
 * @ param  \Illuminate\Http\Request $request
 * @ param  \Closure $next
 *
 * @ throws \Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException
 *
 * @ return mixed
 */
 public function handle($request, Closure $next)
 {
 // Check whether there is a token in the request, and if not, throw an exception.
 $this->checkForToken($request);
 // Use try wrap to catch TokenExpiredException exception thrown by token expiration
 try {
 // Check the login status of the user, and if it is normal, pass the
 if ($this->auth->parseToken()->authenticate()) {
 return $next($request);
 }
 throw new UnauthorizedHttpException('jwt-auth', 'Not logged in');
 } catch (TokenExpiredException $exception) {
 // The TokenExpiredException exception thrown by token expiration is caught here. What we need to do here is refresh the user's token and add it to the response header
 try {
 // Refresh user's token
 $token = $this->auth->refresh();
 // Use one-time login to ensure the success of this request
 Auth::guard('api')->onceUsingId($this->auth->manager()->getPayloadFactory()->buildClaimsCollection()->toPlainArray()['sub']);
 } catch (JWTException $exception) {
 // If this exception is caught, that is to say, refresh also expires. The user cannot refresh the token and needs to log in again.
 throw new UnauthorizedHttpException('jwt-auth', $exception->getMessage());
 }
 }
 // Return a new token in the response header
 return $this->setAuthenticationHeader($next($request), $token);
 }
}

  

The main thing to be said here is that after the token is refreshed, not only the token needs to be placed in the return header, but also the token in the request header needs to be replaced. Because after the refresh, the token in the request header has already failed. If the business logic in the interface uses the token in the request header, then there will be problems.

Use here

$request->headers->set('Authorization','Bearer '.$token);

  

Refresh the token in the request header.

After creating and writing the middleware, just register the middleware and set it in App\Exceptions\Handler.php Add some exception handling to it.

12, kernel.php In file

$routeMiddleware add middleware configuration

'RefreshToken' => \App\Http\Middleware\RefreshToken::class,

  

13. Add route

Route::group(['prefix' => 'user'],function($router) {
 $router->get('userInfo','UserController@userInfo')->middleware('RefreshToken');
});

  

User information can be obtained through JWTAuth::user(); in the controller

For more PHP content, visit:

Tencent T3-T4 standard boutique PHP architect tutorial directory, as long as you read it to ensure a higher salary (continuous update)

Tags: PHP JSON Laravel REST

Posted on Thu, 28 May 2020 08:48:45 -0400 by bacarudaguy