Installation and verification of JWT Auth in laravel
1. Use composer to install jwt, cmd to the project folder;
Composer require tymon / JWT auth 1.0. * (here the version number is written according to your own needs)
Install jwt, refer to official documentation https://jwt-auth.readthedocs.io/en/docs/laravel-installation/
2. If the laravel version is lower than 5.4
Open config in the root directory/ app.php
Add tymon \ jwtauth \ providers \ laraveserviceprovider:: class to the 'providers' array,
'providers' => [ ... Tymon\JWTAuth\Providers\LaravelServiceProvider::class,]
3. Add one under config jwt.php Profile for
php artisan vendor:publish --provider="Tymon\JWTAuth\Providers\LaravelServiceProvider"
4. Generate an encryption key under the. env file, such as JWT_SECRET=foobar
php artisan jwt:secret
5. Write the following code in the user model
<?php namespace App\Model; use Tymon\JWTAuth\Contracts\JWTSubject; use Illuminate\Notifications\Notifiable; use Illuminate\Foundation\Auth\User as Authenticatable; class User extends Authenticatable implements JWTSubject { // Rest omitted for brevity protected $table="user"; public $timestamps = false; public function getJWTIdentifier() { return $this->getKey(); } public function getJWTCustomClaims() { return []; } }
6. Sign up for two facades
config/app.php
'aliases' => [ ... // Add the following two lines 'JWTAuth' => 'Tymon\JWTAuth\Facades\JWTAuth', 'JWTFactory' => 'Tymon\JWTAuth\Facades\JWTFactory', ],
7. Modification auth.php
config/auth.php
'guards' => [ 'web' => [ 'driver' => 'session', 'provider' => 'users', ], 'api' => [ 'driver' => 'jwt', // Original token changed to jwt 'provider' => 'users', ], ],
8. Register route
Route::group([ 'prefix' => 'auth' ], function ($router) { $router->post('login', 'AuthController@login'); $router->post('logout', 'AuthController@logout'); });
9. Create token controller
php artisan make:controller AuthController
The code is as follows:
<?php namespace App\Http\Controllers; use App\Model\User; use Illuminate\Http\Request; use Tymon\JWTAuth\Facades\JWTAuth; class AuthController extends Controller { /** * Create a new AuthController instance. * * @return void */ public function __construct() { $this->middleware('auth:api', ['except' => ['login']]); } /** * Get a JWT via given credentials. * * @return \Illuminate\Http\JsonResponse */ public function login() { $credentials = request(['email', 'password']); if (! $token = auth('api')->attempt($credentials)) { return response()->json(['error' => 'Unauthorized'], 401); } return $this->respondWithToken($token); } /** * Get the authenticated User. * * @return \Illuminate\Http\JsonResponse */ public function me() { return response()->json(JWTAuth::parseToken()->touser()); } /** * Log the user out (Invalidate the token). * * @return \Illuminate\Http\JsonResponse */ public function logout() { JWTAuth::parseToken()->invalidate(); return response()->json(['message' => 'Successfully logged out']); } /** * Refresh a token. * * @return \Illuminate\Http\JsonResponse */ public function refresh() { return $this->respondWithToken(JWTAuth::parseToken()->refresh()); } /** * Get the token array structure. * * @param string $token * * @return \Illuminate\Http\JsonResponse */ protected function respondWithToken($token) { return response()->json([ 'access_token' => $token, 'token_type' => 'bearer', 'expires_in' => JWTAuth::factory()->getTTL() * 60 ]); } }
Note: attempt always returns false because the password is encrypted. Use bcrypt or password_ After hash encryption, it's OK
10. Verify token to get user information
There are two ways to use it:
Add to url:? Token = your token
Added to the header, this is recommended because it is more secure under https: auth orization:Bearer Your token
11. First of all, use the artisan command to generate a middleware, which I will name here as RefreshToken.php After the creation is successful, you need to inherit the BaseMiddleware of JWT
The code is as follows:
<?php namespace App\Http\Middleware; use Auth; use Closure; use Tymon\JWTAuth\Exceptions\JWTException; use Tymon\JWTAuth\Http\Middleware\BaseMiddleware; use Tymon\JWTAuth\Exceptions\TokenExpiredException; use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException; // Note that we are going to inherit jwt's BaseMiddleware class RefreshToken extends BaseMiddleware { /** * Handle an incoming request. * * @ param \Illuminate\Http\Request $request * @ param \Closure $next * * @ throws \Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException * * @ return mixed */ public function handle($request, Closure $next) { // Check whether there is a token in the request, and if not, throw an exception. $this->checkForToken($request); // Use try wrap to catch TokenExpiredException exception thrown by token expiration try { // Check the login status of the user, and if it is normal, pass the if ($this->auth->parseToken()->authenticate()) { return $next($request); } throw new UnauthorizedHttpException('jwt-auth', 'Not logged in'); } catch (TokenExpiredException $exception) { // The TokenExpiredException exception thrown by token expiration is caught here. What we need to do here is refresh the user's token and add it to the response header try { // Refresh user's token $token = $this->auth->refresh(); // Use one-time login to ensure the success of this request Auth::guard('api')->onceUsingId($this->auth->manager()->getPayloadFactory()->buildClaimsCollection()->toPlainArray()['sub']); } catch (JWTException $exception) { // If this exception is caught, that is to say, refresh also expires. The user cannot refresh the token and needs to log in again. throw new UnauthorizedHttpException('jwt-auth', $exception->getMessage()); } } // Return a new token in the response header return $this->setAuthenticationHeader($next($request), $token); } }
The main thing to be said here is that after the token is refreshed, not only the token needs to be placed in the return header, but also the token in the request header needs to be replaced. Because after the refresh, the token in the request header has already failed. If the business logic in the interface uses the token in the request header, then there will be problems.
Use here
$request->headers->set('Authorization','Bearer '.$token);
Refresh the token in the request header.
After creating and writing the middleware, just register the middleware and set it in App\Exceptions\Handler.php Add some exception handling to it.
12, kernel.php In file
$routeMiddleware add middleware configuration
'RefreshToken' => \App\Http\Middleware\RefreshToken::class,
13. Add route
Route::group(['prefix' => 'user'],function($router) { $router->get('userInfo','UserController@userInfo')->middleware('RefreshToken'); });
User information can be obtained through JWTAuth::user(); in the controller
For more PHP content, visit: