Customize the JWT claims in Laravel/Passport access tokens
Switch branches/tags
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
resources/config Initial commit Apr 20, 2017
src Initial commit Apr 20, 2017
tests Update passport version to 4.0 Dec 5, 2017
.gitignore Initial commit Apr 20, 2017
.travis.yml Update passport version to 4.0 Dec 5, 2017
LICENSE.txt Initial commit Apr 20, 2017
README.md Update passport version to 3.0 Jul 13, 2017
composer.json Add package discovery for Laravel 5.5 Dec 5, 2017
composer.lock Add package discovery for Laravel 5.5 Dec 5, 2017
phpunit.xml Initial commit Apr 20, 2017

README.md

Laravel Passport Custom JWT Claims

Build Status Customize the JWT claims in Laravel/Passport access tokens

What are JWT claims?

All access tokens issued by Laravel/Passport are in fact JSON web tokens (JWT). Each token contains a set of claims consisting of JSON key value pairs. Because the token is cryptographically signed using a public/private RSA key pair we can trust that the claims contained in the token were issued by Laravel/Passport.

Here is an example token containing the default Laravel/Passport claims:

eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6IjllNzAxMjhmOTkwZTFlZjI0NGFmMDc0YjQzMzA2YTRmNDViZWFiNjU1MzM5NjE2ODIyOGJmODc2Y2UwMTAwNTIyNGZhMTc5MzdkMGYwMTU3In0.eyJhdWQiOiJjOGUxMDRmMC0wNTYyLTExZTctOTA1Yi0zZDc3ZGY5N2YyZjgiLCJqdGkiOiI5ZTcwMTI4Zjk5MGUxZWYyNDRhZjA3NGI0MzMwNmE0ZjQ1YmVhYjY1NTMzOTYxNjgyMjhiZjg3NmNlMDEwMDUyMjRmYTE3OTM3ZDBmMDE1NyIsImlhdCI6MTQ4OTkwMTc1NSwibmJmIjoxNDg5OTAxNzU1LCJleHAiOjE1MjE0Mzc3NTUsInN1YiI6ImM4ZGY5OWEwLTA1NjItMTFlNy05MDgyLWJmZDdhYTMzMTFlOCIsInNjb3BlcyI6W119.qFGwfeWezJZZaxNIZyPfnnGHkUdAPhHvJ3Nf3NYa8Y5Ba2ubfil21KgzeugY1aDSU93oWLMcUzGkoVblT1U79IlPV6JiGhMA4x7jHB5yJPKZeH-maaB8HKzQ8CoFG0YEAc_60G2ZwCDLv-NhuaxgDOXFc7FaX1qc3U1MpyJixEIjZc0xQ_CuRRVf3Kzx1rTXedJpbqFxTDYGDnKx4HLo5l96t8mdlmiToU6TphYDRAIkQjsTZKP9YRRIahm3cZF56nO9qaqpTpANjhiV4IJqejDki53NkBEqnhDLS4ZPJFK2qLD62Aiw7wBxKhmfNyYQJNxeC6D1PaftFzudbAi7RtQikn0xIgzKl1jmMpgjyGmAPQfnqMlE68rMIw-KqICh2nPQJcr5OO8ZsBMzL5EbjBOjemBHAm2sBViijqaU2-Ig3bwCB_kfKLrtumuUPIDbWV3tTMzBBSdY6P9dnVGJZawYiheU4rAqiru1fWZ8WpdGASrAxfRmiRTqDnRMQ82unbi5MC-f-NJhmhRwFN4QAgmxGm2T4gy0uRdKZ3ER_FDE4MEsKGb0qIkkGtjt77eLBq_jA6GXbVP948lbJAKTJsi3KOR5rMhZSAI-MywTMXWUISn5ZwgCAHfwUofPJNpGqRAkm9l5lcjMVTf2-VYCB7VdREizvg-fidZ9HcYUfSo

If we decode the token you get the following JWT payload object:

{
  "aud": "c8e104f0-0562-11e7-905b-3d77df97f2f8",
  "jti": "9e70128f990e1ef244af074b43306a4f45beab6553396168228bf876ce01005224fa17937d0f0157",
  "iat": 1489901755,
  "nbf": 1489901755,
  "exp": 1521437755,
  "sub": "c8df99a0-0562-11e7-9082-bfd7aa3311e8",
  "scopes": []
}

For reference, the claim aud is the Laravel/Passport client_id that issued the token and the key sub refers to the user id in your laravel users table. Note that my client_id and user_id columns are UUID data types.

Why would you need custom claims?

The OpenID Connect protocol requires JWT claims that are not included in Laravel/Passport access tokens. Adding custom claims allows us to use access tokens issued by Laravel/Passport to authenticate with other services using OpenID Connect. For example, with this package it is possible to use a Laravel/Passport access token to authenticate a laravel user on a Couchbase Sync Gateway server.

Installation

Install the package via composer:

composer require benbjurstrom/passport-custom-jwt-claims

Add the service provider to the config/app.php providers array.

// config/app.php
'providers' => [
    ...
    BenBjurstrom\JwtClaims\JwtClaimsServiceProvider::class
];

Do not include Laravel\Passport\PassportServiceProvider in your providers array as JwtClaimsServiceProvider extends from it.

Configuration

To set your custom claims you must publish the config file:

php artisan vendor:publish --provider="JwtClaimsServiceProvider"

This is the contents of the published file. Add additional claims as needed.

return [

    /*
    |--------------------------------------------------------------------------
    | User Claims
    |--------------------------------------------------------------------------
    |
    | User claims will be loaded from the properties of the auth providers model
    | specified in the auth config file.
    |
    */
    'user_claims' => [
        'name' => 'name',
        'email' => 'email',
    ],

    /*
    |--------------------------------------------------------------------------
    | App claims
    |--------------------------------------------------------------------------
    |
    | App claims are static and will be given the specified value across all
    | tokens issued by the app.
    |
    */
    'app_claims' => [
        'iss' => url('')
    ]

];