- LIFFアプリの認証をするためのライブラリ
- tymondesigns/jwt-authのラッパーライブラリ
- LIFFのIDトークン利用して、サーバーサイドで認証
- 一度認証できたら、それ移行はJWTで認証を行う
tymondesigns/jwt-authのconfigを作成
php artisan vendor:publish --provider="Tymon\JWTAuth\Providers\LaravelServiceProvider"
php artisan vendor:publish --provider="Devkeita\Laraliff\Providers\LaraliffServiceProvider"
php artisan jwt:secret
...
LIFF_CHANNEL_ID=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
liff_id
- LIFF ID
name
- LINEのプロフィール名
picture
- プロフィール画像のURL
<?php
use Illuminate\Support\Facades\Schema;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Database\Migrations\Migration;
class CreateUsersTable extends Migration
{
/**
* Run the migrations.
*
* @return void
*/
public function up()
{
Schema::create('users', function (Blueprint $table) {
$table->increments('id');
$table->string('liff_id')->unique();
$table->string('name');
$table->text('picture');
$table->timestamps();
});
}
...
}
<?php
return [
'liff_channel_id' => env('LIFF_CHANNEL_ID', 'liff_channel_id'),
'fields' => [
'liff_id' => 'liff_id', // プロフィールIDが入るフィールド
'name' => 'name', // プロフィールの名前
'picture' => 'picture', // プロフィール画像
],
];
namespace App;
use Tymon\JWTAuth\Contracts\JWTSubject;
use Illuminate\Notifications\Notifiable;
use Illuminate\Foundation\Auth\User as Authenticatable;
class User extends Authenticatable implements JWTSubject
{
use Notifiable;
// Rest omitted for brevity
/**
* Get the identifier that will be stored in the subject claim of the JWT.
*
* @return mixed
*/
public function getJWTIdentifier()
{
return $this->getKey();
}
/**
* Return a key value array, containing any custom claims to be added to the JWT.
*
* @return array
*/
public function getJWTCustomClaims()
{
return [];
}
}
'defaults' => [
'guard' => 'api',
'passwords' => 'users',
],
...
'guards' => [
'api' => [
'driver' => 'laraliff',
'provider' => 'users',
],
],
Route::group([
'middleware' => 'api',
'prefix' => 'auth'
], function ($router) {
Route::post('login', 'AuthController@login');
Route::post('logout', 'AuthController@logout');
Route::post('refresh', 'AuthController@refresh');
Route::post('me', 'AuthController@me');
});
<?php
namespace App\Http\Controllers\Api;
use App\Http\Controllers\Controller;
use App\User;
use Devkeita\Laraliff\Services\Exceptions\LiffUnverfiedException;
use Devkeita\Laraliff\Services\LiffVerificationService;
class AuthController extends Controller
{
public function __construct()
{
$this->middleware('auth:api', ['except' => ['login']]);
}
public function register(LiffVerificationService $verificationService)
{
try {
$liff = $verificationService->verify(request('token'));
} catch (LiffUnverfiedException $e) {
return response()->json(['error' => 'LIFF ID Token is unauthorized'], 401);
}
$user = User::create([
'liff_id' => $liff['sub'],
'name' => $liff['name'],
'picture' => $liff['picture'],
]);
return response()->json(auth('api')->login($user));
}
public function login()
{
try {
$jwt = auth('api')->attempt(request(['liff_id_token']));
} catch (LiffUnverfiedException $e) {
return response()->json(['error' => 'LIFF ID Token is unauthorized'], 401);
}
if (!$jwt) {
return response()->json(['error' => 'User not found'], 404);
}
return response()->json($jwt);
}
public function me()
{
return response()->json(auth('api')->user());
}
public function logout()
{
auth()->logout();
return response()->json(['message' => 'Successfully logged out']);
}
}