JWT Auth Guard is a Laravel & Lumen Package that lets you use
jwtas your driver for authentication guard in your application.The Guard uses
tymon/jwt-authpackage for authentication and token handling.
- Laravel or Lumen Installation.
- tymon/jwt-auth Package Setup and Config'd.
Via Composer
$ composer require irazasyed/jwt-auth-guardOpen config/app.php and, to your providers array at the bottom, add:
Irazasyed\JwtAuthGuard\JwtAuthGuardServiceProvider::classOpen bootstrap/app.php and register the service provider:
$app->register(Irazasyed\JwtAuthGuard\JwtAuthGuardServiceProvider::class);Open your config/auth.php config file and in place of driver under any of your guards, just add the jwt as your driver and you're all set.
Make sure you also set provider for the guard to communicate with your database.
// config/auth.php
'guards' => [
'api' => [
'driver' => 'jwt',
'provider' => 'users'
],
// ...
],
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\User::class,
],
],Middleware protecting the route:
Route::get('api/content', ['middleware' => 'auth:api', 'uses' => 'ContentController@content']);Middleware protecting the controller:
<?php
namespace App\Http\Controllers;
class ContentController extends Controller
{
public function __construct()
{
$this->middleware('auth:api');
}
}Note: The above example assumes you've setup a guard with the name api whose driver is jwt in your config/auth.php file as explained in "Setup Guard Driver" section above.
The following usage examples assume you've setup your default auth guard to the one which uses the
jwtdriver.You can also explicitly define the guard before making calls to any of methods by just prefixing it with
Auth::guard('api').Example:
Auth::guard('api')->user()
// This will attempt to authenticate the user using the credentials passed and returns a JWT Auth Token for subsequent requests.
$token = Auth::attempt(['email' => 'user@domain.com', 'password' => '123456']);if(Auth::onceUsingId(1)) {
// Do something with the authenticated user
}if(Auth::once(['email' => 'user@domain.com', 'password' => '123456'])) {
// Do something with the authenticated user
}if(Auth::validate(['email' => 'user@domain.com', 'password' => '123456'])) {
// Credentials are valid
}if(Auth::check()) {
// User is authenticated
}if(Auth::guest()) {
// Welcome guests!
}Auth::logout(); // This will invalidate the current token and unset user/token values.$token = Auth::generateTokenById(1);
echo $token;Once the user is authenticated via a middleware, You can access its details by doing:
$user = Auth::user();You can also manually access user info using the token itself:
$user = Auth::setToken('YourJWTAuthToken')->user();$userId = Auth::id();Though it's recommended you refresh using the middlewares provided with the package, but if you'd like, You can also do it manually with this method.
Refresh expired token passed in request:
$token = Auth::refresh();Refresh passed expired token:
Auth::setToken('ExpiredToken')->refresh();Invalidate token passed in request:
$forceForever = false;
Auth::invalidate($forceForever);Invalidate token by setting one manually:
$forceForever = false;
Auth::setToken('TokenToInvalidate')->invalidate($forceForever);$token = Auth::getToken(); // Returns current token passed in request.This method will decode the token and return its raw payload.
Get Payload for the token passed in request:
$payload = Auth::getPayload();Get Payload for the given token manually:
$payload = Auth::setToken('TokenToGetPayload')->getPayload();Please see CHANGELOG for more information what has changed recently.
$ composer testPlease see CONTRIBUTING and CONDUCT for details.
Any issues, feedback, suggestions or questions please use issue tracker here.
If you discover any security related issues, please email syed+gh@lukonet.com instead of using the issue tracker.
The MIT License (MIT). Please see License File for more information.