Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Any guide how to use on Laravel 5.5? #1316
I got it working by doing this:
Add the service provider to the providers array in your app.php config:
Next, also in the app.php config file,add the JWTAuth facade and JWTFactory facade:
Your user model should look like this:
class AuthController extends Controller
This will invalidate all existing tokens. Are you sure you want to override the secret key? (yes/no) [no]:
jwt-auth secret [Pq5nm2BLxo1sClPJhH65X3pTWfyXzh41] set successfully.`
My fault, before .env was not covered, I can get user! thank you!
@php2020 I personally use the built-in
With this middleware, if a JWT token is invalid or expired, a HTTP 401 status code will be returned. My JS clients (API clients) then react to the 401 responses, by attempting to obtain a new token, and redirecting to a login page upon failure, where the user is supposed to re-type her username and password, in order to obtain a new token.
Not sure this is the best way out there, but that's what I've been doing so far with good success.
@lomholdt Generally speaking, I use the
What this does is that whenever you issue a request to
On the JS side, there are many possible solutions, and I haven't heard of a particular one to be considered a standard (please feel free to correct me here if you know of a standardized one) The most secure one, I guess, would be to renew your token on every HTTP request to the API - I've read that certain APIs do this. However, I feel that this may be a bit too much, so I prefer to use a simpler solution, where I have my JS client keep track of the expiration time of the current token (stored in the "exp" claim) and have it renew the token before it expires.
How this works in practice: let's say the API issues a token having an expiration time of 20 minutes. If the client detects that there are less than 10 minutes left before the token expires, it will go ahead and make a new request to "/auth/renew", in order to obtain a new token.
That way the JS client will never log you out, as long as there is a reasonable amount of activity, and if there's not - the token will expire, so the user will have to reauthenticate using username and password, in order to obtain a token.
Alertnatively, you can refresh an expired token, by using the
With this middleware, you can have your JS Client intercept 401 errors, and attempt to refresh the token by calling the
referenced this issue
Sep 26, 2017
I'm trying to use multi-authentication, so in my controller on constructor, based on the routes, I add the code
Is there any better way to do this?
...and it should work (tested and working on the
added a commit
Nov 11, 2017
pushed a commit
Nov 14, 2017
@billsion assuming you are using version
However, it looks to me that you may be having an issue with an older version, as
@ahmadbadpey can you clarify your question please?