From zero to confident API dev using JWT and Laravel

installing tymon/jwt-auth package
publishing configuration file
changing default driver
changing default driver for api guard

So why the User model why not other models?

default provider for authentication
  1. getJWTIdentifier()
  2. getJWTCustomClaims()

getJWTIdentifier()

getJWTCustomClaims()

User model implementing JWTSubject contract
Route::group([

'middleware' => 'api',
'prefix' => 'auth' // optional

], function ($router) {

Route::post('login', 'AuthController@login');
Route::post('logout', 'AuthController@logout');
Route::post('refresh', 'AuthController@refresh');
Route::post('me', 'AuthController@me');

});
<?php

namespace App\Http\Controllers;

use Illuminate\Http\Request;

class AuthController extends Controller
{
/**
* Create a new AuthController instance.
*
* @return void
*/
public function __construct()
{
$this->middleware('auth:api', ['except' => ['login']]);
}

/**
* Get a JWT via given credentials.
*
* @return \Illuminate\Http\JsonResponse
*/
public function login()
{
$credentials = request(['email', 'password']);

if (!$token = auth()->attempt($credentials)) {
return response()->json(['error' => 'Unauthorized'], 401);
}

return $this->respondWithToken($token);
}

/**
* Get the authenticated User.
*
* @return \Illuminate\Http\JsonResponse
*/
public function me()
{
return response()->json(auth()->user());
}

/**
* Log the user out (Invalidate the token).
*
* @return \Illuminate\Http\JsonResponse
*/
public function logout()
{
auth()->logout();

return response()->json(['message' => 'Successfully logged out']);
}

/**
* Refresh a token.
*
* @return \Illuminate\Http\JsonResponse
*/
public function refresh()
{
return $this->respondWithToken(auth()->refresh());
}

/**
* Get the token array structure.
*
* @param string $token
*
* @return \Illuminate\Http\JsonResponse
*/
protected function respondWithToken($token)
{
return response()->json([
'access_token' => $token,
'token_type' => 'bearer',
'expires_in' => auth()->factory()->getTTL() * 60
]);
}
}
protected function respondWithToken($token)
{
return response()->json([
'access_token' => $token,
'token_type' => 'bearer',
'expires_in' => auth()->factory()->getTTL() * 60
]);
}
response after a successful login
passing the token as a query parameter
passing the token as Authorization header with Bearer token type

--

--

--

A software engineer from Bangladesh.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Frontend-Design Knowledge Sharing #28

Jumping on the Clouds | HackerRank(JavaScript)

Basics of Javascript · String · endsWith() (method)

https://future-4-all.creator-spring.com/listing/save-the-date-2720

How to test your React-Redux Application

Part 4- Build Client Side-Build a Instagram like clone called Chymin using ASP.net

Reactive <~ Closure

Plugin to a Fresh Webpack Development Server

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Mehedi Hassan Sunny

Mehedi Hassan Sunny

A software engineer from Bangladesh.

More from Medium

JWT Keys and RingCentral API Connections

LinkedIn API — OAuth 2.0 Access Token

How to Handle Objection.Js

Real-time Apps with WebSockets