JSON Web Token (JWT) Authentication with Laravel

Step-by-step guide to implementing API authentication using JSON Web Token (JWT) in Laravel. This article covers installation and configuration to secure your web application using token-based authentication.

In this article, we will implement JSON Web Token (JWT) authentication for an API in Laravel. JWT is a token-based security method that allows applications to authenticate users without storing login information in the server session, which is very useful for modern web applications.

PHP Code (Laravel)

  1. Install the JWT package:

First, install the JWT package using Composer:

composer require tymon/jwt-auth
  1. Register the package:

After installation, register the service provider in config/app.php:

'providers' => [
    Tymon\JWTAuth\Providers\LaravelServiceProvider::class,
],
  1. Publish the configuration file:

Run the following command to publish the JWT configuration file:

php artisan vendor:publish --provider="Tymon\JWTAuth\Providers\LaravelServiceProvider"
  1. Generate secret key:

You will need a secret key to encrypt the tokens. Generate a secret key by running:

php artisan jwt:secret
  1. Update auth configuration:

In the config/auth.php file, update the default guard for the API:

'guards' => [
    'api' => [
        'driver' => 'jwt',
        'provider' => 'users',
    ],
],
  1. Create API login:

Add a login method in AuthController to issue the token:

public function login(Request $request)
{
    $credentials = $request->only('email', 'password');

    if (! $token = auth()->attempt($credentials)) {
        return response()->json(['error' => 'Unauthorized'], 401);
    }

    return $this->respondWithToken($token);
}
  1. Method to return the token:

Add a method to return the JWT token:

protected function respondWithToken($token)
{
    return response()->json([
        'access_token' => $token,
        'token_type' => 'bearer',
        'expires_in' => auth()->factory()->getTTL() * 60
    ]);
}

Detailed explanation:

  1. composer require tymon/jwt-auth: This command installs the JWT package for Laravel.
  2. Tymon\JWTAuth\Providers\LaravelServiceProvider::class: Registers the JWT provider in Laravel.
  3. php artisan jwt:secret: Generates a secret key to encrypt tokens.
  4. 'api' => ['driver' => 'jwt', 'provider' => 'users']: Configures the API guard to use JWT.
  5. auth()->attempt($credentials): Authenticates the user and issues a token if successful.
  6. respondWithToken($token): Method that returns the JWT token to the client.

System requirements:

  • Laravel 8.x or newer.
  • PHP 7.4 or newer.
  • JWT package tymon/jwt-auth.

How to install the libraries:

  • Use Composer to install the JWT package: composer require tymon/jwt-auth
  • Run the php artisan jwt:secret command to generate the secret key.

Tips:

  • Always protect JWT tokens using HTTPS to avoid token theft.
  • Tokens should be encrypted and have an expiration time to reduce security risks.
  • Use middleware to protect routes that require user authentication with JWT.

Related

How to Force HTTPS in Laravel

A detailed guide on how to force HTTPS in Laravel, ensuring all requests to your application are redirected to HTTPS, thus enhancing your website's security.
Guide to implementing Apple ID login in Laravel

A detailed guide on how to integrate Apple ID login into a Laravel application using OAuth2. Learn how to configure your application to connect with Apple services and handle user login via Apple ID.
How to convert a Markdown string to HTML using Laravel

A guide on how to convert a Markdown string to HTML in Laravel using the `league/commonmark` library, making the conversion process simple and effective.
How to POST data to an API in Laravel

A guide on how to use Laravel to send POST requests to an external or internal API. Learn how to easily and securely send data using Laravel's built-in HTTP Client.
All ways to insert data into MySQL database in Laravel

Explore different methods to insert data into a MySQL database in Laravel, including using Eloquent ORM and Query Builder.
All methods to UPDATE data in a MySQL database using Laravel

A comprehensive guide on how to update data in a MySQL database using Laravel, covering both Eloquent ORM and Query Builder methods.
How to use nested Where functions in Laravel

This article summarizes the ways to use nested `where` functions in Laravel, helping readers understand how to construct complex queries in their applications.
Guide to integrating VNPAY in Laravel with a Sandbox account

A detailed guide on how to integrate VNPAY into a Laravel project using VNPAY's Sandbox account to process online payments, including configuration, payment URL creation, handling callback responses, and creating the interface.
How to upload multiple images in Laravel

A detailed guide on how to upload multiple images in Laravel, including setting up the upload form, processing data on the server, and storing images.
How to use the where function in Laravel

A detailed guide on using the `where` function in Laravel to perform effective and flexible database queries.
main.add_cart_success
main.view_cart_and_checkout