Lumen JWT Authentication and Authorization

Shafi Abdulrahman Avatech
Feb 8 · 4 min read

What is JWT?

JWT means JSON Web Tokens which is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA or ECDSA.

What is the JSON Web Token structure?

In its compact form, JSON Web Tokens consist of three parts separated by dots (.), which are:

  • Payload
  • Signature

Getting Started


  • Terminal or CMD
  • Text Editor (Anyone of your choice)
  • Lumen 5.7
  • PHP >= 7.1.3
  • Web server (Apache, NGINX or integrated PHP web server for testing).

Step 1: Setting Up Lumen

let’s create an empty lumen project. Open up your terminal and run the following command to create a fresh copy of lumen project on your desktop:

composer create-project --prefer-dist laravel/lumen lumen
cd lumen && cp .env.example .env

Step 2: Creating Migrations & Seeders

Create a migration file for the users table:

php artisan make:migration create_users_table
php artisan migrate
php artisan db:seed

Step 3: Installing a JWT Library

There are tons of libraries out there that will help you with it we will use the one called firebase/php-jwt. Open up your terminal and run the following command to pull it in using composer:

composer require firebase/php-jwt

Step 4: Create Route

Now let’s add the POST route /auth/login that will accept the credentials and return a token for us. Let’s register the route first by adding the following route inside routes/web.php file:

'uses' => 'AuthController@userAuthenticate'

Step 5: Create Controller

Now we need the controller AuthController with a method authenticate. Inside app/Http/Controllers folder create a new AuthController.php file and put the following content inside it:

php -S localhost:8000 -t public

Step 6: Create Authorization Middleware

Let’s create a middleware AuthMiddleware inside app/Http/Middleware folder that will validate the provided token and put the following content inside it.

'jwt.auth' => App\Http\Middleware\AuthMiddleware::class,
$router->group(['middleware' => 'jwt.auth'], 
function() use ($router) {
$router->get('users', function() {
$users = \App\Models\Users::all();
return response()->json($users);

Shafi Abdulrahman Avatech

Written by

Software Engineer