API Authentication with Laravel Janitor: Part 2 — Laravel JWT Proxy

Morten Poul Jensen
Aug 1 · 4 min read

Introduction

This article is part 2 of how to add authentication to your Laravel API using a proxy. This time we focus on using the JWT Proxy, which is authentication by JSON Web Tokens. If you want to read part 1, where I walk through how to set it up using the proxy driver for Laravel Passport, you can find the article here.

NOTE: If you want to skip reading the article and jump right into the code. You’ll find a link to the demo Github repository here.

Install JWT Auth

To get started, use the Composer package manager to install the package:

composer require tymon/jwt-auth:1.0.0-rc.4.1

NOTE: We are installing a specific version (1.0.0.-rc.4.1) that has support for Laravel 5.8.

You can optionally publish the package’s configuration file using the vendor:publish command.

Update User model

Next, we’ll update our App/User model to implement the JWTSubject contract that require us to add two methods:

<?phpnamespace App;use Tymon\JWTAuth\Contracts\JWTSubject;
use Illuminate\Notifications\Notifiable;
use Illuminate\Foundation\Auth\User as Authenticatable;
class User extends Authenticatable implements JWTSubject
{
use Notifiable;
/**
* Get the identifier that will be stored in the subject claim of the JWT.
*
* @return mixed
*/
public function getJWTIdentifier()
{
return $this->getKey();
}
/**
* Return a key value array, containing any custom claims to be added to the JWT.
*
* @return array
*/
public function getJWTCustomClaims()
{
return [];
}
}

Modify authentication guards

After updating our User model, we need to configure the authentication guards to use the jwt driver and api guard by default. We can do that in the config/auth.php file:

// config/auth.php'defaults' => [
'guard' => 'api', // updated
'passwords' => 'users',
],
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'jwt', // updated
'provider' => 'users',
'hash' => false,
],
],

Generate JWT Secret

Finally, you need to generate the JWT secret by running:

php artisan jwt:secret

This will add the JWT_SECRET environment variable to your .env file.

That’s it! Now we have completed setting up the tymon/jwt-auth package.

Install Janitor

Let’s move on, and install the Janitor package by pulling it in using Composer:

composer require signifly/laravel-janitor

Next, let’s publish the config file using the vendor:publish command:

php artisan vendor:publish --tag="janitor-config"

After publishing the config file, we’ll call the Janitor::routes method within our routes/api.php file in order to add the authentication routes from the Proxy.

<?phpuse Illuminate\Http\Request;
use Signifly\Janitor\Facades\Janitor;
Route::middleware('auth:api')->get('/user', function (Request $request) {
return $request->user();
});
Janitor::routes();

Finally, we have to set the Janitor driver to jwt:

JANITOR_DRIVER=jwt

Awesome! Now it has been set up and are ready to be battle tested using Postman.

Test endpoints with Postman

In order for us to test, we need to configure our database.

For this demo, let’s use the sqlite driver by changing the DB_CONNECTION environment variable to sqlite.

In addition to that we need to create a database.sqlite file within the database folder and run our migrations (the default migrations provided with Laravel):

php artisan migrate

Next, we’ll need to create a new user by using Laravel Tinker, that allows you to interact with your Application using the command line. Run the following command to enter tinker mode:

php artisan tinker

Now you should be able to create a user by typing in the following:

User::create(['name' => 'John Doe', 'email' => 'demo@example.org', 'password' => bcrypt('secret')]);

Perfect! Let’s try logging in John Doe by making a POST request to /api/login using his credentials.

As you might see from the 200 OK response, we successfully logged in. We can verify that by making another request to the /api/user endpoint with the access_token and token_type as the Authorization header.

Great! We have successfully verified that we’re logged in. This was all for now. Thanks for reading along! Feel free to check out the signifly/laravel-janitor repository at Github and give it a star if you like what you see. ⭐️

The example code for this project can be found following the link below:

Morten Poul Jensen

Written by

Senior Software Developer @Signifly

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade