Implementing JWT on Laravel 5.8
Hello, I was trying to implement JWT and I followed some guides in this platform but I could not do it. For this reason, I tried to make my own implementation and here I’ll show you how I made it.
- The first step is add tymon/jwt-auth in our composer.json file:
$composer require tymon/jwt-auth:1.0.*
2. Please update your third part libraries:
$composer update
3. After that we need add our secret string to facilitate the JWT generation to laravel, this string is saved at the bottom of .env file:
$php artisan jwt:secret
4. Now we need publish our JWTAuth provider using artisan:
5. Please go to /app/Http/Kernel.php file and add this two lines at the end of $routeMiddleware array:
5. Please go to /app/User.php and add JWTSubject implementation following the next steps:
a. Import JWTSubject interface to this class with use keyword.
b. Implement JWTSubject after extends Authenticable.
c. Add getJWTIdentifier and get JWTCustomClaims methods.
6. By default the api authentication is based on token, then we need change it by jwt driver:
7. Please create a new Controller to your API using php artisan:
$php artisan make:controller APILoginController
8. Go to /app/Http/Controllers/APILoginController.php and add login method.
9. Create a route to allow login you and get the JWT; to do this please go to /routes/api.php and add the login route like this:
10. At this point we can login in and get the JWT, but remember that we haven’t users. For this reason we need populate the users table and Laravel facilitate this process with seeders. You only need follow the next steps:
a. Please generate a seeder:
$php artisan make:seeder UsersTableSeeder
b. Go to /database/seeds/UsersTableSeeder.php and add the lines indicated on the comments of the next code:
c. Go to /dabase/seeds/DatabaseSeeder.php and allow the call to UsersTableSeeder when database seeders run.
d. Please run the migration
Note: You can go to mysql client and verify if your user written before exists in users table.
10. If your project is not running, please up the server to test all steps followed before.
$php artisan serve
11. Go to your favorite api client and send your login credentials (I’m using Postman):
If you can see the JWT then you has gotten it successfully.
12. Now almost is ready, but we need add some exceptions when the token has been expired, be invalid or is blacklisted. For this we need go to /app/Exceptions/Handler.php and add some code like this:
13. Protect your routes. First option is add the jwt.auth middleware directly on the route like this:
Please copy the token gotten in the step 11, go to your favorite API client and add the Authorization header like the next image:
Note: There are a space between Bearer and the JWT
If you have some resource and you want to protect it fully, then in the controller of the resource you only need add the middleware on the constructor.
a. Go to the /routes/api.php and add your resource like this:
Note: I have created CategoryController previously.
b. Go to your controller and add the middleware on the constructor like the next code:
Note: You can download complete project on github here.