{"id":18692,"date":"2020-09-11T10:57:29","date_gmt":"2020-09-11T10:57:29","guid":{"rendered":"http:\/\/www.devopsschool.com\/blog\/?p=18692"},"modified":"2021-10-29T06:27:30","modified_gmt":"2021-10-29T06:27:30","slug":"json-web-token-jwt-authentication-via-api-for-laravel-lumen","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/blog\/json-web-token-jwt-authentication-via-api-for-laravel-lumen\/","title":{"rendered":"JSON Web Token (JWT) Authentication via API for Laravel &#038; Lumen."},"content":{"rendered":"\n<p class=\"has-text-align-center\"><strong>JWT (JSON WEB TOKEN)<\/strong><\/p>\n\n\n\n<p>JSON Web Token (JWT) is an open standard that allows two parties to securely send data and information as JSON objects. This information can be verified and trusted because it is digitally signed. It is a Token format standardized by the IETF organization.<\/p>\n\n\n\n<p>JWT authentication has added the wider adoption of stateless API services. It makes it convenient to authorise and verify clients accessing API resources. It is a critical part of the authentication system in javascript powered applications.<\/p>\n\n\n\n<h3 class=\"has-text-align-center wp-block-heading\">To Install JWT in your Laravel Project, Just Follow the Below Steps :-<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\"><strong><span class=\"has-inline-color has-vivid-red-color\">Step 1.<\/span><\/strong>  Install via composer<\/h3>\n\n\n\n<p>Run the following command to pull in the latest version:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-1\" data-shcb-language-name=\"JavaScript\" data-shcb-language-slug=\"javascript\"><span><code class=\"hljs language-javascript\">composer <span class=\"hljs-built_in\">require<\/span> tymon\/jwt-auth<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-1\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">JavaScript<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">javascript<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<h3 class=\"wp-block-heading\" id=\"add-service-provider-laravel-54-or-below\"><span class=\"has-inline-color has-vivid-red-color\">Step 2.<\/span> Add service provider ( Laravel 5.4 or below )<\/h3>\n\n\n\n<p>Add the service provider to the&nbsp;<code><strong><span class=\"has-inline-color has-vivid-red-color\">providers<\/span><\/strong><\/code>&nbsp;array in the&nbsp;<code><strong><span class=\"has-inline-color has-vivid-red-color\">config\/app.php<\/span><\/strong><\/code>&nbsp;config file as follows:<\/p>\n\n\n\n<script src=\"https:\/\/gist.github.com\/SushantSinghRajput03\/4c9f50d480e3bd0846309ae551d5c6ca.js\"><\/script>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"publish-the-config\"><span class=\"has-inline-color has-vivid-red-color\">Step 3.<\/span> Publish the config<\/h3>\n\n\n\n<p>Run the following command to publish the package config file:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-2\" data-shcb-language-name=\"JavaScript\" data-shcb-language-slug=\"javascript\"><span><code class=\"hljs language-javascript\">php artisan vendor:publish --provider=<span class=\"hljs-string\">\"Tymon\\JWTAuth\\Providers\\LaravelServiceProvider\"<\/span><\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-2\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">JavaScript<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">javascript<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>You should now have a &nbsp;<code><span class=\"has-inline-color has-vivid-red-color\"><strong>config\/jwt.php<\/strong><\/span><\/code> &nbsp;file that allows you to configure the basics of this package.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"generate-secret-key\"><span class=\"has-inline-color has-vivid-red-color\">Step 4.<\/span>  Generate secret key<\/h3>\n\n\n\n<p>I have included a helper command to generate a key for you:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-3\" data-shcb-language-name=\"CSS\" data-shcb-language-slug=\"css\"><span><code class=\"hljs language-css\"><span class=\"hljs-selector-tag\">php<\/span> <span class=\"hljs-selector-tag\">artisan<\/span> <span class=\"hljs-selector-tag\">jwt<\/span><span class=\"hljs-selector-pseudo\">:secret<\/span><\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-3\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">CSS<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">css<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>This will update your&nbsp;<code><strong><span class=\"has-inline-color has-vivid-red-color\">.env<\/span><\/strong><\/code>&nbsp;file with something like&nbsp;<code><strong><span class=\"has-inline-color has-vivid-red-color\">JWT_SECRET=foobar<\/span><\/strong><\/code><\/p>\n\n\n\n<p>It is the key that will be used to sign your tokens. How that happens exactly will depend on the algorithm that you choose to use.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"bootstrap-file-changes\"><span class=\"has-inline-color has-vivid-red-color\">Step 5.<\/span> Bootstrap file changes.<\/h3>\n\n\n\n<p>Add the following snippet to the&nbsp;<code><strong><span class=\"has-inline-color has-vivid-red-color\">bootstrap\/app.php<\/span><\/strong><\/code>&nbsp; file under the providers section as follows:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-4\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\"><span class=\"hljs-comment\">\/\/ Add this line<\/span>\n$app-&gt;register(App\\Providers\\AuthServiceProvider::class);<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-4\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<h3 class=\"wp-block-heading\" id=\"generate-secret-key\"><span class=\"has-inline-color has-vivid-red-color\">Step 6.<\/span> Re-Generate secret key<\/h3>\n\n\n\n<p>I have included a helper command to generate a key for you:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-5\" data-shcb-language-name=\"CSS\" data-shcb-language-slug=\"css\"><span><code class=\"hljs language-css\"><span class=\"hljs-selector-tag\">php<\/span> <span class=\"hljs-selector-tag\">artisan<\/span> <span class=\"hljs-selector-tag\">jwt<\/span><span class=\"hljs-selector-pseudo\">:secret<\/span><\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-5\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">CSS<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">css<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>This will update your&nbsp;<code><strong><span class=\"has-inline-color has-vivid-red-color\">.env<\/span><\/strong><\/code>&nbsp;file with something like&nbsp;<code><strong><span class=\"has-inline-color has-vivid-red-color\">JWT_SECRET=foobar<\/span><\/strong><\/code><\/p>\n\n\n\n<p>It is the key that will be used to sign your tokens. How that happens exactly will depend on the algorithm that you choose to use.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"update-your-user-model\"><span class=\"has-inline-color has-vivid-red-color\">Step 7.<\/span>  Update your User model<\/h3>\n\n\n\n<p>Firstly you need to implement the&nbsp;<code><span class=\"has-inline-color has-vivid-red-color\"><strong>Tymon\\JWTAuth\\Contracts\\JWTSubject<\/strong><\/span><\/code>&nbsp;contract on your User model, which requires that you implement the 2 methods&nbsp;<code><strong><span class=\"has-inline-color has-vivid-red-color\">getJWTIdentifier()<\/span><\/strong><\/code>&nbsp;and&nbsp;<code><strong><span class=\"has-inline-color has-vivid-red-color\">getJWTCustomClaims()<\/span><\/strong><\/code>.<\/p>\n\n\n\n<p>The example below should give you an idea of how this could look. Obviously you should make any changes, as necessary, to suit your own needs.<\/p>\n\n\n\n<script src=\"https:\/\/gist.github.com\/SushantSinghRajput03\/4b2ee9d0e27ff1b601d7511dd596c23b.js\"><\/script>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"configure-auth-guard\"><span class=\"has-inline-color has-vivid-red-color\">Step 8.<\/span>  Configure Auth guard<\/h3>\n\n\n\n<p><em>Note: This will only work if you are using Laravel 5.2 and above.<\/em><\/p>\n\n\n\n<p>Inside the&nbsp;<code><strong><span class=\"has-inline-color has-vivid-red-color\">config\/auth.php<\/span><\/strong><\/code>&nbsp;file you will need to make a few changes to configure Laravel to use the&nbsp;<code><strong><span class=\"has-inline-color has-vivid-red-color\">jwt<\/span><\/strong><\/code>&nbsp;guard to power your application authentication.<\/p>\n\n\n\n<p>Make the following changes to the file:<\/p>\n\n\n\n<script src=\"https:\/\/gist.github.com\/SushantSinghRajput03\/49f0319215befd2f7bbe7149fe6d0e1b.js\"><\/script>\n\n\n\n<p>Here we are telling the&nbsp;<code><strong><span class=\"has-inline-color has-vivid-red-color\">api<\/span><\/strong><\/code>&nbsp;guard to use the&nbsp;<code><strong><span class=\"has-inline-color has-vivid-red-color\">jwt<\/span><\/strong><\/code>&nbsp;driver, and we are setting the&nbsp;<code><strong><span class=\"has-inline-color has-vivid-red-color\">api<\/span><\/strong><\/code>&nbsp;guard as the default.<\/p>\n\n\n\n<p>We can now use Laravel&#8217;s built in Auth system, with jwt-auth doing the work behind the scenes!<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"add-some-basic-authentication-routes\"><span class=\"has-inline-color has-vivid-red-color\">Step 9.<\/span> Add some basic authentication routes<\/h3>\n\n\n\n<p>First let&#8217;s add some routes in&nbsp;<code><strong><span class=\"has-inline-color has-vivid-red-color\">routes\/api.php<\/span><\/strong><\/code>&nbsp;as follows:<\/p>\n\n\n\n<script src=\"https:\/\/gist.github.com\/SushantSinghRajput03\/6410927e13ea290eca4ccf3c491be98d.js\"><\/script>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"create-the-authcontroller\"><span class=\"has-inline-color has-vivid-red-color\">Step 10.<\/span> Create the AuthController<\/h3>\n\n\n\n<p>Then create the&nbsp;<code><strong><span class=\"has-inline-color has-vivid-red-color\">AuthController<\/span><\/strong><\/code>, either manually or by running the artisan command:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-6\" data-shcb-language-name=\"CSS\" data-shcb-language-slug=\"css\"><span><code class=\"hljs language-css\"><span class=\"hljs-selector-tag\">php<\/span> <span class=\"hljs-selector-tag\">artisan<\/span> <span class=\"hljs-selector-tag\">make<\/span><span class=\"hljs-selector-pseudo\">:controller<\/span> <span class=\"hljs-selector-tag\">AuthController<\/span><\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-6\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">CSS<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">css<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>Then add the following:<\/p>\n\n\n\n<script src=\"https:\/\/gist.github.com\/SushantSinghRajput03\/195f479834714c1ed66ce57b6d97addc.js\"><\/script>\n\n\n\n<h1 class=\"has-text-align-center wp-block-heading\">All Done.<\/h1>\n\n\n\n<p>Now you can test API Login\/Register with Postman.<\/p>\n\n\n\n<p>Keep Coding  \ud83d\ude00\ud83d\ude00\ud83d\ude00<\/p>\n\n\n<div class=\"epyt-gallery\" data-currpage=\"1\" id=\"epyt_gallery_13034\"><iframe loading=\"lazy\"  id=\"_ytid_55336\"  width=\"760\" height=\"427\"  data-origwidth=\"760\" data-origheight=\"427\" src=\"https:\/\/www.youtube.com\/embed\/?enablejsapi=1&#038;autoplay=0&#038;cc_load_policy=0&#038;cc_lang_pref=&#038;iv_load_policy=1&#038;loop=0&#038;rel=1&#038;fs=1&#038;playsinline=0&#038;autohide=2&#038;theme=dark&#038;color=red&#038;controls=1&#038;disablekb=0&#038;\" class=\"__youtube_prefs__  no-lazyload\" title=\"YouTube player\"  data-epytgalleryid=\"epyt_gallery_13034\"  allow=\"fullscreen; accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen data-no-lazy=\"1\" data-skipgform_ajax_framebjll=\"\"><\/iframe><div class=\"epyt-gallery-list\"><div>Sorry, there was a YouTube error.<\/div><\/div><\/div>","protected":false},"excerpt":{"rendered":"<p>JWT (JSON WEB TOKEN) JSON Web Token (JWT) is an open standard that allows two parties to securely send data and information as JSON objects. This information can be verified&#8230; <\/p>\n","protected":false},"author":19,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_joinchat":[],"footnotes":""},"categories":[5201],"tags":[6428,5596,6424,6425,5203,6426,5456,6427],"class_list":["post-18692","post","type-post","status-publish","format-standard","hentry","category-laravel","tag-authcontroller","tag-composer","tag-json-web-token","tag-jwt","tag-laravel","tag-lumen","tag-rest-api","tag-routes"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/18692","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/users\/19"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/comments?post=18692"}],"version-history":[{"count":22,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/18692\/revisions"}],"predecessor-version":[{"id":24535,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/18692\/revisions\/24535"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/media?parent=18692"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/categories?post=18692"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/tags?post=18692"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}