How to use jwt in laravel-Laravel-php.cn

Home

PHP Framework

Laravel

How to use jwt in laravel

王林

May 21, 2023 am 10:40 AM

With the continuous development of APIs, more and more web applications need to use JSON Web Tokens (JWT) to implement user authentication and authorization. As a preferred framework for developing APIs, Laravel also supports JWT. This article will introduce how to use JWT in Laravel.

What is JWT?

JSON Web Token (JWT) is an open standard (RFC 7519) for securely transmitting claims as JSON objects between parties. JWT can be used for authorization, authentication and information exchange. JWT is usually transmitted as a Bearer token in the Authorization header of the HTTP request.

The structure of JWT consists of three parts: header, payload and signature. The header and payload are both JSON objects, and the signature is the encrypted result of combining these two parts. Since the structure of JWT is very simple, it can be easily parsed and verified.

How to use JWT in Laravel?

Using JWT requires installing the following dependent libraries in the Laravel project: tymondesigns/jwt-auth. In Laravel 5.7 and higher, you can use the following command to install the dependent library:

composer require tymon/jwt-auth

Copy after login

After the installation is complete, you need to add the following service provider and alias to the config/app.php file:

'providers' => [
    // Other Service Providers
    TymonJWTAuthProvidersLaravelServiceProvider::class,
],

'aliases' => [
    // Other Aliases
    'JWTAuth' => TymonJWTAuthFacadesJWTAuth::class,
    'JWTFactory' => TymonJWTAuthFacadesJWTFactory::class,
],

Copy after login

Next, you need to generate the JWT key. The key can be generated using the following command:

php artisan jwt:secret

Copy after login

This command will generate a random key and add it to the config/jwt.php file. It is important to protect this key and not disclose it to anyone.

After generating the key, you can start using JWT in Laravel. JWT can be used for authentication and authorization.

Authentication using JWT

The process for authenticating using JWT in Laravel is as follows:

The user submits their credentials (for example, username and password).
The application uses these credentials to generate a JWT and return it to the user.
The user includes this JWT in the Authorization header as a Bearer token in subsequent requests.
The application extracts user information from the JWT and verifies their identity.

The code to generate JWT and return it to the user is as follows:

public function login(Request $request)
{
    $credentials = $request->only('email', 'password');

    if (!$token = JWTAuth::attempt($credentials)) {
        return response()->json(['error' => 'Unauthorized'], 401);
    }

    return response()->json(['token' => $token]);
}

Copy after login

The code to verify the JWT and extract user information is as follows:

public function profile(Request $request)
{
    $user = JWTAuth::parseToken()->authenticate();

    return response()->json(['user' => $user]);
}

Copy after login

Use JWT for authorization

The process for using JWT for authorization in Laravel is as follows:

The application verifies the user's identity before they access protected resources.
If the user has been authenticated, the application checks that the JWT contains the appropriate roles or permissions.
If the user has the appropriate role or permission, the application grants the user access to the requested resource.

The code to verify the JWT and check the user's role or permissions is as follows:

public function index(Request $request)
{
    $user = JWTAuth::parseToken()->authenticate();

    if ($user->hasRole('admin')) {
        $items = Item::all();
    } else {
        $items = Item::where('user_id', '=', $user->id)->get();
    }

    return response()->json(['items' => $items]);
}

Copy after login

It should be noted that the hasRole() method here is a custom method and needs to be in the User model accomplish.

Summary

This article introduces the process of using JWT for authentication and authorization in Laravel. JWT provides a secure, simple, and scalable user authentication mechanism that protects applications from a variety of attacks. If you are developing a web application that requires an API, using JWT is a good choice.

The above is the detailed content of How to use jwt in laravel. For more information, please follow other related articles on the PHP Chinese website!

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

Assassin's Creed Shadows: Seashell Riddle Solution

4 weeks ago By DDD

What's New in Windows 11 KB5054979 & How to Fix Update Issues

3 weeks ago By DDD

Where to find the Crane Control Keycard in Atomfall

4 weeks ago By DDD

Roblox: Dead Rails - How To Complete Every Challenge

1 months ago By DDD

Atomfall guide: item locations, quest guides, and tips

1 months ago By DDD

Hot Tools

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Hot Topics

Where is the login entrance for gmail email?

7705

Java Tutorial

1640

CakePHP Tutorial

1394

Laravel Tutorial

1288

PHP Tutorial

1231

Related knowledge

Which is better, Django or Laravel? Mar 28, 2025 am 10:41 AM

Both Django and Laravel are full-stack frameworks. Django is suitable for Python developers and complex business logic, while Laravel is suitable for PHP developers and elegant syntax. 1.Django is based on Python and follows the "battery-complete" philosophy, suitable for rapid development and high concurrency. 2.Laravel is based on PHP, emphasizing the developer experience, and is suitable for small to medium-sized projects.

Laravel and the Backend: Powering Web Application Logic Apr 11, 2025 am 11:29 AM

How does Laravel play a role in backend logic? It simplifies and enhances backend development through routing systems, EloquentORM, authentication and authorization, event and listeners, and performance optimization. 1. The routing system allows the definition of URL structure and request processing logic. 2.EloquentORM simplifies database interaction. 3. The authentication and authorization system is convenient for user management. 4. The event and listener implement loosely coupled code structure. 5. Performance optimization improves application efficiency through caching and queueing.

Laravel Introduction Example Apr 18, 2025 pm 12:45 PM

Laravel is a PHP framework for easy building of web applications. It provides a range of powerful features including: Installation: Install the Laravel CLI globally with Composer and create applications in the project directory. Routing: Define the relationship between the URL and the handler in routes/web.php. View: Create a view in resources/views to render the application's interface. Database Integration: Provides out-of-the-box integration with databases such as MySQL and uses migration to create and modify tables. Model and Controller: The model represents the database entity and the controller processes HTTP requests.

Which is better PHP or Laravel? Mar 27, 2025 pm 05:31 PM

PHP and Laravel are not directly comparable, because Laravel is a PHP-based framework. 1.PHP is suitable for small projects or rapid prototyping because it is simple and direct. 2. Laravel is suitable for large projects or efficient development because it provides rich functions and tools, but has a steep learning curve and may not be as good as pure PHP.

Is Laravel a frontend or backend? Mar 27, 2025 pm 05:31 PM

LaravelisabackendframeworkbuiltonPHP,designedforwebapplicationdevelopment.Itfocusesonserver-sidelogic,databasemanagement,andapplicationstructure,andcanbeintegratedwithfrontendtechnologieslikeVue.jsorReactforfull-stackdevelopment.

How to learn Laravel How to learn Laravel for free Apr 18, 2025 pm 12:51 PM

Want to learn the Laravel framework, but suffer from no resources or economic pressure? This article provides you with free learning of Laravel, teaching you how to use resources such as online platforms, documents and community forums to lay a solid foundation for your PHP development journey from getting started to master.

Laravel's Versatility: From Simple Sites to Complex Systems Apr 13, 2025 am 12:13 AM

The Laravel development project was chosen because of its flexibility and power to suit the needs of different sizes and complexities. Laravel provides routing system, EloquentORM, Artisan command line and other functions, supporting the development of from simple blogs to complex enterprise-level systems.

Laravel user login function Apr 18, 2025 pm 12:48 PM

Laravel provides a comprehensive Auth framework for implementing user login functions, including: Defining user models (Eloquent model), creating login forms (Blade template engine), writing login controllers (inheriting Auth\LoginController), verifying login requests (Auth::attempt) Redirecting after login is successful (redirect) considering security factors: hash passwords, anti-CSRF protection, rate limiting and security headers. In addition, the Auth framework also provides functions such as resetting passwords, registering and verifying emails. For details, please refer to the Laravel documentation: https://laravel.com/doc

See all articles