How to use jwt in laravel-Laravel-php.cn

Home

PHP Framework

Laravel

How to use jwt in laravel

王林

May 21, 2023 am 10:40 AM

With the continuous development of APIs, more and more web applications need to use JSON Web Tokens (JWT) to implement user authentication and authorization. As a preferred framework for developing APIs, Laravel also supports JWT. This article will introduce how to use JWT in Laravel.

What is JWT?

JSON Web Token (JWT) is an open standard (RFC 7519) for securely transmitting claims as JSON objects between parties. JWT can be used for authorization, authentication and information exchange. JWT is usually transmitted as a Bearer token in the Authorization header of the HTTP request.

The structure of JWT consists of three parts: header, payload and signature. The header and payload are both JSON objects, and the signature is the encrypted result of combining these two parts. Since the structure of JWT is very simple, it can be easily parsed and verified.

How to use JWT in Laravel?

Using JWT requires installing the following dependent libraries in the Laravel project: tymondesigns/jwt-auth. In Laravel 5.7 and higher, you can use the following command to install the dependent library:

composer require tymon/jwt-auth

After the installation is complete, you need to add the following service provider and alias to the config/app.php file:

'providers' => [
    // Other Service Providers
    TymonJWTAuthProvidersLaravelServiceProvider::class,
],

'aliases' => [
    // Other Aliases
    'JWTAuth' => TymonJWTAuthFacadesJWTAuth::class,
    'JWTFactory' => TymonJWTAuthFacadesJWTFactory::class,
],

Next, you need to generate the JWT key. The key can be generated using the following command:

php artisan jwt:secret

This command will generate a random key and add it to the config/jwt.php file. It is important to protect this key and not disclose it to anyone.

After generating the key, you can start using JWT in Laravel. JWT can be used for authentication and authorization.

Authentication using JWT

The process for authenticating using JWT in Laravel is as follows:

The user submits their credentials (for example, username and password).
The application uses these credentials to generate a JWT and return it to the user.
The user includes this JWT in the Authorization header as a Bearer token in subsequent requests.
The application extracts user information from the JWT and verifies their identity.

The code to generate JWT and return it to the user is as follows:

public function login(Request $request)
{
    $credentials = $request->only('email', 'password');

    if (!$token = JWTAuth::attempt($credentials)) {
        return response()->json(['error' => 'Unauthorized'], 401);
    }

    return response()->json(['token' => $token]);
}

The code to verify the JWT and extract user information is as follows:

public function profile(Request $request)
{
    $user = JWTAuth::parseToken()->authenticate();

    return response()->json(['user' => $user]);
}

Use JWT for authorization

The process for using JWT for authorization in Laravel is as follows:

The application verifies the user's identity before they access protected resources.
If the user has been authenticated, the application checks that the JWT contains the appropriate roles or permissions.
If the user has the appropriate role or permission, the application grants the user access to the requested resource.

The code to verify the JWT and check the user's role or permissions is as follows:

public function index(Request $request)
{
    $user = JWTAuth::parseToken()->authenticate();

    if ($user->hasRole('admin')) {
        $items = Item::all();
    } else {
        $items = Item::where('user_id', '=', $user->id)->get();
    }

    return response()->json(['items' => $items]);
}

It should be noted that the hasRole() method here is a custom method and needs to be in the User model accomplish.

Summary

This article introduces the process of using JWT for authentication and authorization in Laravel. JWT provides a secure, simple, and scalable user authentication mechanism that protects applications from a variety of attacks. If you are developing a web application that requires an API, using JWT is a good choice.

The above is the detailed content of How to use jwt in laravel. For more information, please follow other related articles on the PHP Chinese website!

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undress AI Tool

Undress images for free

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Clothoff.io

AI clothes remover

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

How to report an impersonation account on Instagram

4 weeks ago By 下次还敢

How to Change ChatGPT Personality in Settings (Cynic, Robot, Listener, Nerd)

3 weeks ago By DDD

How to Fight Eris in Neon Abyss

4 weeks ago By Jack chen

Steal a Brainrot Rebirth Guide: How to Do It & What You Get

3 weeks ago By Jack chen

Terminull Brigade: Best Aurora Build Guide

2 weeks ago By DDD

Hot Tools

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Hot Topics

PHP Tutorial

1615

276

Setting up and using Magic Mouse in Windows

Related knowledge

How to use subqueries in Eloquent in Laravel? Aug 05, 2025 am 07:53 AM

LaravelEloquentsupportssubqueriesinSELECT,FROM,WHERE,andORDERBYclauses,enablingflexibledataretrievalwithoutrawSQL;1.UseselectSub()toaddcomputedcolumnslikepostcountperuser;2.UsefromSub()orclosureinfrom()totreatsubqueryasderivedtableforgroupeddata;3.Us

How to handle recurring payments with Laravel Cashier? Aug 06, 2025 pm 01:38 PM

InstallLaravelCashierviaComposerandconfiguremigrationandBillabletrait.2.CreatesubscriptionplansinStripeDashboardandnoteplanIDs.3.CollectpaymentmethodusingStripeCheckoutandstoreitviasetupintent.4.SubscribeusertoaplanusingnewSubscription()anddefaultpay

How to use sub-domain routing in Laravel? Aug 08, 2025 pm 05:07 PM

SetupdomainorlocalenvironmentforsubdomainsupportusingLaravelValet,Homestead,orhostsfileentrieslike127.0.0.1admin.yourapp.test;2.Definewildcardsubdomainroutesinroutes/web.phpusingRoute::domain('{account}.yourapp.com')tocapturesubdomainparameters;3.Cre

How to schedule Artisan commands in Laravel Aug 14, 2025 pm 12:00 PM

Define the schedule: Use Schedule object to configure Artisan command scheduling in the schedule method of the App\Console\Kernel class; 2. Set the frequency: Set the execution frequency through chain methods such as everyMinute, daily, hourly or cron syntax; 3. Pass parameters: Use arrays or strings to pass parameters to the command; 4. Scheduling the shell command: Use exec method to run system commands; 5. Add conditions: Use when, weekdays and other methods to control the execution timing; 6. Output processing: Use sendOutputTo, appendOutputTo or emailOutputTo to record or

How to create a real-time chat application with Laravel and WebSockets? Aug 16, 2025 am 04:23 AM

Create a Laravel project and install Sanctum and Pusher packages; 2. Configure Pusher credentials and set up broadcast drivers; 3. Create a message model and migration; 4. Create a MessageSent event that implements ShouldBroadcast; 5. Set up Sanctum authentication and API routing and implement a message controller; 6. Install and configure LaravelEcho and PusherJS in the front-end; 7. Use Echo to join the chat channel and listen to messages; 8. Define broadcast authorization logic in channels.php; 9. Start the service and test real-time message delivery. You can choose to build a LaravelWebSockets service, and the entire process is through Lar

How to use fluent string operations in Laravel? Aug 14, 2025 pm 04:20 PM

Laravel has introduced smooth string operations based on Illuminate\Support\Stringable since version 7. The answer is to use Str::of() to start chain calls. 1. Create a Stringable instance through Str::of('string') and call the method chained. 2. Common methods include trim, replace, append, slug, upper, etc. for formatting. 3. Use when($condition, $callback) to implement conditional conversion. 4. Use after, before, substr and other methods to extract string fragments. 5. It can be used to clear the actual application.

How to build a real-time chat application with Laravel? Aug 04, 2025 pm 01:03 PM

SetupLaravelandinstalldependenciesincludingLaravelSanctumandLaravelEcho.2.ConfigurePusherasthebroadcastdriverin.envandenabletheBroadcastServiceProvider.3.CreateaMessagemodelwithamigrationthatincludesuser_idandmessagefields.4.Implementauthenticationus

What is the Laravel application request lifecycle? Aug 05, 2025 pm 05:48 PM

Laravel's request life cycle goes through 7 stages from user-initiating a request to response return: 1. The request starts with public/index.php, loads the automatic loader and creates an application instance; 2. The HTTP kernel loads configuration, environment and service providers through boot classes; 3. The request handles security, session and other tasks through global middleware; 4. The router matches the request URI and method, executes the corresponding closure or controller, and applies routing middleware; 5. The controller instantiates through dependency injection, executes logic and returns views, JSON, redirects and other responses; 6. The response is encapsulated as a SymfonyResponse object and outputs through $response->send(); 7. Response sends

See all articles