With the continuous development of APIs, more and more web applications need to use JSON Web Tokens (JWT) to implement user authentication and authorization. As a preferred framework for developing APIs, Laravel also supports JWT. This article will introduce how to use JWT in Laravel.
What is JWT?
JSON Web Token (JWT) is an open standard (RFC 7519) for securely transmitting claims as JSON objects between parties. JWT can be used for authorization, authentication and information exchange. JWT is usually transmitted as a Bearer token in the Authorization header of the HTTP request.
The structure of JWT consists of three parts: header, payload and signature. The header and payload are both JSON objects, and the signature is the encrypted result of combining these two parts. Since the structure of JWT is very simple, it can be easily parsed and verified.
How to use JWT in Laravel?
Using JWT requires installing the following dependent libraries in the Laravel project: tymondesigns/jwt-auth. In Laravel 5.7 and higher, you can use the following command to install the dependent library:
composer require tymon/jwt-auth
After the installation is complete, you need to add the following service provider and alias to the config/app.php file:
'providers' => [
// Other Service Providers
TymonJWTAuthProvidersLaravelServiceProvider::class,
],
'aliases' => [
// Other Aliases
'JWTAuth' => TymonJWTAuthFacadesJWTAuth::class,
'JWTFactory' => TymonJWTAuthFacadesJWTFactory::class,
], Next, you need to generate the JWT key. The key can be generated using the following command:
php artisan jwt:secret
This command will generate a random key and add it to the config/jwt.php file. It is important to protect this key and not disclose it to anyone.
After generating the key, you can start using JWT in Laravel. JWT can be used for authentication and authorization.
Authentication using JWT
The process for authenticating using JWT in Laravel is as follows:
- The user submits their credentials (for example, username and password).
- The application uses these credentials to generate a JWT and return it to the user.
- The user includes this JWT in the Authorization header as a Bearer token in subsequent requests.
- The application extracts user information from the JWT and verifies their identity.
The code to generate JWT and return it to the user is as follows:
public function login(Request $request)
{
$credentials = $request->only('email', 'password');
if (!$token = JWTAuth::attempt($credentials)) {
return response()->json(['error' => 'Unauthorized'], 401);
}
return response()->json(['token' => $token]);
}The code to verify the JWT and extract user information is as follows:
public function profile(Request $request)
{
$user = JWTAuth::parseToken()->authenticate();
return response()->json(['user' => $user]);
}Use JWT for authorization
The process for using JWT for authorization in Laravel is as follows:
- The application verifies the user's identity before they access protected resources.
- If the user has been authenticated, the application checks that the JWT contains the appropriate roles or permissions.
- If the user has the appropriate role or permission, the application grants the user access to the requested resource.
The code to verify the JWT and check the user's role or permissions is as follows:
public function index(Request $request)
{
$user = JWTAuth::parseToken()->authenticate();
if ($user->hasRole('admin')) {
$items = Item::all();
} else {
$items = Item::where('user_id', '=', $user->id)->get();
}
return response()->json(['items' => $items]);
}It should be noted that the hasRole() method here is a custom method and needs to be in the User model accomplish.
Summary
This article introduces the process of using JWT for authentication and authorization in Laravel. JWT provides a secure, simple, and scalable user authentication mechanism that protects applications from a variety of attacks. If you are developing a web application that requires an API, using JWT is a good choice.
The above is the detailed content of How to use jwt in laravel. For more information, please follow other related articles on the PHP Chinese website!
Collaborative Document Editing: Streamlining Workflow in Distributed TeamsApr 27, 2025 am 12:21 AMCollaborative document editing is an effective tool for distributed teams to optimize their workflows. It improves communication and project progress through real-time collaboration and feedback loops, and common tools include Google Docs, Microsoft Teams, and Notion. Pay attention to challenges such as version control and learning curve when using it.
How long will the previous Laravel version be supported?Apr 27, 2025 am 12:17 AMThepreviousversionofLaravelissupportedwithbugfixesforsixmonthsandsecurityfixesforoneyearafteranewmajorversion'srelease.Understandingthissupporttimelineiscrucialforplanningupgrades,ensuringprojectstability,andleveragingnewfeaturesandsecurityenhancemen
Leveraging Laravel's Features for Both Frontend and Backend DevelopmentApr 27, 2025 am 12:16 AMLaravelcanbeeffectivelyusedforbothfrontendandbackenddevelopment.1)Backend:UtilizeLaravel'sEloquentORMforsimplifieddatabaseinteractions.2)Frontend:LeverageBladetemplatesforcleanHTMLandintegrateVue.jsfordynamicSPAs,ensuringseamlessfrontend-backendinteg
Can Laravel be used for Full Stack Development (Frontend Backend)?Apr 27, 2025 am 12:10 AMLaravelcanbeusedforfullstackdevelopment.1)BackendmasterywithLaravel'sexpressivesyntaxandfeatureslikeEloquentORMfordatabasemanagement.2)FrontendintegrationusingBladefordynamicHTMLtemplates.3)EnhancingfrontendwithLaravelMixforassetcompilation.4)Fullsta
What tools help with upgrading to the latest Laravel version?Apr 27, 2025 am 12:02 AMAnswer: The best tools for upgrading Laravel include Laravel's UpgradeGuide, LaravelShift, Rector, Composer, and LaravelPint. 1. Use Laravel's UpgradeGuide as the upgrade roadmap. 2. Use LaravelShift to automate most of the upgrade work, but it requires manual review. 3. Automatically refactor the code through Rector, and you need to understand and possibly customize its rules. 4. Use Composer to manage dependencies and pay attention to possible dependency conflicts. 5. Run LaravelPint to maintain code style consistency, but it does not solve the functional problems.
Beyond the Zoom Call: Creative Strategies for Connecting Distributed TeamsApr 26, 2025 am 12:24 AMToenhanceengagementandcohesionamongdistributedteamsbeyondZoom,implementthesestrategies:1)Organizevirtualcoffeebreaksforinformalchats,2)UseasynchronoustoolslikeSlackfornon-workdiscussions,3)Introducegamificationwithteamgamesorchallenges,and4)Encourage
What are the breaking changes in the latest Laravel version?Apr 26, 2025 am 12:23 AMLaravel10introducesseveralbreakingchanges:1)ItrequiresPHP8.1orhigher,2)TheRouteServiceProvidernowusesabootmethodforloadingroutes,3)ThewithTimestamps()methodonEloquentrelationshipsisdeprecated,and4)TheRequestclassnowpreferstherules()methodforvalidatio
The Productivity Paradox: Maintaining Focus and Motivation in Remote SettingsApr 26, 2025 am 12:17 AMTomaintainfocusandmotivationinremotework,createastructuredenvironment,managedigitaldistractions,fostermotivationthroughsocialinteractionsandgoalsetting,maintainwork-lifebalance,anduseappropriatetechnology.1)Setupadedicatedworkspaceandsticktoaroutine.
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
ZendStudio 13.5.1 Mac
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
MantisBT
Mantis is an easy-to-deploy web-based defect tracking tool designed to aid in product defect tracking. It requires PHP, MySQL and a web server. Check out our demo and hosting services.
SecLists
SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.
