laravel jwt delete

Preface

In the process of using Laravel and JWT for web development, you may encounter the situation of deleting JWT. This article will introduce how to delete JWT in the Laravel framework.

Necessity of deleting JWT

JWT solves user authentication and authorization problems very well, but in some cases, you may need to delete JWT. Here are some reasons why:

1. Security Issues: Compromised or compromised JWTs can lead to serious security vulnerabilities.
2. Abuse issues: If your application is collecting data about user activity, you may need to remove the JWT to stop collecting data when the user logs out or exits the application.
3. For debugging: Removing the JWT can help you re-simulate the user's login flow.

Steps to delete a JWT

To delete a JWT, there are three steps:

1. Revoke a JWT: A JWT can be revoked, thereby making it invalid . To achieve this, you need to maintain a blacklist of stored JWTs.
2. Modify the validity period of JWT: You can set the validity period of JWT to a shorter period of time to ensure that potentially stolen JWTs expire faster.
3. Delete JWTs: You can ask users to delete JWTs manually or by writing code to delete them.

We will explain these steps in more detail.

Revoke JWT

JWT revocation requires you to maintain a JWT blacklist. When a user logs out or exits the application, add the user's JWT to the blacklist. When a user attempts to access your application using this JWT, your application checks whether the JWT is on the blacklist. If it is, the user is not allowed to enter your application. Here are the steps to achieve this:

Step 1: Create a middleware

Create a middleware named "JwtBlacklist".

php artisan make:middleware JwtBlacklist

Step 2: Write code

Write the following code in the handle method of the middleware:

public function handle($request, Closure $next)
{
    $token = $request->bearerToken();

    if(auth()->check()){
        auth()->logout();
        JWTAuth::invalidate(JWTAuth::getToken());
        return response()->json(['message' => 'Logout successful']);
    }elseif($token){
        try {
            JWTAuth::parseToken()->authenticate();
            JWTAuth::invalidate(JWTAuth::getToken());
            return response()->json(['message' => 'Logout successful']);
        } catch (JWTException $e) {
            // ignore errors
        }
    }

    return $next($request);
}

Step 3: Register the middleware

In the app Register middleware in the $routeMiddleware array of the /Http/Kernel.php file.

'jwt.blacklist' => AppHttpMiddlewareJwtBlacklist::class,

Modify the validity period of JWT

JWT consists of three parts, namely the header (Base64-encoded JSON object), the payload (Base64-encoded JSON object) and the signature. Therefore, you can change the validity period in the load.

In Laravel/JWT, you can use the following code:

public function login(Request $request) {
    $credentials = $request->only('email', 'password');

    if ($token = JWTAuth::attempt($credentials, ['exp' => Carbon::now()->addHours(24)->timestamp])) {
        return response()->json(['message' => 'Success', 'token' => $token]);
    }

    return response()->json(['error' => 'Unauthorized'], 401);
}

In the above code, we set the validity period of the JWT to 24 hours.

Delete JWT

If you require users to manually delete a JWT, you need to clearly tell the user this information. You can provide a button or link for the logout action so that the user can delete the JWT.

If you want to delete the JWT by writing code, you can add the following code to your controller:

public function logout(Request $request) {
    JWTAuth::invalidate(JWTAuth::getToken());
    return response()->json(['message' => 'Logout successful']);
}

This controller will delete the JWT when the user clicks the logout button.

Conclusion

This article describes how to delete JWT in Laravel and JWT. You can do this by revoking, modifying the JWT's validity period, and deleting the JWT. If you have any questions or queries, please leave a message in the comment area and I will reply as soon as possible.

The above is the detailed content of laravel jwt delete. For more information, please follow other related articles on the PHP Chinese website!