


Laravel development: How to implement API authentication using Laravel Passport and JWT?
Laravel Development: How to implement API authentication using Laravel Passport and JWT?
API (Application Programming Interface) authentication is a common requirement in today's Internet applications. As a popular PHP framework, Laravel provides two tools, Laravel Passport and JWT (JSON Web Tokens), which can help us implement API authentication.
This article will introduce how to use Laravel Passport and JWT to implement API authentication. In the following content, we will understand the basic concepts of these two tools and how to configure and use them in Laravel applications.
What is Laravel Passport?
Laravel Passport is an OAuth2 server specially developed for the Laravel framework, which can help us build API authentication systems quickly and securely. Passport provides a set of APIs to perform the authentication process, and has internally implemented a series of authentication methods specified by the OAuth2 protocol.
Among them, OAuth2 is a standard protocol that uses proxy authorization. Proxy authorization is an authorization mechanism for obtaining access to resources on behalf of a user. The OAuth2 protocol issues "access tokens" to third-party applications to access protected resources on behalf of the user. Therefore, Passport actually plays the role of OAuth2 authentication server in Laravel applications.
What is JWT?
JWT (JSON Web Tokens) is an open standard (RFC 7519) for authentication and authorization in distributed network environments. JWT is commonly used to pass authenticated user identity information and claims between clients and servers. JWT consists of three parts: header, payload and signature.
Usually, the header contains the type of JWT and the encryption algorithm used, the payload contains user identity information and claims, and the signature is used to verify the authenticity of the JWT. When using JWT for authentication, the server determines the user's identity by decrypting the information in the JWT, thereby achieving API authentication.
Configuring Laravel Passport and JWT
Before using Laravel Passport and JWT for API authentication, we need to configure it in the Laravel application first. The following are the specific configuration steps:
Step 1: Install Laravel Passport and tymon/jwt-auth
Use composer to install Laravel Passport and tymon/jwt-auth in the command line tool:
composer require laravel/passport composer require tymon/jwt-auth
Step 2: Configure Laravel Passport
In the config/app.php file, add the following service provider:
'providers' => [ ... LaravelPassportPassportServiceProvider::class, ],
Then, run the following command to create the Passport data table:
php artisan migrate
For Passport’s default authentication method “Password Grant”, we add “PassportHasApiTokens” (Passport’s default user authentication Trait) to the User model. Open the User.php file and add the following content:
use LaravelPassportHasApiTokens; class User extends Authenticatable { use HasApiTokens, Notifiable; ... }
Step 3: Configure JWT
First, in the config/app.php file, add JWTServiceProvider:
'providers' => [ ... TymonJWTAuthProvidersLaravelServiceProvider::class, ],
Then , run the following command to generate the secret key required for JWT:
php artisan jwt:secret
In the config/auth.php file, add the jwt guard configuration (use jwt as the guard guard option), and set the default authentication driver Set to "jwt":
'guards' => [ ... 'jwt' => [ 'driver' => 'jwt', 'provider' => 'users' ], ], ... 'defaults' => [ 'guard' => 'jwt', ... ],
In the config/auth.php file, add the JWT user provider users configuration (instructing to use the Eloquent model):
'providers' => [ ... 'users' => [ 'driver' => 'eloquent', 'model' => AppModelsUser::class ] ],
Use Laravel Passport and JWT API Authentication
After the preparation work is completed, we can happily implement API authentication using Laravel Passport and JWT. The following is the specific operation process:
Step 1: Register API routing
First, register the API routing in the routes/api.php file. For example, we define a GET route for obtaining user information:
Route::middleware('auth:api')->get('/user', function (Request $request) { return $request->user(); });
Laravel's middleware auth:api is used here, which will ensure that requests from authenticated users can pass. With routing middleware, we add this step of authentication to the route.
Step 2: Create an access token
Users need an access token to access the API. We need to use password authorization access token. The specific implementation steps are as follows:
You need to first define a route to receive the user name and password provided by the user:
Route::post('/login', function (Request $request) { $http = new GuzzleHttpClient; $response = $http->post('http://your-app.com/oauth/token', [ 'form_params' => [ 'grant_type' => 'password', 'client_id' => 'client-id', 'client_secret' => 'client-secret', 'username' => $request->username, 'password' => $request->password, 'scope' => '', ], ]); return json_decode((string) $response->getBody(), true); });
In the above code, we use GuzzleHttp The client sends a POST request to obtain the access token. Among them, grant_type must be "password", client_id and client_secret respectively correspond to the ID and Secret applied in Laravel Passport. After the request is successful, a JSON response will be returned containing the user's access token access_token to access the API.
Step 3: Initiate API request
We can use the obtained token access_token to send a request to the API, verify the user's identity, and obtain protected resources. When making a request to the API, you must add the Authorization key-value pair in the header, whose value is "Bearer access_token". For example:
$accessToken = 'your-access-token'; $response = $http->withHeaders([ 'Authorization' => 'Bearer ' . $accessToken ])->get('http://your-app.com/api/user');
If the request is successful, the API will return user information.
Conclusion
In Laravel applications, Laravel Passport provides a powerful OAuth2 authentication protocol and API authentication function, and JWT is a safe and convenient authentication method. In actual development, we can use Laravel Passport and JWT in combination to improve the security and reliability of the API and protect user data from being stolen or tampered with by malicious attackers.
The above is the detailed content of Laravel development: How to implement API authentication using Laravel Passport and JWT?. For more information, please follow other related articles on the PHP Chinese website!

Laravel stands out by simplifying the web development process and delivering powerful features. Its advantages include: 1) concise syntax and powerful ORM system, 2) efficient routing and authentication system, 3) rich third-party library support, allowing developers to focus on writing elegant code and improve development efficiency.

Laravelispredominantlyabackendframework,designedforserver-sidelogic,databasemanagement,andAPIdevelopment,thoughitalsosupportsfrontenddevelopmentwithBladetemplates.

Laravel and Python have their own advantages and disadvantages in terms of performance and scalability. Laravel improves performance through asynchronous processing and queueing systems, but due to PHP limitations, there may be bottlenecks when high concurrency is present; Python performs well with the asynchronous framework and a powerful library ecosystem, but is affected by GIL in a multi-threaded environment.

Laravel is suitable for projects that teams are familiar with PHP and require rich features, while Python frameworks depend on project requirements. 1.Laravel provides elegant syntax and rich features, suitable for projects that require rapid development and flexibility. 2. Django is suitable for complex applications because of its "battery inclusion" concept. 3.Flask is suitable for fast prototypes and small projects, providing great flexibility.

Laravel can be used for front-end development. 1) Use the Blade template engine to generate HTML. 2) Integrate Vite to manage front-end resources. 3) Build SPA, PWA or static website. 4) Combine routing, middleware and EloquentORM to create a complete web application.

PHP and Laravel can be used to build efficient server-side applications. 1.PHP is an open source scripting language suitable for web development. 2.Laravel provides routing, controller, EloquentORM, Blade template engine and other functions to simplify development. 3. Improve application performance and security through caching, code optimization and security measures. 4. Test and deployment strategies to ensure stable operation of applications.

Laravel and Python have their own advantages and disadvantages in terms of learning curve and ease of use. Laravel is suitable for rapid development of web applications. The learning curve is relatively flat, but it takes time to master advanced functions. Python's grammar is concise and the learning curve is flat, but dynamic type systems need to be cautious.

Laravel's advantages in back-end development include: 1) elegant syntax and EloquentORM simplify the development process; 2) rich ecosystem and active community support; 3) improved development efficiency and code quality. Laravel's design allows developers to develop more efficiently and improve code quality through its powerful features and tools.


Hot AI Tools

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Undress AI Tool
Undress images for free

Clothoff.io
AI clothes remover

Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

Hot Tools

SecLists
SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.

DVWA
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software

SAP NetWeaver Server Adapter for Eclipse
Integrate Eclipse with SAP NetWeaver application server.

MinGW - Minimalist GNU for Windows
This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.

Safe Exam Browser
Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.