Using JWT for authentication in ThinkPHP6

In today's large-scale development of Internet applications, user security authentication is an essential part. To ensure user security, a common practice is to use JSON Web Token (JWT) for authentication. It can implement user authentication and permission control easily and effectively. In this article, we will introduce how to use JWT for authentication in ThinkPHP6 projects.

What is JSON Web Token?

JSON Web Token (JWT) is a lightweight authentication mechanism. Its purpose is to securely transmit claims over the network, and it can be used as a means of authentication and claim exchange. JWT is contained in HTTP request headers or URL parameters, so it is easily and conveniently transferred between the server and client.

JWT consists of three parts: header, payload and signature. The header contains information describing the signature algorithm and type, the payload contains declaration and data information, and the signature is used to verify the legitimacy of the JWT. Any data can be stored in the JWT payload, and you can customize the information you need.

Steps to use JWT for authentication in ThinkPHP6

Step 1: Install the jwt-auth extension

First, we need to introduce the jwt-auth extension into the project. Add the following dependencies in the composer.json file:

"tymon/jwt-auth": "^1.0.0-rc.5"

After installing the dependencies, use composer update to update them.

Step 2: Generate the configuration file

Run the following command to generate the configuration file:

php think jwt:publish

After generating the configuration file, we need to modify the configuration, set the JWT key and validity period, etc. Parameters, just modify the /config/jwt.php file.

Step 3: Write authentication middleware

The JWT authentication process needs to be completed on the server side. Therefore, we need to create a middleware AuthMiddleware to authenticate the JWT before the request reaches the controller.

First, we need to create the AuthMiddleware file:

php think make:middleware AuthMiddleware

In the AuthMiddleware file, we can use the following code to authenticate JWT:

<?php
namespace appmiddleware;

use thinkacadeRequest;
use TymonJWTAuthExceptionsTokenExpiredException;
use TymonJWTAuthFacadesJWTAuth;
use thinkexceptionHttpException;

class AuthMiddleware
{
    public function handle($request, Closure $next)
    {
        //获取JWT token
        $token = JWTAuth::getToken();
        if (!$token) {
            throw new HttpException(401, 'Token not provided');
        }

        try {
            //验证JWT token
            $user = JWTAuth::authenticate($token);
            $request->user = $user;
        } catch (TokenExpiredException $exception) {
            throw new HttpException(401, 'Token expired');
        } catch (Exception $exception) {
            throw new HttpException(401, 'Token invalid');
        }

        return $next($request);
    }
}

In the handle function, we first Get the JWT token. If the token does not exist, a 401 exception will be thrown.

If the token exists, we use JWTAuth::authenticate($token) to verify the validity of the token. If successful, the user information will be bound to the request context.

It should be noted that in the above code, all exceptions thrown will return a 401 error code.

Step 4: Use middleware for authentication

Use AuthMiddleware middleware in the controller for authentication, as shown below:

<?php
namespace appcontroller;

use appmiddlewareAuthMiddleware;

class UserController extends Base
{
    protected $middleware = [
        AuthMiddleware::class
    ];

    public function index()
    {
        return json($this->request->user, 200);
    }
}

In the above code, we The controller adds an AuthMiddleware middleware, so it will be automatically executed before the request reaches the controller.

The index method of the controller returns the current requesting user information. If the JWT authentication is correct, the user information in json format will be returned.

Conclusion

This article introduces how to use JWT for authentication in the ThinkPHP6 project. We introduced the implementation process of JWT authentication in detail by installing the JWT extension and generating configuration files, writing authentication middleware, and using middleware. During this process, we gained a deeper understanding of JWT related knowledge and provided valuable experience for future Internet development.

The above is the detailed content of Using JWT for authentication in ThinkPHP6. For more information, please follow other related articles on the PHP Chinese website!