PHPackages smskin/laravel-jwt-auth - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. smskin/laravel-jwt-auth ActiveLibrary[Authentication & Authorization](/categories/authentication) smskin/laravel-jwt-auth ======================= JWT auth support module for laravel projects 1.0.5(11mo ago)056[1 PRs](https://github.com/smskin/laravel-jwt-auth/pulls)MITPHPPHP ^8.1CI passing Since Apr 25Pushed 7mo ago1 watchersCompare [ Source](https://github.com/smskin/laravel-jwt-auth)[ Packagist](https://packagist.org/packages/smskin/laravel-jwt-auth)[ Docs](https://github.com/smskin/laravel-jwt-auth)[ RSS](/packages/smskin-laravel-jwt-auth/feed)WikiDiscussions main Synced 1mo ago READMEChangelogDependencies (6)Versions (8)Used By (0) JWT Support Module for Laravel Projects ======================================= [](#jwt-support-module-for-laravel-projects) This module allows you to: - generate a JWT for a user; - authorize users via JWT (auth gateway). Installation ------------ [](#installation) Run the following commands: ``` composer require smskin/laravel-jwt-auth php artisan vendor:publish --provider="SMSkin\JwtAuth\Providers\ServiceProvider" ``` Generate a random (brute-force resistant) string and store it in the `JWT_SECRET_KEY` variable in the `.env` file. --- Add the following to the `\App\Models\User` model: - the interface `\SMSkin\JwtAuth\Contracts\IJwtUser`; - the trait `\SMSkin\JwtAuth\Traits\JwtTrait`. Example after editing: ``` class User extends Authenticatable implements IJwtUser { /** @use HasFactory */ use HasFactory; use Notifiable; use JwtTrait; protected $table = 'users'; ... ``` --- Add a new guard to the `auth.php` configuration file: ``` 'jwt' => [ 'driver' => 'jwt', 'provider' => 'users', ] ``` Example after editing: ``` ... 'guards' => [ 'web' => [ 'driver' => 'session', 'provider' => 'users', ], 'jwt' => [ 'driver' => 'jwt', 'provider' => 'users', ] ], ... ``` Configuration ------------- [](#configuration) The `jwt.php` config file contains the following variables: - `core.secret_key` — secret key used for signing the JWT. Can be a string of any length; - `access_token.lifetime` — access token lifetime (in minutes); - `refresh_token.lifetime` — refresh token lifetime (in minutes). Usage ----- [](#usage) ### How It Works [](#how-it-works) 1. In exchange for login and password, the user receives 3 pieces of data: `accessToken` — a key that allows the service to identify the user; `expiresAt` — the timestamp when the key expires; `refreshToken` — a key that allows the user to obtain a new access token. 2. The user sends requests to the service. The middleware `auth:jwt` is used to identify the user. 3. When the access token expires (either by time or receiving a 401 response), the user calls the refresh API method to exchange the `refreshToken` for a new `accessToken`. ### Generating an Access Token (JWT) [](#generating-an-access-token-jwt) The `JwtTrait` includes the `generateJwt` method, which returns a `Request` instance consisting of: - `accessToken` (string) — the access token; - `expiresAt` (Carbon) — the expiration timestamp of the access token; - `refreshToken` (string) — the refresh token. ### Obtaining a New Access Token via Refresh [](#obtaining-a-new-access-token-via-refresh) The `IAuthService` interface provides the `refreshAccessToken` method to exchange a refresh token for a new access token. Example AuthController ---------------------- [](#example-authcontroller) ```