PHPackages                             werk365/jwtauthroles - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. werk365/jwtauthroles

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

werk365/jwtauthroles
====================

Made to use fusionauth users in Laravel using JWT. Possible to either use pem keys directly or use the jwks endpoint.

1.2.3(4y ago)154072MITPHPCI failing

Since Jul 13Pushed 11mo ago1 watchersCompare

[ Source](https://github.com/365Werk/jwtauthroles)[ Packagist](https://packagist.org/packages/werk365/jwtauthroles)[ Docs](https://github.com/365werk/jwtauthroles)[ RSS](/packages/werk365-jwtauthroles/feed)WikiDiscussions master Synced 1mo ago

READMEChangelog (10)Dependencies (7)Versions (23)Used By (0)

JWT Auth and Roles
==================

[](#jwt-auth-and-roles)

[![Latest Version on Packagist](https://camo.githubusercontent.com/867626cd7a770e1594af7f5b5d6f072cc643876244200e7198f07c219eb02814/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f7765726b3336352f6a777461757468726f6c65732e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/werk365/jwtauthroles)[![Total Downloads](https://camo.githubusercontent.com/802af30d8899a8843da05895c649e88e131749038d78851a915fa308efbe935e/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f7765726b3336352f6a777461757468726f6c65732e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/werk365/jwtauthroles)[![MIT Licensed](https://camo.githubusercontent.com/55c0218c8f8009f06ad4ddae837ddd05301481fcf0dff8e0ed9dadda8780713e/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d627269676874677265656e2e7376673f7374796c653d666c61742d737175617265)](license.md) [![Join the chat at https://gitter.im/werk365/Laravel-JWT-Auth-Roles](https://camo.githubusercontent.com/9d53dcf5399c4b41fc0d455a87aef945d9f63d5da368efeb0fde00f52841d5a2/68747470733a2f2f6261646765732e6769747465722e696d2f7765726b3336352f4c61726176656c2d4a57542d417574682d526f6c65732e737667)](https://gitter.im/werk365/Laravel-JWT-Auth-Roles?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)

[![StyleCI](https://camo.githubusercontent.com/0c4e307ed2de113f2627635246d93f3812074e4931ab69a12629d6c4634ec6f1/68747470733a2f2f6769746875622e7374796c6563692e696f2f7265706f732f3237383037353630382f736869656c64)](https://camo.githubusercontent.com/0c4e307ed2de113f2627635246d93f3812074e4931ab69a12629d6c4634ec6f1/68747470733a2f2f6769746875622e7374796c6563692e696f2f7265706f732f3237383037353630382f736869656c64)[![Scrutinizer Quality](https://camo.githubusercontent.com/ae451e6c7217c3ee2695f3134dc7d23047d1210084f0d22c8ecd833db96a32e3/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f3336355765726b2f4c61726176656c2d4a57542d417574682d526f6c65732f6261646765732f7175616c6974792d73636f72652e706e67)](https://scrutinizer-ci.com/g/365Werk/Laravel-JWT-Auth-Roles/)[![Tests](https://github.com/365Werk/Laravel-JWT-Auth-Roles/workflows/Run%20Tests/badge.svg)](https://github.com/365Werk/Laravel-JWT-Auth-Roles/workflows/Run%20Tests/badge.svg)

Made to use JWTs from an external identity provider in Laravel. Tested with Fusionauth, but should be quite general purpose.

With this package you can validate the incoming JWT, and create an authenticated user that has to roles specified in the JWT for further (route based) authentication using a role middleware that is included.

.

Take a look at [contributing.md](contributing.md) to see a to do list.

Installation
------------

[](#installation)

Via Composer

```
$ composer require werk365/jwtauthroles
```

Publish config and migration

```
$ php artisan vendor:publish --provider="Werk365\JwtAuthRoles\JwtAuthRolesServiceProvider"
```

Migrations are only needed if you want to either cache the JWKs or store the user, this can be configured in the config. It's possible to use this package without storing anything related to it in the database at all.

Run migration

```
$ php artisan migrate
```

Usage
-----

[](#usage)

In your AuthServiceProvider modify boot()

```
use Illuminate\Support\Facades\Auth;
use Werk365\JwtAuthRoles\JwtAuthRoles;

public function boot()
{
    $this->registerPolicies();

    Auth::viaRequest('jwt', function ($request) {
        return JwtAuthRoles::authUser($request);
    });
}
```

Then either change one of your guards in config/auth.php to use the jwt driver and jwt\_users provider, or add a new guard

```
use Werk365\JwtAuthRoles\Models\JwtUser;
'guards' => [
    // ...
    'jwt' => [
        'driver' => 'jwt',
        'provider' => 'jwt_users',
        'hash' => false,
    ],
],

// ...

'providers' => [
    // ...
    'jwt_users' => [
        'driver' => 'eloquent',
        'model' => JwtUser::class,
    ],
],
```

Now you can use the JWT guard in your routes, for example on a group:

```
Route::group(['middleware' => ['auth:jwt']], function () {
    // Routes can go here
});
```

You can also use the RolesMiddelware to do role-based authentication on a route like this:

```
    // single role
    Route::get('/exammple', function(){
        return "example";
    })->middleware('role:example');

    // multiple roles
    Route::get('/exammples', function(){
        return "examples";
    })->middleware('role:example|second|third|etc');
```

To make the authenticated user actually useful, the JwtUser model extends the User model. This means that you can define any relations in the User model, and then use them for the authenticated user.

For example, add the following relationship in the default User model:

```
    public function documents()
    {
        return $this->hasMany('App\Models\Document', 'user', 'uuid');
    }
```

This assumes you have a Documents model where the uuid provided by your identity provider is stored in a 'user' column, this can be anything you want of course, but the local key should always be uuid.

This can then be used as follows to retrieve all documents belonging to this user:

```
return Auth::user()->documents;
```

Finally, configure the config to your needs. The default published config will validate the JWT, but not use the database. It looks like this:

```