Embark on a journey into the realm of Laravel 11's JWT token system, where security dances with elegance. In this comprehensive guide, we'll embark on a quest to seamlessly integrate JWT authentication into your Laravel application, fortifying it with an impenetrable layer of protection.
Our adventure begins by summoning a fresh Laravel application into existence through the terminal's command-line interface. Brace yourself as we weave the intricate threads of JWT authentication into the very fabric of your project, imbuing it with an aura of unparalleled security and resilience
composer create-project laravel/laravel:^11.0 jwt-app cd jwt-app
In this tutorial, we'll be copying a considerable amount of configuration code from the official documentation of the "jwt-auth" package. However, we'll be focusing primarily on writing the code that will handle the core authorization functionality, which we'll configure in our application using this package.
Essentially, we'll be leveraging the package's documentation as a reference source, extracting and adapting the necessary configuration snippets. Our primary objective will be to develop the core authorization logic that will govern access control within our Laravel application. By integrating the "jwt-auth" package, we'll enhance our application's security measures through the implementation of JSON Web Token (JWT) authentication.
While we'll be relying on the package's documentation for guidance, our emphasis will be on crafting the custom code that aligns with our application's specific requirements. This approach will ensure that the authorization system we build is tailored to our unique needs, providing a robust and secure authentication mechanism for our users.
composer require tymon/jwt-auth
This command will publish the necessary files and configurations for the JWT authentication package, allowing us to set up and customize the package according to our application's needs.
Generate a JWT secret key
php artisan jwt:secret
This command will generate a secret key that will be used to encrypt access and refresh tokens for authorization
Then we need to run all migrations with the seeder
php artisan migrate:fresh --seed
According to the documentation, we need to update the User model to enable token generation for every user in our application. Let's copy the code from the official documentation and paste it inside the app/Models/User.php file:
Open the config/auth.php file, and locate the defaults and guards arrays. We need to make some changes to these arrays to configure the JWT authentication properly.
// ...
'defaults' => [
'guard' => 'api',
'passwords' => 'users',
],
// ...
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'jwt',
'provider' => 'users',
],
],
Next auth routes inside the “routes/api.php” file before this install api
php artisan install:api
Create AuthController and paste the code \app\Http\Controllers\AuthController.php
To test the code we copied from the official JWT-auth documentation, I'll be using the Postman app for making HTTP requests. Postman is a useful tool for testing your application's API. In simple terms, Postman is a convenient application that allows you to send different types of HTTP requests (such as GET, POST, PUT, DELETE) to your application's endpoints and inspect the responses. This makes it easier to test and verify the functionality of your API without needing to build a separate user interface.
Open Postman: Launch the Postman application on your computer.
Select the HTTP Method: At the top-left corner of the Postman window, you'll find a dropdown menu where you can select the desired HTTP method for your request (e.g., GET, POST, PUT, DELETE).
Enter the Endpoint URL: Next to the HTTP method dropdown, there's a text field where you can enter the URL of the endpoint you want to test. For example, if you want to test the /api/login endpoint on your local server, you might enter http://localhost:8000/api/auth/login.
Add Request Headers (if needed): If your endpoint requires specific headers (e.g., Authorization, Content-Type), click on the "Headers" tab below the URL field, and add the necessary headers with their respective values.
Add Request Body (if needed): If your endpoint expects a request body (e.g., for POST or PUT requests), click on the "Body" tab below the URL field. Here, you can select the appropriate body format (e.g., raw, form-data, JSON) and enter the required data.
Send the Request: Once you've set up the HTTP method, URL, headers, and body (if needed), click the "Send" button to send the request to your endpoint.
View the Response: After sending the request, Postman will display the response from your endpoint in the lower part of the window. You can view the response headers, status code, and response body.
Inspect the Response: Carefully inspect the response to ensure it matches your expected output. If there are any issues or errors, you can troubleshoot your code or endpoint configuration based on the response.
We can see decoded token