🔐 JSON Web Token Authentication for Laravel & Lumen

Last update: Jun 26, 2022
Comments
  • 1. Refresh token

    I use refresh token middleware

    Route::group(['prefix' => env('API_VERSION', 'dev'),'middleware' => ['jwt.refresh','jwt.auth','user.lastseen']], function()

    I always get token invalid message (token_invalid)?

    thanks:D

    Reviewed by marijang at 2015-04-13 19:54
  • 2. Laravel 5.5. jwt:generate issue

    Hi all, I came upon one issue when I try to run php artisan jwt:generate I get the Reflection Exception saying "[ReflectionException] Method Tymon\JWTAuth\Commands\JWTGenerateCommand::handle() does not exist"

    Both Facades and service providers are entered properly and they are valid.

    Also for people who have a struggle to make it work I can advise one solution. Go to JWTGenerateCommand.php file located in vendor/tymon/src/Commands and paste this part of code public function handle() { $this->fire(); }

    I know this is not an elegant solution, but it works. I hope this might help until official fix arrive.

    Have a nice day.

    Reviewed by Milos0110 at 2017-09-03 10:28
  • 3. Add support & documentation for integrating with Lumen 5.2

    Since Lumen does not support session state, incoming requests that we wish to authenticate must be authenticated via a stateless mechanism such as API tokens. This package is really going to be helpful for resolving out the authenticated user from the request through API token. https://lumen.laravel.com/docs/5.2/authentication

    Auth::viaRequest('api', function ($request) {
        try {
            if (! $user = JWTAuth::parseToken()->authenticate()) {
                return null;
            }
        } catch (Exception $e) {
            return null;
        } 
        return $user;
    });
    

    It would be really helpful if we have another section in the wiki about integrating this package with Lumen. I see that most of the work has already been done ( already there is a LumenServiceProvider ), only that it needs to be upgraded to support v5.2 and documented. Thank you Symon for giving us this wonderful package that we can use with out Laravel and Lumen projects.

    Reviewed by rajabishek at 2016-01-08 08:26
  • 4. Token Not Provided

    Hello.

    I've added the following header to all of my requests in Angular:

    Authorization: Bearer eyJhbGciOiJI...
    

    and I can see that it's working. On the Laravel side I'm using:

    public function __construct()
    {
        $this->middleware('jwt.auth');
    }
    

    No matter what I do I'm getting 400 bad request, token_not_provided. Any idea what might be going on?

    Thank you for your work on this package. Matt

    Reviewed by mcblum at 2015-04-10 20:55
  • 5. Feature: Laravel 5.2 Custom Authentication Guard and Driver

    The docs indicate it is possible to create your own implementation of Illuminate\Contracts\Auth\Guard and registering it as a driver in a service provider.

    I was reading about the new stateless token authentication that was added in 5.2 in a JacobBennett Gist (the docs are really vague), but it doesn't appear to be the same as JWT tokens. That said it would be amazing to be able to leverage Laravel's API the same way.

    Would it be possible to create a custom driver to reduce the amount of changes required to implement JWT tokens, and reduce the API a bit so using more of Laravel's API? For example getting a user is Auth::guard('api')->user(); using the API guard, and the equivalent could be Auth::guard('jwt')->user();

    Reviewed by mtpultz at 2016-02-16 00:07
  • 6. How do you refresh Token ?

    Hi

    Is there any documentation on how to refresh token after it gets expired ?

    Also there is conflict if you use both refresh and blacklist for all protected routes.

    Reviewed by mrgodhani at 2015-07-22 18:18
  • 7. Guide for setting up with Lumen?

    Where's the current guide to setting up a recent version of jwt-auth (I'm trying to use 1.0.0-beta.3) with a recent version of Lumen (5.4)?

    I've looked through various threads in the issue tracker (such as https://github.com/tymondesigns/jwt-auth/issues/376) and it's really not clear what the best practice is.

    Reviewed by tremby at 2017-04-11 23:22
  • 8. Argument 3 passed to Lcobucci\JWT\Signer\Hmac::doVerify() must be an instance of Lcobucci\JWT\Signer\Key, null given

    Subject of the issue

    Describe your issue here.

    Your environment

    | Q | A | ----------------- | --- | Bug? | no | New Feature? | no | Framework | Laravel | Framework version | 5.7 | Package version | 11.0.0-rc.3 | PHP version | 7.x.y

    Steps to reproduce

    Tell us how to reproduce this issue. After Pushing code to live server and generating jwt key and clearing config cache. I get Argument 3 passed to Lcobucci\JWT\Signer\Hmac::doVerify() must be an instance of Lcobucci\JWT\Signer\Key, null given, error

    Expected behaviour

    Tell us what should happen

    Actual behaviour

    Tell us what happens instead

    Reviewed by sulemankhann at 2018-12-21 09:13
  • 9. Tymon\JWTAuth\Exceptions\JWTException: Could not create token: Implicit conversion of keys from strings is deprecated. Please use InMemory or LocalFileReference classes.

    Subject of the issue

    "lcobucci/jwt": "3.4.0"

    https://github.com/lcobucci/jwt/releases/tag/3.4.0

    ⚠ This version also triggers E_USER_DEPRECATED errors in scenarios where we can't simply use @deprecated. Please make sure you follow the provided instructions before upgrading your production code.

    Your environment

    | Q | A | ----------------- | --- | Bug? | yes | New Feature? | no | Framework | Laravel | Framework version | 8.x.y | Package version | 1.x.y | PHP version | 7.x.y

    Reviewed by jxlwqq at 2020-11-25 02:33
  • 10. JWT Auth doesn't have Laravel 6 Compatibility

    I install a fresh Laravel 6 project. but when I install tymondesigns/jwt-auth package composer require tymon/jwt-auth or composer require tymon/jwt-auth:dev-develop

    but it shows an error

    Problem 1
        - Installation request for tymon/jwt-auth dev-develop -> satisfiable by tymon/jwt-auth[dev-develop].
        - Conclusion: remove laravel/framework v6.0.0
        - Conclusion: don't install laravel/framework v6.0.0
        - tymon/jwt-auth dev-develop requires illuminate/http ^5.1 -> satisfiable by illuminate/http[5.1.x-dev, 5.2.x-dev, 5.3.x-dev, 5.4.x-dev, 5.5.x-dev, 5.6.x-dev, 5.7.17, 5.7.18,5.7.19, 5.7.x-dev, 5.8.x-dev, v5.1.1, v5.1.13, v5.1.16, v5.1.2, v5.1.20, v5.1.22, v5.1.25, v5.1.28, v5.1.30, v5.1.31, v5.1.41, v5.1.6, v5.1.8, v5.2.0, v5.2.19, v5.2.21, v5.2.24, v5.2.25, v5.2.26, v5.2.27, v5.2.28, v5.2.31, v5.2.32, v5.2.37, v5.2.43, v5.2.45, v5.2.6, v5.2.7, v5.3.0, v5.3.16, v5.3.23, v5.3.4, v5.4.0, v5.4.13, v5.4.17, v5.4.19, v5.4.27, v5.4.36, v5.4.9, v5.5.0, v5.5.16, v5.5.17, v5.5.2, v5.5.28, v5.5.33, v5.5.34, v5.5.35, v5.5.36, v5.5.37, v5.5.39, v5.5.40, v5.5.41, v5.5.43, v5.5.44, v5.6.0, v5.6.1, v5.6.10, v5.6.11,v5.6.12, v5.6.13, v5.6.14, v5.6.15, v5.6.16, v5.6.17, v5.6.19, v5.6.2, v5.6.20, v5.6.21, v5.6.22, v5.6.23, v5.6.24, v5.6.25, v5.6.26, v5.6.27, v5.6.28, v5.6.29, v5.6.3, v5.6.30, v5.6.31, v5.6.32, v5.6.33, v5.6.34, v5.6.35, v5.6.36, v5.6.37, v5.6.38, v5.6.39, v5.6.4, v5.6.5, v5.6.6, v5.6.7, v5.6.8, v5.6.9, v5.7.0, v5.7.1, v5.7.10, v5.7.11, v5.7.15, v5.7.2,v5.7.20, v5.7.21, v5.7.22, v5.7.23, v5.7.26, v5.7.27, v5.7.28, v5.7.3, v5.7.4, v5.7.5, v5.7.6, v5.7.7, v5.7.8, v5.7.9, v5.8.0, v5.8.11, v5.8.12, v5.8.14, v5.8.15, v5.8.17, v5.8.18, v5.8.19, v5.8.2, v5.8.20, v5.8.22, v5.8.24, v5.8.27, v5.8.28, v5.8.29, v5.8.3, v5.8.30, v5.8.31, v5.8.32, v5.8.33, v5.8.34, v5.8.35, v5.8.4, v5.8.8, v5.8.9].
        - don't install illuminate/http 5.1.x-dev|don't install laravel/framework v6.0.0
        - don't install illuminate/http 5.2.x-dev|don't install laravel/framework v6.0.0
        - don't install illuminate/http 5.3.x-dev|don't install laravel/framework v6.0.0
        - don't install illuminate/http 5.4.x-dev|don't install laravel/framework v6.0.0
        - don't install illuminate/http 5.5.x-dev|don't install laravel/framework v6.0.0
        - don't install illuminate/http 5.6.x-dev|don't install laravel/framework v6.0.0
        - don't install illuminate/http 5.7.17|don't install laravel/framework v6.0.0
        - don't install illuminate/http 5.7.18|don't install laravel/framework v6.0.0
        - don't install illuminate/http 5.7.19|don't install laravel/framework v6.0.0
        ........................
    

    how to resolve this?

    Reviewed by kennethtomagan at 2019-09-06 01:31
  • 11. Proper installation instructions for Laravel 5.7

    Proper installation instructions for Laravel 5.7

    Really, need a proper walk-through of installation

    Your environment

    | Q | A | ----------------- | --- | Bug? | no / yes | New Feature? | no / yes | Framework | Laravel | Framework version | 5.7 | Package version | 1.0.0-rc.3 | PHP version | 7.1

    Steps to reproduce

    Had to follow 3 different bug reports to get things working.

    Expected behaviour

    I should be able to follow one single version of the truth for the combination I am installing it for.

    Actual behaviour

    Had to fiddle around with things for 2 hours to get them to work... 👎

    Reviewed by vsecades at 2018-10-14 23:58
  • 12. Added Example User Model Modification For Lumen

    Added an example for modifying user model file for laravel lumen applications as this is slightly different and has raised a few questions among confused users across various forums.

    Reviewed by bobbyaxe61 at 2022-06-22 04:58
  • 13. can't run graphQL

    Subject of the issue

    Tymon\JWTAuth\Blacklist::__construct(): Argument #1 ($storage) must be of type Tymon\JWTAuth\Contracts\Providers\Storage, PHPOpenSourceSaver\JWTAuth\Providers\Storage\Illuminate given, called in /vendor/tymon/jwt-auth/src/Providers/AbstractServiceProvider.php on line 284"

    Your environment

    | Q | A | ----------------- | --- | Bug? | yes | New Feature? | no | Framework | Laravel

    | Package version | 1.x.y | PHP version | 8.1

    Screen Shot 2022-05-21 at 9 17 44 PM

    Reviewed by fahjan at 2022-05-21 18:17
  • 14. Set leeway on Datetime Claims creation

    Currently, the leeway property of Datetime claims is set after the instance creation, calling the relative setter method. This could cause validation errors inside the validateCreate method of the IssuedAt class, in the case where an instance gets created using a value from an existing token, due to the leeway not being considered.

    This has caused some problems on one of our services that was running on a pool of different hosts which happened to have their system clocks out of sync. We solved the issue by fixing our NTP configurations, but we'd appreciate the leeway property to be correctly handled by the library. The problem seems to be also mentioned here.

    We really appreciate your effort with this project and we hope you find this helpful. I'm always available if you need me to further expand on this.

    Have a nice weekend!

    Reviewed by alessandrodolci at 2022-04-29 16:26
  • 15. Package can't install on `lumen 9.x` and `php 8.1.5`

    Package can't install on lumen 9.x and php 8.1.5

    - illuminate/support[v5.6.0, ..., 5.8.x-dev] require php ^7.1.3 -> your php version (8.1.5) does not satisfy that requirement.
        - Root composer.json requires laravel/lumen-framework ^9.0 -> satisfiable by laravel/lumen-framework[v9.0.0, v9.0.1, v9.0.2, 9.x-dev].
        - tymon/jwt-auth 0.5.12 requires illuminate/support ~5.0 -> satisfiable by illuminate/support[v5.0.0, ..., 5.8.x-dev].
    
    
    Reviewed by karimpazoki at 2022-04-29 15:35
  • 16. Redis cache Blacklist standard_ref overflow

    Redis cache Blacklist standard_ref overflow

    env

    CACHE_DRIVER=redis
    JWT_TTL=480
    JWT_REFRESH_TTL=1400
    

    Your environment

    | Q | A | ----------------- | --- | Bug? | yes | New Feature? | no | Framework | Laravel | Framework version | 6.20.32 | Package version | 1.0.2 | PHP version | 7.4.24

    Steps to reproduce

    call JWTGuard->logout

    Manager->invalidate

    Blacklist->add

    RedisTaggedCache->put

    RedisTaggedCache->pushStandardKeys

    I see

    redis Set add xxx:standard_ref

    string xxx:standard_ref ttl=1400*60

    array(1) {
      ["valid_until"]=>
      int(1650435177)
    }
    

    timeout 1400*60 string xxx:standard_ref Removed

    Set xxx:standard_ref member is not Remove

    Expected behaviour

    Tell us what should happen

    Actual behaviour

    Tell us what happens instead

    Reviewed by wenjy at 2022-04-20 07:56
A simple library to work with JSON Web Token and JSON Web Signature

JWT A simple library to work with JSON Web Token and JSON Web Signature based on the RFC 7519. Installation Package is available on Packagist, you can

Jun 29, 2022
Un proyecto que crea una API de usuarios para registro, login y luego acceder a su información mediante autenticación con JSON Web Token

JSON WEB TOKEN CON LARAVEL 8 Prueba de autenticación de usuarios con una API creada en Laravel 8 Simple, fast routing engine. License The Laravel fram

Oct 10, 2021
Implements a Refresh Token system over Json Web Tokens in Symfony

JWTRefreshTokenBundle The purpose of this bundle is manage refresh tokens with JWT (Json Web Tokens) in an easy way. This bundles uses LexikJWTAuthent

Jun 28, 2022
JSON Web Token (JWT) for webman plugin
JSON Web Token (JWT) for webman plugin

JSON Web Token (JWT) for webman plugin Json web token (JWT), 是为了在网络应用环境间传递声明而执行的一种基于JSON的开放标准((RFC 7519).该token被设计为紧凑且安全的,特别适用于分布式站点的单点登录(SSO)场景。

Jun 30, 2022
Minimalistic token-based authorization for Laravel API endpoints.

Bearer Minimalistic token-based authorization for Laravel API endpoints. Installation You can install the package via Composer: composer require ryang

Jun 17, 2022
Authentication REST-API built with Lumen PHP Framework

Authentication REST-API built with Lumen PHP Framework Laravel Lumen is a stunningly fast PHP micro-framework for building web applications with expre

Oct 12, 2021
It's a Laravel 8 authentication markdown that will help you to understand and grasp all the underlying functionality for Session and API Authentication

About Auth Starter It's a Laravel 8 authentication markdown that will help you to understand and grasp all the underlying functionality for Session an

Jun 9, 2022
Rinvex Authy is a simple wrapper for @Authy TOTP API, the best rated Two-Factor Authentication service for consumers, simplest 2fa Rest API for developers and a strong authentication platform for the enterprise.
Rinvex Authy is a simple wrapper for @Authy TOTP API, the best rated Two-Factor Authentication service for consumers, simplest 2fa Rest API for developers and a strong authentication platform for the enterprise.

Rinvex Authy Rinvex Authy is a simple wrapper for Authy TOTP API, the best rated Two-Factor Authentication service for consumers, simplest 2fa Rest AP

Feb 14, 2022
phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service (CAS) server.

phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service (CAS) server.

Jun 30, 2022
Basic Authentication handler for the JSON API, used for development and debugging purposes

Basic Authentication handler This plugin adds Basic Authentication to a WordPress site. Note that this plugin requires sending your username and passw

Jun 16, 2022
An OAuth 2.0 bridge for Laravel and Lumen [DEPRECATED FOR LARAVEL 5.3+]
An OAuth 2.0 bridge for Laravel and Lumen [DEPRECATED FOR LARAVEL 5.3+]

OAuth 2.0 Server for Laravel (deprecated for Laravel 5.3+) Note: This package is no longer maintaned for Laravel 5.3+ since Laravel now features the P

Jun 24, 2022
Multi-factor Authentication using a Public PGP key for web based applications

PGPmfa() a PHP Class for PGP Multi-factor Authentication using a Public PGP key for web based applications Multi-factor Authentication with PGP Second

Mar 29, 2022
Making Laravel Passport work with Lumen

lumen-passport Making Laravel Passport work with Lumen A simple service provider that makes Laravel Passport work with Lumen Dependencies PHP >= 5.6.3

Jun 23, 2022
JWT auth for Laravel and Lumen
JWT auth for Laravel and Lumen

JWT Artisan Token auth for Laravel and Lumen web artisans JWT is a great solution for authenticating API requests between various services. This packa

May 27, 2022
An invisible reCAPTCHA package for Laravel, Lumen, CI or native PHP.
An invisible reCAPTCHA package for Laravel, Lumen, CI or native PHP.

Invisible reCAPTCHA Why Invisible reCAPTCHA? Invisible reCAPTCHA is an improved version of reCAPTCHA v2(no captcha). In reCAPTCHA v2, users need to cl

Jun 23, 2022
🔑 Simple Keycloak Guard for Laravel / Lumen
🔑 Simple Keycloak Guard for Laravel / Lumen

Simple Keycloak Guard for Laravel / Lumen This package helps you authenticate users on a Laravel API based on JWT tokens generated from Keycloak Serve

Jun 27, 2022
HTTP Basic Auth Guard for Lumen 5.x

HTTP Basic Auth Guard HTTP Basic Auth Guard is a Lumen Package that lets you use basic as your driver for the authentication guard in your application

Feb 14, 2022
:octocat: Socialite is an OAuth2 Authentication tool. It is inspired by laravel/socialite, you can easily use it without Laravel.

Socialite Socialite is an OAuth2 Authentication tool. It is inspired by laravel/socialite, You can easily use it in any PHP project. 中文文档 This tool no

Jun 28, 2022
A Simple method to create laravel authentication for an existing laravel project.
A Simple method to create laravel authentication for an existing laravel project.

Laravel Simple Auth A Simple method to create laravel authentication for an existing laravel project. Indroduction Why I created this kind of package?

Dec 14, 2021