Earlier when I was using laravel 5.2, i used a third party package https://github.com/tymondesigns/jwt-auth/ for making JWT based authentication. Where we just had to pass the username and password to get a token.
Now in laravel 5.3 with the introduction of passport I want to make a JWT based authentication but passport requires me to specify the client_id and client_secret along with the username and password. which was not there in tymondesigns/jwt-auth.
If I make a request without the client_id then it throws an error http://pix.toile-libre.org/upload/original/1482908288.png but when I pass the client_id and client_secret then it works fine http://pix.toile-libre.org/upload/original/1482908143.png
How can I make a JWT request in laravel 5.3 and passport with just the username and password and without specifying client_id and client_secret.
So, finally I am answering my own question. Hopefully this will help someone facing the similar problem.
JWT authentication can be done using Laravel 5.3 passport, just follow the following steps:
- Install Passport normally as described in this link https://laravel.com/docs/master/passport#installation
OR follow these steps:
- composer require laravel/passport
- add
Laravel\Passport\PassportServiceProvider::class,
to your app providers
- php artisan migrate
- php artisan passport:install
- Add
HasApiTokens
trait to your user model
- Passport::routes(); in AppServiceProvider
- Configure api driver to passport
Once done, create a UserController and add the following methods in it:
public function auth(Request $request)
{
$params = $request->only('email', 'password');
$username = $params['email'];
$password = $params['password'];
if(\Auth::attempt(['email' => $username, 'password' => $password])){
return \Auth::user()->createToken('my_user', []);
}
return response()->json(['error' => 'Invalid username or Password']);
}
public function index(Request $request)
{
return $request->user();
}
In routes/api.php, add the following routes:
Route::post('auth', 'UserController@auth');
Route::group(['middleware' => 'auth:api'], function(){
Route::resource('user', 'UserController@index');
});
Now make a POST request to http://localhost:8000/auth
with the email address and password as shown in the screenshot (http://pix.toile-libre.org/upload/original/1483094937.png) This will get you the accessToken, you can use this token to make other requests in your application with the Authorization
header and Bearer XXX
where xxx is the accessToken you received from /api/auth endpoint.
Now, make a GET request to /api/user
with the Authorization
header and the token value, this will return the authenticated user's details.
(eg: http://pix.toile-libre.org/upload/original/1483095018.png)
I have also posted these steps on my blog at http://chatterjee.pw/larvel-passport-jwt-authentication/
I hope this helps!
If you are not interested in OAuth and Client thing, you probably want to use pure JWT authentication, if so, you can check out this package:
https://github.com/miladrahimi/larajwt
It declares a new authentication driver named "jwt" to protect your authenticated routes, it provides a service to generate jwt from your users, and some other tools like logout, user model caching, filters for checking extra properties of users and so on.
$request->user(); was not working for me because the middleware is configured to web, which I also need + api. The docs are not clear about how to control for both scenarios.
I was able to get users details with get Auth Bearer + token, and on Laravel:
use Illuminate\Support\Facades\Auth;
Route::get('/user', function() {
return Auth::guard('api')->user();
});