New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Any guide how to use on Laravel 5.5? #1316
Comments
I got it working by doing this: Add Add the service provider to the providers array in your app.php config: Next, also in the app.php config file,add the JWTAuth facade and JWTFactory facade:
Run: Your user model should look like this:
Authentication controller:
That's it. |
Note that on the newest version (rc1) you shouldn't need to add the ServiceProvider to the app.php file anymore since it's compatible with Laravel 5.5's automatic discovery feature. |
And how do i install this new version? |
@andreolvr It really helps,but there is a little wrong.
because command "jwt:generate" is not defined. |
Thanks, @donng. Already edited it. |
"Type error: Argument 1 passed to Tymon\JWTAuth\JWT::fromUser() must be an instance of Tymon\JWTAuth\Contracts\JWTSubject, instance of App\User given, called in C:\xampp\htdocs\laravel55\vendor\tymon\jwt-auth\src\JWTAuth.php on line 54" |
@php2020 you should modify your App\User , it should implement JWTSubject ,just see the second answer. |
@donng |
@php2020 When does that exception get thrown exactly? When a HTTP Request hits your middleware, or when you manually try to validate a token? Can you share some sample code please? |
`<?php namespace App\Http\Controllers; use Illuminate\Http\Request; class AuthController extends Controller
}` routes/api.php |
@php2020 Have you set a "JWT_SECRET" in your .env file?
e.g.
|
@mbezhanov This will invalidate all existing tokens. Are you sure you want to override the secret key? (yes/no) [no]:
jwt-auth secret [Pq5nm2BLxo1sClPJhH65X3pTWfyXzh41] set successfully.` My fault, before .env was not covered, I can get user! thank you! |
@php2020 I personally use the built-in
With this middleware, if a JWT token is invalid or expired, a HTTP 401 status code will be returned. My JS clients (API clients) then react to the 401 responses, by attempting to obtain a new token, and redirecting to a login page upon failure, where the user is supposed to re-type her username and password, in order to obtain a new token. Not sure this is the best way out there, but that's what I've been doing so far with good success. |
I installed the newest version (rc1), but the config/jwt.php file wasn't created, is it normal? |
@andreolvr did you run:
This is what creates the |
@mbezhanov How exactly do you refresh a token? I followed @andreolvr example above, but now I have an expired token that can't be refreshed. I'm wondering how you do that? |
@lomholdt Generally speaking, I use the
What this does is that whenever you issue a request to On the JS side, there are many possible solutions, and I haven't heard of a particular one to be considered a standard (please feel free to correct me here if you know of a standardized one) The most secure one, I guess, would be to renew your token on every HTTP request to the API - I've read that certain APIs do this. However, I feel that this may be a bit too much, so I prefer to use a simpler solution, where I have my JS client keep track of the expiration time of the current token (stored in the "exp" claim) and have it renew the token before it expires. How this works in practice: let's say the API issues a token having an expiration time of 20 minutes. If the client detects that there are less than 10 minutes left before the token expires, it will go ahead and make a new request to "/auth/renew", in order to obtain a new token. That way the JS client will never log you out, as long as there is a reasonable amount of activity, and if there's not - the token will expire, so the user will have to reauthenticate using username and password, in order to obtain a token. Alertnatively, you can refresh an expired token, by using the
With this middleware, you can have your JS Client intercept 401 errors, and attempt to refresh the token by calling the |
@mbezhanov Thanks a million! This was really helpfull! I got the refresh working! Do you know if it's possible to refresh an expired token with the refresh middleware? Or will it only refresh a valid token. |
@lomholdt |
@mbezhanov I have everything working now! Thanks a million! Very much appreciated. |
Hi guys. I'm trying to use multi-authentication, so in my controller on constructor, based on the routes, I add the code Is there any better way to do this? |
I updated composer with this requirement |
hi guys, i tried to make the token last forever by changing the ttl to null and removing the 'exp' from required claims but when i try to authenticate (create a token via a login request) i always get a 'token has expired' exception. |
@wapnen In
Finally do:
...and it should work (tested and working on the |
@maximilianfixl thanks man..it worked..thanks alot! |
When I call:
I've got the fowling error: why is that? thanks in advance |
Do you have |
How can I inject generated token to authenticated user and then response it ? |
@billsion assuming you are using version However, it looks to me that you may be having an issue with an older version, as @ahmadbadpey can you clarify your question please? |
@mbezhanov so the workflow to do the refresh is when it is caught as unauthorized (401) by the interceptor then we're just gonna do a refresh with the token? then re-set the default authorization header for the next request |
hello! im getting this error "Symfony\Component\Debug\Exception\FatalThrowableError" any ideea? |
HooOoo0ooW?
The text was updated successfully, but these errors were encountered: