I believe JWT(JSON Web Tokens) authentication is better especially when developing an API using laravel than the default Sanctum which comes with laravel.
Some of the benefits of JWT Web Tokens over Sanctum:
- Stateless Authentication: JWT tokens are stateless, meaning they don't rely on server-side storage and can be easily scaled across multiple servers. This can be advantageous for microservices architectures or when building APIs consumed by various clients.
- Token-Based Authentication: JWT tokens are self-contained and contain all necessary information about the user and their permissions. This makes them ideal for token-based authentication in APIs.
- Flexibility: JWT tokens can carry custom claims and metadata, providing flexibility in encoding user information. They are also widely supported by various programming languages and frameworks.
- Performance: Since JWT tokens are stateless, they can improve performance by reducing the need for server-side storage and database lookups for session data.
To use JWT in Laravel, you can use the tymon/jwt-auth package. Here's how you can install and set it up:
- Install the package via composer:
composer require tymon/jwt-auth- Publish the configuration file:
php artisan vendor:publish --provider="Tymon\JWTAuth\Providers\LaravelServiceProvider"- Generate a secret key for JWT:
php artisan jwt:secret- In your
Usermodel, implement theTymon\JWTAuth\Contracts\JWTSubjectinterface and add the required methods:
use Tymon\JWTAuth\Contracts\JWTSubject;
class User extends Authenticatable implements JWTSubject
{
// ...
public function getJWTIdentifier()
{
return $this->getKey();
}
public function getJWTCustomClaims()
{
return [];
}
}- In your
config/auth.phpfile, set the driver of theapiguard tojwt:
'guards' => [
'api' => [
'driver' => 'jwt',
'provider' => 'users',
],
],- Then in
routes/api.phpfile wrap your protected routes withjwt.authas the middleware
// Example of adding middleware to a specific route
Route::get('/example', [ExampleController::class, 'exampleMethod'])->middleware('jwt.auth');
// Example of adding middleware to a route group
Route::group(['middleware' => ['jwt.auth']], function () {
// Routes that require the middleware
Route::get('/route1', [Controller1::class, 'method1']);
Route::post('/route2', [Controller2::class, 'method2']);
});- In
AuthControllerwhere you would like to generate token includeuse Tymon\JWTAuth\Facades\JWTAuth;
//other includes ...
//jwt
use Tymon\JWTAuth\Facades\JWTAuth;
class AuthController extends Controller
{
// your code here
// Login with email and password
public function login(Request $request)
{
try {
// Validate the request data
$request->validate([
'email' => 'required|email',
'password' => 'required',
]);
// Attempt to authenticate the user
$credentials = $request->only('email', 'password');
if (! $token = JWTAuth::attempt($credentials)) {
// Authentication failed
//throw an exception with message 'Invalid Credentials'
throw new \Exception('Invalid Credentials');
}
// Authentication successful, return token
return response()->json(['message' => 'Login successful', 'token' => $token], 200);
} catch (\Exception $th) {
// Error response
return response()->json(['error_message' => 'Could not create token', 'error' => $th->getMessage()], 500);
}
}
}The token returned you can use it when making request to protected endpoints.
Now, you can use JWT for authentication in your Laravel application, and Enjoy secure JWT tokens without worry.
- Fork this repository
- Create a branch for your feature (
git checkout -b my-feature) - Make your changes and commit them (
git commit -m ':heart: My Feature') - Push to your origin branch (
git push origin my-feature) - Create a pull request