codecasts / laravel-jwt Goto Github PK
View Code? Open in Web Editor NEWDead simple, plug and play JWT API Authentication for Laravel (5.4+)
License: MIT License
Dead simple, plug and play JWT API Authentication for Laravel (5.4+)
License: MIT License
Ao executar php artisan vendor:publish --provider="Codecasts\Auth\JWT\ServiceProvider", surge a seguinte mensagem: Can't locate path: <0>
Publishing complete.
E não cria o arquivo de configuração em config.
Laravel 5.4.*
PHP 7.1
Ubuntu 16.04
I do use the authorization header with a valid jwt token,
but if one of my routes also expects a token parameter (device token registration, for instance)
the query token is used instead as an authentication token, and the authorization header is ignored.
Not exactly an issue, but had to ask this question. Can this be used with multiple guards? If yes then how to configure it?
In my config/auth.php
'guards' => [
'user' => [
'driver' => 'jwt',
'provider' => 'users',
],
'staff' => [
'driver' => 'jwt',
'provider' => 'staff',
],
],
I am trying to do something like this.
I follow the instructions step by step, but throw Exception
Method issue() does not exist.
Any Idea what is wrong?
My code:
function login(Guard $auth){
$user2 = User::find(1);
$auth->login($user2);
$token = $auth->issue();
return $token;
}
I see the default (and only) option with this library is HS-256.
That's a perfectly viable option, but I'm curious to know if you've considered adding support RS-256 or RS-512 key pairs?
I really like the simplicity this library affords; seeing these added would be great.
PHP 7.1.6-1~ubuntu16.04.1+deb.sury.org+1 (cli) (built: Jun 9 2017 08:26:34) ( NTS )
Laravel 5.5.11
Laravel-jwt: ^0.8.5
The error occurs when running php artisan jwt:generate
.
The error:
[ReflectionException]
Method Codecasts\Auth\JWT\Console\KeyGenerateCommand::handle() does not exist
Am I missing something?
Using this with Laravel 5.5, testing expired tokens.
Set the timeout to 1 minute.
Works before it times out, then after 1 minute when I make the call, rather than returning a 401 "Expired Token" it does a 302 redirect to /auth/login
Am I crazy or is something not working right there?
After installation strictly according to the instructions, I have a exception:
Unresolvable dependency resolving [Parameter #0 [ $app ]] in class Codecasts\Auth\JWT\Auth\Guard in Container.php (line 910)
Laravel 5.4.28
I did:
"Method Codecasts\Auth\JWT\Console\KeyGenerateCommand::handle() does not exist"
Need to change handle to fire for 5.5
If I have a token, how can I retrieve the user for the token?
I've found findUserByToken
but it's a protected method.
Authenticating with a token seems like basic functionality.
Cheers.
Hi @hernandev, me again hehe, I think it would be very good if this project had a contributing guide so that other developers don't make the same mistake I did when I've opened the PR #18, sending to the master
branch instead of develop
, what you think?
Seems like this project is not maintained anymore?
The last couple of issues had a response like "Will fix this today" but both branches did not have any changes accordingly.
if you Google for "Laravel jwt" this package is quite high up in the ranking, so maybe add a notice about it not being ready to use ?
Would you allow me to fork this repository? because its 80% of what i need, and i dont feel like writing it from scratch if i don't have to.
Hi @hernandev!
I`m using your package with Laravel 5.5 and, despite the fix in PR #17, I was able to use it by manually adding a secret to the config file.
My question is: can I make a PR to add package autodiscovery, or should I wait until PR #17 is closed?
Hi,
I wanted to know the compatibility w/ Laravel 8 and PHP 7.4 / 8 ?
Thank you
Hi,
I found small bug. When I try run command php artisan jwt:generate
then I get this error:
[ReflectionException]
Method Codecasts\Auth\JWT\Console\KeyGenerateCommand::handle() does not exist
PS. I executed composer dump-autoload
before.
Could you fix it?
Help,
Oque eu passo de parâmetro pra essa função ?
When running php artisan jwt:generate
get the following error:
ERROR: Method Codecasts\Auth\JWT\Console\KeyGenerateCommand::handle() does not exist {"exception":"[object] (ReflectionException(code: 0): Method Codecasts\\Auth\\JWT\\Console\\KeyGenerateCommand::handle() does not exist
Using: laravel/framework (v5.5.12) & codecasts/laravel-jwt (0.8.5)
A quick word about a problem I faced while deploying on Production.
Don't forget to clear your config cache if you use php artisan config:cache
and all these optimizations commands.
php artisan config:clear
I lost some precious time trying to understand what didn't work as config/auth.php
needs to be modified.
That's all, mates. Take care.
Looking inside the Guard, I see that the token is validated and then the user is retrieved by id:
// Codecasts\Auth\JWT\Auth\Guard
protected function findUserByToken(Token $token)
{
// retrieves the user ID from the token.
$id = $token->getClaim('sub');
// use the users provider to find the token subject (user) but it's id (subject)
return $this->provider->retrieveById($id);
}
But I have a security problem:
I use multiple databases (for a multi tenant Saas application), one database per tenant, each database have its own users table. When the application start, I select the correct database connection based on a custom 'Tenant' header.
The problem is that I have many users with the same id, because they come from different databases, so the same token is valid for all users with the same id. This causes that one user can login into another database just by changing the 'Tenant' header.
I need a way to validate the token or select the user in a different way, taking into consideration the 'Tenant' header.
Any ideas? Thanks.
Can not use the email, I would like to use app_id and app_key
I can call $guard->logout()
successfully, but then I can use that same token for the user I just logged out to call authenticated routes afterwards.
Looking at the function, it doesn't look like it's doing anything. Has this been implemented yet?
Hi folks,
I've implemented this lib in my project, but i had a problem: i want to generate a token that never expires, but i haven't found a way to do it
thanks
I'm working under API and I don't want to dispatch a login route redirect, I just want to throw a json error message and 401 status code. Is it possible?
Token from User Credentials.
This method should be used when you just registered a user and any other special cases.
I think this should be "This method should be used when you want to authenticate a user and any other special cases." because the function
public function tokenFromCredentials(Guard $auth, Request $request)
{
// get some credentials
$credentials = $request->only(['email', 'password']);
if ($auth->attempt($credentials)) {
return $token = $auth->issue();
}
return ['Invalid Credentials'];
}
really looks like the one in https://laravel.com/docs/5.6/authentication#authenticating-users section.
public function authenticate(Request $request)
{
$credentials = $request->only('email', 'password');
if (Auth::attempt($credentials)) {
// Authentication passed...
return redirect()->intended('dashboard');
}
}
Was looking for a Tymon JWT alternative and found this repo. Looks nice but noticed, for example, that logout functionality is not implemented. So I was wondering if this repo is ready for production or are there any other unknown unfinished parts? Thanks.
Not detecting the \Illuminate\Auth\Events\Login
event. This should be true for all auth events (I havent tested them) as the Codecasts\Auth\JWT\Auth\Guard::$events is not set.
Possible solution is to change the constructor but think it should be set by the framework somewhere.
/**
* JWT Guard constructor.
*
* @param \Illuminate\Contracts\Foundation\Application $app
* @param string $name
* @param \Illuminate\Contracts\Auth\UserProvider $provider
* @param \Codecasts\Auth\JWT\Contracts\Token\Manager $manager
*/
public function __construct($app, $name, $provider, $manager)
{
// assign constructor arguments into instance scope.
$this->app = $app;
$this->name = $name;
$this->provider = $provider;
$this->manager = $manager;
$this->setDispatcher($this->app['events']); //add this to ensure $events has properly populated dispatcher
}
I want to have multiple secret keys for better security (related to #25).
In my application each tenant have a secret key saved in the database, so I need a way to change the key set in Codecasts\Auth\JWT\Token\Manager
.
I tried to change the config inside a middleware:
Config::set('jwt.secret', $tenant->jwt_secret);
but the Manager is initialized before the middleware runs, so the change is irrelevant.
I need a way to change the key in the config before the Manager is initialized or a way to change the key afterwards.
Hi,
im new to laravel and im learning.
after a bad test with the outdate 0.5 tymothy package, i found this one.
it automagic installed, and that was great :)
but is there any specific issue to not write the generated key to the .env file?
How do I decode a token getting by Auth::getToken()?
Is there any other way to get decoded token?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.