A quick word about a problem I faced while deploying on Production.

Don't forget to clear your config cache if you use php artisan config:cache and all these optimizations commands.

php artisan config:clear

I lost some precious time trying to understand what didn't work as config/auth.php needs to be modified.

That's all, mates. Take care.

Hi @hernandev, me again hehe, I think it would be very good if this project had a contributing guide so that other developers don't make the same mistake I did when I've opened the PR #18, sending to the master branch instead of develop, what you think?

Hi,

I found small bug. When I try run command php artisan jwt:generate then I get this error:

[ReflectionException]
  Method Codecasts\Auth\JWT\Console\KeyGenerateCommand::handle() does not exist

PS. I executed composer dump-autoload before.

Could you fix it?

Token from User Credentials.

This method should be used when you just registered a user and any other special cases.

I think this should be "This method should be used when you want to authenticate a user and any other special cases." because the function

public function tokenFromCredentials(Guard $auth, Request $request)
{
    // get some credentials
    $credentials = $request->only(['email', 'password']);

    if ($auth->attempt($credentials)) {
       return $token = $auth->issue();
    }

    return ['Invalid Credentials'];
}

really looks like the one in https://laravel.com/docs/5.6/authentication#authenticating-users section.

public function authenticate(Request $request)
{
    $credentials = $request->only('email', 'password');

    if (Auth::attempt($credentials)) {
        // Authentication passed...
        return redirect()->intended('dashboard');
    }
}

If I have a token, how can I retrieve the user for the token?

I've found findUserByToken but it's a protected method.

Authenticating with a token seems like basic functionality.

Cheers.

Ao executar php artisan vendor:publish --provider="Codecasts\Auth\JWT\ServiceProvider", surge a seguinte mensagem: Can't locate path: <0>
Publishing complete.

E não cria o arquivo de configuração em config.

Laravel 5.4.*
PHP 7.1
Ubuntu 16.04

I see the default (and only) option with this library is HS-256.

That's a perfectly viable option, but I'm curious to know if you've considered adding support RS-256 or RS-512 key pairs?

I really like the simplicity this library affords; seeing these added would be great.

"Method Codecasts\Auth\JWT\Console\KeyGenerateCommand::handle() does not exist"

Need to change handle to fire for 5.5

After installation strictly according to the instructions, I have a exception:

Unresolvable dependency resolving [Parameter #0 [ $app ]] in class Codecasts\Auth\JWT\Auth\Guard in Container.php (line 910)

Laravel 5.4.28

I did:

1. composer require codecasts/laravel-jwt
2. added service provider Codecasts\Auth\JWT\ServiceProvider::class
3. published vendor files
4. generated and added secret to .env
5. changed driver in api guards to 'jwt'

PHP 7.1.6-1~ubuntu16.04.1+deb.sury.org+1 (cli) (built: Jun 9 2017 08:26:34) ( NTS )
Laravel 5.5.11
Laravel-jwt: ^0.8.5

The error occurs when running php artisan jwt:generate.

The error:

  [ReflectionException]                                                          
  Method Codecasts\Auth\JWT\Console\KeyGenerateCommand::handle() does not exist 

Hi @hernandev!
I`m using your package with Laravel 5.5 and, despite the fix in PR #17, I was able to use it by manually adding a secret to the config file.

My question is: can I make a PR to add package autodiscovery, or should I wait until PR #17 is closed?

Hi,
im new to laravel and im learning.
after a bad test with the outdate 0.5 tymothy package, i found this one.
it automagic installed, and that was great :)

but is there any specific issue to not write the generated key to the .env file?

Was looking for a Tymon JWT alternative and found this repo. Looks nice but noticed, for example, that logout functionality is not implemented. So I was wondering if this repo is ready for production or are there any other unknown unfinished parts? Thanks.

I want to have multiple secret keys for better security (related to #25).
In my application each tenant have a secret key saved in the database, so I need a way to change the key set in Codecasts\Auth\JWT\Token\Manager.

I tried to change the config inside a middleware:

Config::set('jwt.secret', $tenant->jwt_secret);

but the Manager is initialized before the middleware runs, so the change is irrelevant.

I need a way to change the key in the config before the Manager is initialized or a way to change the key afterwards.

When running php artisan jwt:generate get the following error:

ERROR: Method Codecasts\Auth\JWT\Console\KeyGenerateCommand::handle() does not exist {"exception":"[object] (ReflectionException(code: 0): Method Codecasts\\Auth\\JWT\\Console\\KeyGenerateCommand::handle() does not exist

Using: laravel/framework (v5.5.12) & codecasts/laravel-jwt (0.8.5)

I can call $guard->logout() successfully, but then I can use that same token for the user I just logged out to call authenticated routes afterwards.

Looking at the function, it doesn't look like it's doing anything. Has this been implemented yet?

I do use the authorization header with a valid jwt token,
but if one of my routes also expects a token parameter (device token registration, for instance)

the query token is used instead as an authentication token, and the authorization header is ignored.

Not exactly an issue, but had to ask this question. Can this be used with multiple guards? If yes then how to configure it?

In my config/auth.php

    'guards' => [
        'user' => [
            'driver' => 'jwt',
            'provider' => 'users',
        ],

        'staff' => [
            'driver' => 'jwt',
            'provider' => 'staff',
        ],
    ],

I am trying to do something like this.

Hi folks,

I've implemented this lib in my project, but i had a problem: i want to generate a token that never expires, but i haven't found a way to do it

thanks

Hi,

I wanted to know the compatibility w/ Laravel 8 and PHP 7.4 / 8 ?

Thank you

Am I missing something?

Using this with Laravel 5.5, testing expired tokens.

Set the timeout to 1 minute.

Works before it times out, then after 1 minute when I make the call, rather than returning a 401 "Expired Token" it does a 302 redirect to /auth/login

Am I crazy or is something not working right there?

Looking inside the Guard, I see that the token is validated and then the user is retrieved by id:

// Codecasts\Auth\JWT\Auth\Guard

protected function findUserByToken(Token $token)
{
    // retrieves the user ID from the token.
    $id = $token->getClaim('sub');

    // use the users provider to find the token subject (user) but it's id (subject)
    return $this->provider->retrieveById($id);
}

But I have a security problem:

I use multiple databases (for a multi tenant Saas application), one database per tenant, each database have its own users table. When the application start, I select the correct database connection based on a custom 'Tenant' header.

The problem is that I have many users with the same id, because they come from different databases, so the same token is valid for all users with the same id. This causes that one user can login into another database just by changing the 'Tenant' header.

I need a way to validate the token or select the user in a different way, taking into consideration the 'Tenant' header.

Any ideas? Thanks.

Not detecting the \Illuminate\Auth\Events\Login event. This should be true for all auth events (I havent tested them) as the Codecasts\Auth\JWT\Auth\Guard::$events is not set.

Possible solution is to change the constructor but think it should be set by the framework somewhere.

    /**
     * JWT Guard constructor.
     *
     * @param \Illuminate\Contracts\Foundation\Application $app
     * @param string $name
     * @param \Illuminate\Contracts\Auth\UserProvider $provider
     * @param \Codecasts\Auth\JWT\Contracts\Token\Manager $manager
     */
    public function __construct($app, $name, $provider, $manager)
    {
        // assign constructor arguments into instance scope.
        $this->app = $app;
        $this->name = $name;
        $this->provider = $provider;
        $this->manager = $manager;
        $this->setDispatcher($this->app['events']); //add this to ensure $events has properly populated dispatcher
    }

Help,

Oque eu passo de parâmetro pra essa função ?

I'm working under API and I don't want to dispatch a login route redirect, I just want to throw a json error message and 401 status code. Is it possible?

Can not use the email, I would like to use app_id and app_key

I follow the instructions step by step, but throw Exception
Method issue() does not exist.
Any Idea what is wrong?

My code:

function login(Guard $auth){
$user2 = User::find(1);
$auth->login($user2);
$token = $auth->issue();
return $token;
}

Seems like this project is not maintained anymore?

The last couple of issues had a response like "Will fix this today" but both branches did not have any changes accordingly.

if you Google for "Laravel jwt" this package is quite high up in the ranking, so maybe add a notice about it not being ready to use ?

Would you allow me to fork this repository? because its 80% of what i need, and i dont feel like writing it from scratch if i don't have to.

• Xantios

How do I decode a token getting by Auth::getToken()?
Is there any other way to get decoded token?