UPDATE FOR LARAVEL 6.0+: I've seen a few comments about the above video not working in Laravel 6. There was a discussion and back-and-forth on the GitHub repo about this, and there seems to be a stable solution out there now. Run "composer require tymon/jwt-auth ^1.0.0" from your project root or update your composer file directly to reflect using version ^1.0.0 of tymon/jwt-auth.
composer require tymon/jwt-auth ^1.0.0, This works like charm till date Laravel 6.2 . Thanks for your comment Andrew, just saved some debugging time. :)
Can you please explain the process of when how do we use the refresh token? for example if I have a react native app that consumes the API then after the login, I am going to use the token that I got in first login and won't know if it is expired or no. Do I have to always check if token is expired so that I call the refresh() method or am I missing something?
9:48 How are you able to use the login route without declaring it in the routes/api.php file? I had to create one myself for the login to work Route::post('/login', 'Api\Auth\LoginController@login'); Edit: Okay, I can see the route at 11:28. Declaration must have been edited out by accident lol
Just I out curiosity, I want to know why you didn't put the whole code, inside try, while creating post? I use to put whole things inside try and the catch if there any error. Any specific reason for that??
Thank You Very Much Bro !! :D But, one thing.. I successfully created a token in one of the applications in cloud hosting. But, another app that is in the same cloud hosting returns true for JWT instead of a token. How can I Fix this ??
Hi, I do have a few questions, if you dont mind. At 7:30 when you just create a new login controller inside the api/auth folder, it creates a very basic scaffolded controller, so when you start building the login function, it has nothing else than the scaffolded lines. What I had before watching this video, was a copy-pasted login controller generated from the artisan make::auth and tried to customize it. But it requieres to user the `use AuthenticatesUsers;` at the very first line of the class, so I followed the rest of the tutorial and everything works just fine, But if I remove this line "use AuthenticatesUsers;" it stops working, even when on the video, you are not using this. Secondly, when you just copied the Controller.php inside the /api folder at 9:06, you forgot to fix the namespace, so Im wondering how is that it works. But bro, so many thanks. This just helped me a LOT!!
Those who are facing this issue after moving the controller to /Api FatalErrorException: Class App\Http\Controllers\Api\Controller; not found in file change the name space above Controller.php namespace App\Http\Controllers; ------> namespace App\Http\Controllers\Api;
How can I make sure the token is device specific - I just don't want user to use the token generated on website to use inside postman request? Also, I want user to have only one active token at one time, so if he tries to login on new device then I want old token to be revoked, how can we do this? Please explain this as well. Thanks in Advance
thank you for this tutorial, just I want to point out that the try/catch for the authentication user is a best use case to use Laravel middleware instead of putting it within a method in the controller
@@Desmait The only fields you're storing in the Db are Email and Password that you use to generate the token. After generating it, you dont store it in the database since Jwt will automatically check and verify it. If you are building a mobile application, you can save this token in shared preferences and then attach it to every request.
@@aserlink i just can't understand how to properly do registration function in controller(in case with jwt). Can you please provide some example? Thanks
@@Desmait The registration function remains the same whether with jwt or not. You simply receive your registration fields and save them in the database. Jwt comes in during login at the login function...that is where you change from session to Jwt as explained in this tutorial. If you follow the tutorial step by step, you will manage to get it up and running.
Hi Andrew, can you explain in short in plain english how would an external app consume that api.... it sends the credentials on login and in response it gets the token.... and then what? For example if this would be done with guzzle... you need to somehow have that token in all consecutive requests.... and that's the part that I'm missing/don't understand.
Hi, Your approach to create the new controller and set the default driver for auth work like a charm for me. But can you let me know why we cannot use something like middleware('auth:api') in the group routes at the api.php? (actually I tried and fail since auth()->attempts() just return boolean instead of token key ). Moreover, Is there anyway to know which is the current default driver???
Thank you very much for your efforts. I have a question please. When using this way of authentication without sending client_id and client_secret to get the access token, Does this mean that any application on the internet can use my API ? If yes, is it safe? Thank you!
Hi, Andrew nice tutorial about jwt token. I've implemented it successfully. Thanks I'll like your vscode theme and vscode font, color-code. Will u pls share these settings of vscode?? Thanks in advance...
Just a heads up: if you put that try-catch in the parent class function and it throws an the UserNotDefinedException, the "return $user->posts" statement in the PostsController will throw another exception, because it expects $user to be an instance of App\User, but the authUser() method will return a JsonResponse with an error message. The refresh method try-catch needs to catch \Tymon\JWTAuth\Exceptions\JWTException too. It will be thrown if you try to /refresh without using any token.
Taylor Otwell is planning a package to simplify this soon, you can count on a new video when that drops! In the meantime, most of this should work for 6.x but I'll go through and make sure of it!
