一、背景
tymon/jwt-auth 是一个基于 JWT 认证和 Laravel 框架而开发的 PHP 库,验证 JWT 令牌并通过 Eloquent ORM 提供对数据库支持。JWT 是在应用程序中生成,签名,并将其用作用户或客户端的身份验证标识符的 JSON 负载。
二、使用
tymon/jwt-auth 是一个易于安装和使用的库,它可以轻松地为您的 Laravel 应用程序提供 JWT 认证。您需要先在您的 Laravel 应用程序中安装 tymon/jwt-auth 包,使用 Composer,以便可以轻松应用 JWT 认证。
三、安装
composer require tymon/jwt-auth
php artisan vendor:publish --provider="Tymon\JWTAuth\Providers\LaravelServiceProvider"
php artisan jwt:secret
在 config/auth.php 配置文件中配置 guards 和 providers:
'guards' => [
'api' => [
'driver' => 'jwt',
'provider' => 'users',
]
],
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\Models\User::class,
]
],
确保在您的 User 模型中包含 JWTSubject 受到支持的接口,以便在生成 JWT 令牌时包括正确的所有信息。
use Tymon\JWTAuth\Contracts\JWTSubject;
use Illuminate\Foundation\Auth\User as Authenticatable;
class User extends Authenticatable implements JWTSubject
{
// ...
public function getJWTIdentifier()
{
return $this->getKey();
}
public function getJWTCustomClaims()
{
return [];
}
}
四、认证
在 jwt-auth 中,认证过程主要分为两部分:生成 JWT 令牌和验证 JWT 令牌。
1、生成 JWT 令牌
Successful authentication will return a token string that should be sent to the client alongside their authenticated user data. This token can be used to authenticate subsequent requests to any part of your application that requires authentication.
<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use App\Http\Controllers\Controller;
class AuthController extends Controller
{
/**
* 获取JWT token
*
* @param \Illuminate\Http\Request $request
*
* @return \Illuminate\Http\JsonResponse
*
*/
public function login(Request $request)
{
$credentials = $request->only(['email', 'password']);
if (!$token = Auth::attempt($credentials)) {
return response()->json(['message' => 'Unauthorized'], 401);
}
return $this->respondWithToken($token);
}
/**
* 返回JWT token
*
* @param string $token
*
* @return \Illuminate\Http\JsonResponse
*
*/
protected function respondWithToken($token)
{
return response()->json([
'access_token' => $token,
'token_type' => 'bearer',
'expires_in' => auth()->factory()->getTTL() * 60
]);
}
}
?>
2、验证 JWT 令牌
JWT tokens sent with requests to your application should be included in the Authorization header using the Bearer authentication scheme.
<?php
namespace App\Http\Controllers;
use Illuminate\Support\Facades\Auth;
use App\Http\Controllers\Controller;
class UserController extends Controller
{
/**
* 受保护的路由
*
* @return \Illuminate\Http\JsonResponse
*/
public function index()
{
$users = Auth::user();
return response()->json(['users' => $users]);
}
}
?>
五、更多功能
1、自定义响应
可以使用 JWT-auth 自定义响应,只需在 config/jwt.php 配置文件中添加以下内容:
'custom' => [
'claim_to_return' => 'value_to_return',
'user_object' => 'App\\User',
'some_value' => 'some_value',
],
发出响应时,JWT-auth 将发布此对象:
{"some_value": "some_value", "claim_to_return": "value_to_return", "user_object": { ... }}
2、更新令牌
public function refresh() {
$token = JWTAuth::getToken();
try {
$token = JWTAuth::refresh($token);
} catch (TokenExpiredException $e) {
throw new HttpResponseException(response()->json([
'token_expired'
], $e->getStatusCode()));
} catch (JWTException $e) {
throw new HttpResponseException(response()->json([
'token_invalid'
], $e->getStatusCode()));
}
return response()->json([
'token' => $token,
'token_type' => 'bearer',
'expires_in' => auth()->factory()->getTTL() * 60
]);
}
3、各平台的 Token 格式
JWTAuth::fromUser($user, [
'platform' => 'ios'
])
总结
通过学习 tymon/jwt-auth 和 JWT 认证,我们可以轻松实现 Laravel API 应用程序的身份验证,确保在您的 API 应用程序中使用保护的路由时,用户必须登录并提供正确的凭据。
