Community Learn Tools Library Leisure
search
English
Home > PHP Framework > Laravel > laravel jwt delete

laravel jwt delete

王林
Release: 2023-05-29 09:31:36
Original
693 people have browsed it

Preface

In the process of using Laravel and JWT for web development, you may encounter the situation of deleting JWT. This article will introduce how to delete JWT in the Laravel framework.

Necessity of deleting JWT

JWT solves user authentication and authorization problems very well, but in some cases, you may need to delete JWT. Here are some reasons why:

  1. Security Issues: Compromised or compromised JWTs can lead to serious security vulnerabilities.
  2. Abuse issues: If your application is collecting data about user activity, you may need to remove the JWT to stop collecting data when the user logs out or exits the application.
  3. For debugging: Removing the JWT can help you re-simulate the user's login flow.

Steps to delete a JWT

To delete a JWT, there are three steps:

  1. Revoke a JWT: A JWT can be revoked, thereby making it invalid . To achieve this, you need to maintain a blacklist of stored JWTs.
  2. Modify the validity period of JWT: You can set the validity period of JWT to a shorter period of time to ensure that potentially stolen JWTs expire faster.
  3. Delete JWTs: You can ask users to delete JWTs manually or by writing code to delete them.

We will explain these steps in more detail.

Revoke JWT

JWT revocation requires you to maintain a JWT blacklist. When a user logs out or exits the application, add the user's JWT to the blacklist. When a user attempts to access your application using this JWT, your application checks whether the JWT is on the blacklist. If it is, the user is not allowed to enter your application. Here are the steps to achieve this:

Step 1: Create a middleware

Create a middleware named "JwtBlacklist". 

php artisan make:middleware JwtBlacklist
Copy after login

Step 2: Write code

Write the following code in the handle method of the middleware:

public function handle($request, Closure $next)
{
    $token = $request->bearerToken();

    if(auth()->check()){
        auth()->logout();
        JWTAuth::invalidate(JWTAuth::getToken());
        return response()->json(['message' => 'Logout successful']);
    }elseif($token){
        try {
            JWTAuth::parseToken()->authenticate();
            JWTAuth::invalidate(JWTAuth::getToken());
            return response()->json(['message' => 'Logout successful']);
        } catch (JWTException $e) {
            // ignore errors
        }
    }

    return $next($request);
}
Copy after login

Step 3: Register the middleware

In the app Register middleware in the $routeMiddleware array of the /Http/Kernel.php file. 

'jwt.blacklist' => AppHttpMiddlewareJwtBlacklist::class,
Copy after login

Modify the validity period of JWT

JWT consists of three parts, namely the header (Base64-encoded JSON object), the payload (Base64-encoded JSON object) and the signature. Therefore, you can change the validity period in the load.

In Laravel/JWT, you can use the following code: 

public function login(Request $request) {
    $credentials = $request->only('email', 'password');

    if ($token = JWTAuth::attempt($credentials, ['exp' => Carbon::now()->addHours(24)->timestamp])) {
        return response()->json(['message' => 'Success', 'token' => $token]);
    }

    return response()->json(['error' => 'Unauthorized'], 401);
}
Copy after login

In the above code, we set the validity period of the JWT to 24 hours.

Delete JWT

If you require users to manually delete a JWT, you need to clearly tell the user this information. You can provide a button or link for the logout action so that the user can delete the JWT.

If you want to delete the JWT by writing code, you can add the following code to your controller: 

public function logout(Request $request) {
    JWTAuth::invalidate(JWTAuth::getToken());
    return response()->json(['message' => 'Logout successful']);
}
Copy after login

This controller will delete the JWT when the user clicks the logout button.

Conclusion

This article describes how to delete JWT in Laravel and JWT. You can do this by revoking, modifying the JWT's validity period, and deleting the JWT. If you have any questions or queries, please leave a message in the comment area and I will reply as soon as possible.

The above is the detailed content of laravel jwt delete. For more information, please follow other related articles on the PHP Chinese website!

source:php.cn
Previous article:laravel field value increase Next article:How to obtain laravel framework
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Latest Issues
function_exists() cannot determine the custom function Function test () {return true;} if (function_exists ('test')) {echo "test is function...
From 2024-04-29 11:01:01
0
3
2060
How to display the mobile version of Google Chrome Hello teacher, how can I change Google Chrome into a mobile version?
From 2024-04-23 00:22:19
0
11
2215
The child window operates the parent window, but the output does not respond. The first two sentences are executable, but the last sentence cannot be implemented.
From 2024-04-19 15:37:47
0
1
1870
There is no output in the parent window document.onclick = function(){ window.opener.document.write('I am the output of the child ...
From 2024-04-18 23:52:34
0
1
1753
Where is the courseware about CSS mind mapping? Courseware
From 2024-04-16 10:10:18
0
0
1779
Related Topics
More>
Popular Recommendations
Popular Tutorials
More>
Related Tutorials
Popular Recommendations
Latest courses
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template