Community Learn Tools Library Leisure
search
English
Home > PHP Framework > Laravel > body text

Laravel development: How to implement API authentication using Laravel Passport and JWT?

WBOY
Release: 2023-06-13 23:41:58
Original
1192 people have browsed it

Laravel Development: How to implement API authentication using Laravel Passport and JWT?

API (Application Programming Interface) authentication is a common requirement in today's Internet applications. As a popular PHP framework, Laravel provides two tools, Laravel Passport and JWT (JSON Web Tokens), which can help us implement API authentication.

This article will introduce how to use Laravel Passport and JWT to implement API authentication. In the following content, we will understand the basic concepts of these two tools and how to configure and use them in Laravel applications.

What is Laravel Passport?

Laravel Passport is an OAuth2 server specially developed for the Laravel framework, which can help us build API authentication systems quickly and securely. Passport provides a set of APIs to perform the authentication process, and has internally implemented a series of authentication methods specified by the OAuth2 protocol.

Among them, OAuth2 is a standard protocol that uses proxy authorization. Proxy authorization is an authorization mechanism for obtaining access to resources on behalf of a user. The OAuth2 protocol issues "access tokens" to third-party applications to access protected resources on behalf of the user. Therefore, Passport actually plays the role of OAuth2 authentication server in Laravel applications.

What is JWT?

JWT (JSON Web Tokens) is an open standard (RFC 7519) for authentication and authorization in distributed network environments. JWT is commonly used to pass authenticated user identity information and claims between clients and servers. JWT consists of three parts: header, payload and signature.

Usually, the header contains the type of JWT and the encryption algorithm used, the payload contains user identity information and claims, and the signature is used to verify the authenticity of the JWT. When using JWT for authentication, the server determines the user's identity by decrypting the information in the JWT, thereby achieving API authentication.

Configuring Laravel Passport and JWT

Before using Laravel Passport and JWT for API authentication, we need to configure it in the Laravel application first. The following are the specific configuration steps:

Step 1: Install Laravel Passport and tymon/jwt-auth

Use composer to install Laravel Passport and tymon/jwt-auth in the command line tool:

composer require laravel/passport
composer require tymon/jwt-auth
Copy after login

Step 2: Configure Laravel Passport

In the config/app.php file, add the following service provider:

'providers' => [
    ...
    LaravelPassportPassportServiceProvider::class,
],
Copy after login

Then, run the following command to create the Passport data table: 

php artisan migrate
Copy after login

For Passport’s default authentication method “Password Grant”, we add “PassportHasApiTokens” (Passport’s default user authentication Trait) to the User model. Open the User.php file and add the following content: 

use LaravelPassportHasApiTokens;

class User extends Authenticatable
{
    use HasApiTokens, Notifiable;
    ...
}
Copy after login

Step 3: Configure JWT

First, in the config/app.php file, add JWTServiceProvider:

'providers' => [
    ...
    TymonJWTAuthProvidersLaravelServiceProvider::class,
],
Copy after login

Then , run the following command to generate the secret key required for JWT: 

php artisan jwt:secret
Copy after login

In the config/auth.php file, add the jwt guard configuration (use jwt as the guard guard option), and set the default authentication driver Set to "jwt": 

'guards' => [
    ...
    'jwt' => [
        'driver' => 'jwt',
        'provider' => 'users'
    ],
],
...
'defaults' => [
    'guard' => 'jwt',
    ...
],
Copy after login

In the config/auth.php file, add the JWT user provider users configuration (instructing to use the Eloquent model): 

'providers' => [
    ...
    'users' => [
        'driver' => 'eloquent',
        'model' => AppModelsUser::class
    ]
],
Copy after login

Use Laravel Passport and JWT API Authentication

After the preparation work is completed, we can happily implement API authentication using Laravel Passport and JWT. The following is the specific operation process:

Step 1: Register API routing

First, register the API routing in the routes/api.php file. For example, we define a GET route for obtaining user information: 

Route::middleware('auth:api')->get('/user', function (Request $request) {
    return $request->user();
});
Copy after login

Laravel's middleware auth:api is used here, which will ensure that requests from authenticated users can pass. With routing middleware, we add this step of authentication to the route.

Step 2: Create an access token

Users need an access token to access the API. We need to use password authorization access token. The specific implementation steps are as follows:

You need to first define a route to receive the user name and password provided by the user: 

Route::post('/login', function (Request $request) {
    $http = new GuzzleHttpClient;

    $response = $http->post('http://your-app.com/oauth/token', [
        'form_params' => [
            'grant_type' => 'password',
            'client_id' => 'client-id',
            'client_secret' => 'client-secret',
            'username' => $request->username,
            'password' => $request->password,
            'scope' => '',
        ],
    ]);

    return json_decode((string) $response->getBody(), true);
});
Copy after login

In the above code, we use GuzzleHttp The client sends a POST request to obtain the access token. Among them, grant_type must be "password", client_id and client_secret respectively correspond to the ID and Secret applied in Laravel Passport. After the request is successful, a JSON response will be returned containing the user's access token access_token to access the API.

Step 3: Initiate API request

We can use the obtained token access_token to send a request to the API, verify the user's identity, and obtain protected resources. When making a request to the API, you must add the Authorization key-value pair in the header, whose value is "Bearer access_token". For example: 

$accessToken = 'your-access-token';
$response = $http->withHeaders([
    'Authorization' => 'Bearer ' . $accessToken
])->get('http://your-app.com/api/user');
Copy after login

If the request is successful, the API will return user information.

Conclusion

In Laravel applications, Laravel Passport provides a powerful OAuth2 authentication protocol and API authentication function, and JWT is a safe and convenient authentication method. In actual development, we can use Laravel Passport and JWT in combination to improve the security and reliability of the API and protect user data from being stolen or tampered with by malicious attackers.

The above is the detailed content of Laravel development: How to implement API authentication using Laravel Passport and JWT?. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
laravel jwt passport
source:php.cn
Previous article:Laravel development: How to control access using Laravel Authorization? Next article:Laravel development: How to build complex queries using Laravel Query Builder?
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Latest Issues
Axios and Fetch in the browser do not carry cookies when sending requests I developed a springbootapi using jwtauth, I got the endpoint 'http://localhost:8080/api/s...
From 2024-04-04 15:59:30
0
1
350
Unable to populate my request body to test registration functionality using Postman *FIXED* I'm developing a very simple social media application where users can register, log in, cr...
From 2024-04-01 10:09:37
0
1
348
How to handle login JWT token in Vue JS? I have a token in my local storage. If I delete the token in localstorage then I don't log...
From 2024-03-30 16:39:37
0
1
275
Related Topics
More>
Popular Recommendations
Popular Tutorials
More>
Related Tutorials
Popular Recommendations
Latest courses
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template