[NOT REQUIRED ANY MORE from 1.0.11] Attention!
After plugin installation you need to copy /plugins/vdomah/jwtauth/config/auth.php to {root}/config/auth.php, otherwise you'll got an error.
JWT Auth API
JSON Web Token Authentication for your OctoberCMS API integrated with RainLab.User
This plugin provides token based authentication to your application. Is based on the awesome package JSON Web Token Authentication for Laravel & Lumen by Sean Tymon.
Requirements
- RainLab.User plugin
You may like my other plugins
- Stripe for Shopaholic - Stripe payment gateway for Shopaholic
- 2-FactorAuth - protect your front-end authentication with 2-factor protection
- Mail Telegram - Send site mail to your Telegram account using bot
- BlogViews - track blog posts views
- Excel - excel import-export tools
- Roles - manage user access based on roles system
The following plugin is required
The following plugin extends or depends on the plugin
JWT Auth API
JSON Web Token Authentication for your OctoberCMS API integrated with RainLab.User
This plugin provides token based authentication to your application. Is based on the awesome package JSON Web Token Authentication for Laravel & Lumen by Sean Tymon.
Requirements
RainLab.User plugin
Installation
-
[NOT REQUIRED ANY MORE] After plugin installation you need to copy /plugins/vdomah/jwtauth/config/auth.php to {root}/config/auth.php. If you want to change parameters values of auth.php you can use environment variables in .env (see "Environment options" section). {root}/config/auth.php is still supported and got priority highest then /plugins/vdomah/jwtauth/config/auth.php.
-
Generate JWT Authentication Secret. It will be used to sign your tokens. You got 2 options:
- generate using command line:
php artisan jwt:generateYou need to assign the generated value to JWT_SECRET in your .env.
- go to Backend > Settings > JWTauth settings and click Generate Secret Key and save. This value has the highest priority and will override JWT_SECRET value from .env.
- generate using command line:
Endpoints
The plugin provides 4 endpoints:
-
/api/login
Makes attempt to authenticate and returns token if succeeded. Also the basic user info is included in the response. By defult expects 2 parameters to receive: email and password.
-
/api/signup
Tries to create a user and returns token if succeeded. The user info is included in the response. By default expects 3 parameters to receive: email, password and password_confirmation.
-
/api/refresh
Tries to refresh the token and return the new token. By default expects 1 parameter: token.
-
/api/invalidate
Tries to invalidate the given token - this can be used as an extra precaution to log the user out. By default expects 1 parameter: token.
Environment options
You're free to define any of this option in your project root .env.
JWT config
| Variable | Default |
|---|---|
| JWT_SECRET | |
| JWT_TTL | 60 |
| JWT_REFRESH_TTL | 20160 |
| JWT_ALGO | HS256 |
| JWT_USER_CLASS | RainLab\User\Models\User |
| JWT_IDENTIFIER | id |
| JWT_BLACKLIST_ENABLED | true |
| JWT_PROVIDERS_USER | Tymon\JWTAuth\Providers\User\EloquentUserAdapter |
| JWT_PROVIDERS_JWT | Tymon\JWTAuth\Providers\JWT\NamshiAdapter |
| JWT_PROVIDERS_AUTH | Tymon\JWTAuth\Providers\Auth\IlluminateAuthAdapter |
| JWT_PROVIDERS_STORAGE | Tymon\JWTAuth\Providers\Storage\IlluminateCacheAdapter |
Laravel auth config
| Variable | Default |
|---|---|
| AUTH_DEFAULT_GUARD | web |
| AUTH_DEFAULT_PASSWORDS | users |
| AUTH_GUARDS_WEB_DRIVER | session |
| AUTH_GUARDS_WEB_PROVIDER | users |
| AUTH_GUARDS_API_DRIVER | token |
| AUTH_GUARDS_API_PROVIDER | users |
| AUTH_PROVIDERS_USERS_DRIVER | eloquent |
| AUTH_PROVIDERS_USERS_MODEL | \RainLab\User\Models\User |
| AUTH_PASSWORDS_USERS_PROVIDER | users |
| AUTH_PASSWORDS_USERS_EMAIL | auth.emails.password |
| AUTH_PASSWORDS_USERS_TABLE | password_resets |
| AUTH_PASSWORDS_USERS_EXPIRE | 60 |
Extending
How to use this in another plugin?
Simply add ->middleware('\Tymon\JWTAuth\Middleware\GetUserFromToken') to the end of the route in the plugin's routes.php
eg:
Route::post('test', function (\Request $request) {
return response()->json(('The test was successful'));
})->middleware('\Tymon\JWTAuth\Middleware\GetUserFromToken');
Then when making the request set the header "Authorization" to "Bearer {yourToken}"
How to define own set of user attributes in response?
For sign up and sign in add corresponding methods getAuthApiSignupAttributes or/and getAuthApiSigninAttributes to User model by extending it in your plugin's boot method:
User::extend(function($model) {
$model->addDynamicMethod('getAuthApiSignupAttributes', function () use ($model) {
return [
'my-attr' => $model->my_attr,
];
});
});
-
Quivi
Found the plugin useful on 31 Aug, 2020
Hi, the plugin seems great but I just stumbled upon on this error which seems too big to be true :-) On a fresh install of october on docker I installed the Rainlab User plugn and this plugin but as I try the /api/login route (with POST method) I get this error:
Auth guard [] is not defined. /var/www/html/vendor/laravel/framework/src/Illuminate/Auth/AuthManager.php
Did anyone ever meet this error?
-
Aleksandr
Found the plugin useful on 12 May, 2020
Hello! Is there an option to get user by token inside my own backend logic ?
-
Art author
Replied on 13 May, 2020
Yes, you can use this method:
JWTAuth::toUser($token)
-
Candra
Found the plugin useful on 21 Apr, 2020
Hi, I just installed this plugin, copied the config file. but when I try to access the frontend (any pages), I got this error:
development.ERROR: Symfony\Component\Debug\Exception\FatalErrorException: Class 'Tymon\JWTAuth\Providers\JWTAuthServiceProvider' not found in /var/www/october/plugins/vdomah/jwtauth/classes/JWTAuthServiceProvider.php:5
can you help me with that?
-
Art author
Replied on 21 Apr, 2020
Hello! Can you please try to install tymon/jwt-auth manually from command line? By running composer require tymon/jwt-auth. If that will not help, please create support topic in plugin's support forum section and we'll find the solution. Thanks for reporting
-
Alvaro Salcedo
Found the plugin useful on 8 Feb, 2020
Great plugin, thank you!
It would be amazing if the data could be updated.
-
Shohabbos
Found the plugin useful on 12 Dec, 2019
Nice plugin!! Thank you
-
Art author
Replied on 12 Dec, 2019
Glad you you like it!
-
Alvaro Cánepa
Found the plugin useful on 19 Aug, 2019
Is the best option for Auth API OC. I use it in my projects with vuejs and work great!
Thanks for your work!!!
-
Art author
Replied on 12 Dec, 2019
Thanks for review!
-
Sasha Raimov
Found the plugin useful on 27 Jul, 2019
A good plugin, installed and ready 50% of the API. thanks to the developer)))
-
Art author
Replied on 27 Jul, 2019
Thanks for review and for helping with Authorization header issue!
-
qross
Found the plugin useful on 27 Feb, 2018
Hi, It's nice plugin. But I've got an error with ReflectionException says that jwt.auth does not exists. I tried to call middleware() in routes.php of other plugin (ahmadfatoni.apigenerator). It could be lack of basic knowledge of Laravel or October cause I'm very new to them. Do you have any sugesstion so that I solve the error?
-
Art author
Replied on 27 Feb, 2018
Hi! Thanks for pointing this issue. Seems that after update to Laravel 5.5 the jwt.auth alias no longer works. But now you can use ->middleware('\Tymon\JWTAuth\Middleware\GetUserFromToken') with same result.
-
Chris
Found the plugin useful on 14 Sep, 2017
:) Thanks Art Gek.
https://github.com/vdomah/oc-jwtauth
How to use this in another plugin?
Simply add ->middleware('jwt.auth') to the end of the route in the plugin's routes.php
eg:
Route::post('test', function (\Request $request) { return response()->json(('The test was successful')); })->middleware('jwt.auth');
Then when making the request set the header "Authorization" to "Bearer {yourToken}"
-
Oleksiy Roshchyn
Found the plugin useful on 17 Jun, 2017
Great plugin. Works like it should. I used it inside my login routes. And disabled the default once. Thanks Art Gek
-
Art author
Replied on 18 Jun, 2017
Glad it was useful =)
-
| 1.0.12 |
Possibility to disable each endpoint in backend settings May 14, 2020 |
|---|---|
| 1.0.11 |
!!! auth.php copying to root/config/ is not required any more. .env options support added to override auth.php and config.php May 01, 2020 |
| 1.0.10 |
Backend settings to set secret key, signup/login configurable request params. Apr 30, 2020 |
| 1.0.9 |
!!! Generate JWT Authentication Secret using php artisan jwt:generate and assign generated value to JWT_SECRET in .env Jan 14, 2020 |
| 1.0.8 |
JWT Authentication Secret default value removed from config file. README updated about how to generate the secret. Jan 14, 2020 |
| 1.0.7 |
Compability with OctoberCMS builds > 454 (Authenticatable trait removed) Jul 25, 2019 |
| 1.0.6 |
Update README about creating route in another plugin. Feb 27, 2018 |
| 1.0.5 |
/refresh and /invalidate endpoints back. Feb 27, 2018 |
| 1.0.4 |
Ability to define own set of user attributes in response. Dec 24, 2017 |
| 1.0.3 |
README.md updated Dec 24, 2017 |
| 1.0.2 |
Compability with OctoberCMS builds > 419 (Laravel 5.5) Dec 24, 2017 |
| 1.0.1 |
Custom service provider and config file added. Jan 31, 2017 |
| 1.0.0 |
Initialize plugin. Jan 29, 2017 |
For versions >= 1.0.11
Copying /plugins/vdomah/jwtauth/config/auth.php to {root}/config/auth.php is not required any more. .env options support added to override auth.php and config.php (see "Environment options" section in Documentation).
For versions < 1.0.8
You must update plugin to the latest version and set the JWT_SECRET value in your .env to avoid security vulnerability.