LARAVEL API- JWT Examples

Today we will develop an API (Application Programming Interface) application via Laravel and provide security through JWT.

So what is JWT primarily? Let’s address this issue.

JWT (JSON WEB TOKEN)

JWT is a Token format standardized by the IETF organization. Detailed information about the standard can be found here. Among the JWT communication systems (eg Mobile, Web, Cloud, IoT, etc.), user identification, verification, and information security, etc. matter.

The Structure of JWT

JWT is composed of 3 separate parts encoded in Base64. These parts are ‘.’ separated by. Separated by “. These parts are:

Header
Payload
Signature

HEADER

This is where JWT’s cookies are located. The standard is defined as follows.

{ 
"alg": "HS256",
"typ": "JWT"
}

Alg : Where it determines the Cryptographic Algorithm for JWT. Supported Algorithms vary depending on the language you use. You can review supported Algorithms via jwt.io.

Typ : Indicates that the Header type used is JWT.

PAYLOAD

Although there are some standards here, it is the part that contains the data we want to carry in general. To mention some standard keys;

iss (issuer): Publisher
sub (subject): Subject
exp (expiration time): Expiration date
nbf (not before time): Before this Date
iat (issued at the time): Created on

We’ll be talking about these areas in the future, as many of the standard switches available are much more than enough.

SIGNATURE

This is the part where the Key is used to create the JWT. The header is encrypted with the specified encryption method.

~~~

Except for the signature part of the JWT you produce, the data can be read in it. Simply decode the Base64. But you cannot make any changes to the information in the content because the key will become unusable.

JWT Advantages

Since they are stateless, database operations are not required for users’ information.

Session management can be done without in-house cookies.
A single switch can operate on multiple servers.
Database and so on are much faster because no operations are performed.

JWT Drawbacks

If your secret key is not strong enough, it can be easily manipulated.
There is no way to override the server-side because they are stateless. (We can prevent it from working with several methods.)

In general, we talked about JWT. Now let’s examine how it works on a simple Laravel API. Generally, two different libraries are used:

firebase / PHP-jwt
Tymon / jwt-auth

We will use “tymon / jwt-auth üzerinde on our application. We are primarily involved with Composer in our project.

composer require tymon/jwt-auth:1.0.0

At Medianova, we are developing the project with Laravel 6, which will be explained in section 5.4 and above. After installing the package through Artisan CLI

php artisan vendor:publish --provider="TymonJWTAuthProvidersLaravelServiceProvider"

You will then see jwt.php in app/config/ Then we proceed to the step of setting the password for JWT. Again via the terminal

php artisan jwt:secret

After that, the JWT_SECRET key will be created in your .env file. Since it is a sample application, we will describe it as if there is a database connection. There will be no difference as you can run through your model if you want, which will tell you through the User model that comes as standard. First of all, we make the following changes on /App/User.php.

use TymonJWTAuthContractsJWTSubject;

...class User extends Authenticatable implements JWTSubject{

public function getJWTIdentifier()

{

return $this->getKey();

}

public function getJWTCustomClaims()

{

return [];

}

...

after these changes, our model file should look like this;

 hbspt.cta.load(6512256, '96b2ccc6-49a1-425b-adf9-de1537a41e43', {});

Generative AIMarch 29, 2024
How Does CAPTCHA Work?January 19, 2024
E-Commerce Success GuideNovember 24, 2023
Medianova:Your Reliable Digital Cloud Solution PartnerNovember 7, 2023
Yajra Datatables; Agile Datatable Development With Laravel and PHPSeptember 19, 2023